PT-2021-15206 · Schneider Electric · Powerlogic Egx300+1
Published
2021-06-11
·
Updated
2024-08-03
·
CVE-2021-22768
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
PowerLogic EGX100 versions 3.0.0 and newer
PowerLogic EGX300 (all versions)
Description
A vulnerability exists due to improper input validation, potentially causing denial of service or remote code execution via a specially crafted HTTP packet.
Recommendations
For PowerLogic EGX100 versions 3.0.0 and newer, update to a version that includes a fix for the improper input validation issue.
For PowerLogic EGX300, apply configuration changes to restrict access to vulnerable HTTP endpoints until a patch is available.
As a temporary workaround, consider restricting access to the device to minimize the risk of exploitation.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Powerlogic Egx100
Powerlogic Egx300