CVE-2021-22703

Name of the Vulnerable Software and Affected Versions PowerLogic ION7400 (affected versions not specified) PowerLogic ION7650 (affected versions not specified) PowerLogic ION83xx/84xx/85xx/8600 (affected versions not specified) PowerLogic ION8650 (affected versions not specified) PowerLogic ION8800 (affected versions not specified) PowerLogic ION9000 (affected versions not specified) PowerLogic PM800 (affected versions not specified)

Description A Cleartext transmission of sensitive information issue exists that could cause disclosure of user credentials when a malicious actor intercepts HTTP network traffic between a user and the device.

Recommendations For PowerLogic ION7400, consider disabling HTTP network traffic until a secure protocol is implemented. For PowerLogic ION7650, restrict access to sensitive information to minimize the risk of exploitation. For PowerLogic ION83xx/84xx/85xx/8600, avoid using cleartext transmission of sensitive information until a patch is available. For PowerLogic ION8650, consider implementing a secure protocol for network traffic. For PowerLogic ION8800, restrict access to user credentials to minimize the risk of exploitation. For PowerLogic ION9000, consider disabling the use of HTTP for sensitive information transmission until a secure protocol is implemented. For PowerLogic PM800, avoid using cleartext transmission of sensitive information until a patch is available.