PT-2021-15205 · Schneider Electric · Powerlogic Egx300+1
Published
2021-06-11
·
Updated
2026-05-29
·
CVE-2021-22767
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
PowerLogic EGX100 versions 3.0.0 and newer
PowerLogic EGX300 all versions
Description
A vulnerability exists due to improper input validation, which could cause denial of service or remote code execution via a specially crafted HTTP packet.
Recommendations
For PowerLogic EGX100 versions 3.0.0 and newer, update to a version that includes input validation fixes.
For PowerLogic EGX300 all versions, apply configuration changes to restrict access to vulnerable HTTP endpoints until a patch is available.
As a temporary workaround, consider restricting access to the device to minimize the risk of exploitation.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Powerlogic Egx100
Powerlogic Egx300