CVE-2021-22701

Published Feb 19, 2021

Last updated 3 years ago

CVSS medium 4.5

Overview

Description: A CWE-352: Cross-Site Request Forgery vulnerability exists in PowerLogic ION7400, ION7650, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notification for affected versions), that could cause a user to perform an unintended action on the target device when using the HTTP web interface.
Source: cybersecurity@se.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 4.5
Impact score: 3.6
Exploitability score: 0.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 3.5
Impact score: 2.9
Exploitability score: 6.8
Vector string: AV:N/AC:M/Au:S/C:N/I:P/A:N

Weaknesses

cybersecurity@se.com: CWE-352

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:schneider-electric:powerlogic_ion7400_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DCE7015C-02DD-44A1-ADEE-5E71CE312266",
            "versionEndExcluding": "3.0.0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:schneider-electric:powerlogic_ion7400:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "C8F28EAA-FC60-4CE0-BD39-DFD3EB88E195"
          },
          {
            "criteria": "cpe:2.3:h:schneider-electric:powerlogic_ion7410:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "C23FEAFC-9F15-4214-BF9C-A33130362110"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:schneider-electric:powerlogic_ion7650_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C1647241-A18D-4E4C-A118-8809EA625FC7"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:schneider-electric:powerlogic_ion7650:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "0DF2D964-79EF-43F2-9AC6-D263F75BAFA0"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:schneider-electric:powerlogic_ion8600_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DB6B0276-AB51-4B8F-B2A7-85EDD56C9E7C"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:schneider-electric:powerlogic_ion8600:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "324CF58A-753C-4D9C-8E72-FC8EE26EDA0D"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:schneider-electric:powerlogic_ion8650_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5D91486A-36CD-49A9-8A45-EDAA75F05E50",
            "versionEndIncluding": "4.31.2"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:schneider-electric:powerlogic_ion8650:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "FBC3A306-D4F4-4C2A-9D60-DD8F0826AEEC"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:schneider-electric:powerlogic_ion8800_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C95DCE16-BAA5-46DD-835B-2299376387CD"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:schneider-electric:powerlogic_ion8800:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "46E8E79E-6DA7-4094-9622-3B91D5913493"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:schneider-electric:powerlogic_ion9000_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "32067EA8-5153-4A00-9DE8-C4BEC42C00A6",
            "versionEndExcluding": "3.0.0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:schneider-electric:powerlogic_ion9000:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "6718EAAA-074D-4807-AC2D-DD0A06D397FB"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:schneider-electric:powerlogic_pm8000_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E5A75862-E1AC-4C6E-83AD-DE5FCD8BA50D",
            "versionEndExcluding": "3.0.0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:schneider-electric:powerlogic_pm8000:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B16A7BEC-1BED-4A61-A6C9-BF7DB13B998C"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:schneider-electric:powerlogic_ion8300_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1047C892-B7F5-49FB-AB36-8E8061A58037"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:schneider-electric:powerlogic_ion8300:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F01E9FE2-4110-4A6D-99F3-49784808D951"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:schneider-electric:powerlogic_ion8400_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "70BAC583-6101-4F26-A264-26E5D69E9188"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:schneider-electric:powerlogic_ion8400:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "82527983-6167-4D7B-A70A-D1A814ED3D06"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:schneider-electric:powerlogic_ion8500_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "768FB179-B6D7-457C-9795-310400460F6E"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:schneider-electric:powerlogic_ion8500:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "75E37742-CFF9-4F80-9B6A-0D4F5AD23112"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References