CVE-2021-22701

Name of the Vulnerable Software and Affected Versions PowerLogic ION7400, ION7650, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000, PM800 (affected versions not specified)

Description The issue is related to insufficient authentication of executed requests, which could allow a remote attacker to perform a cross-site request forgery. This might cause a user to perform an unintended action on the target device when using the HTTP web interface.

Recommendations For PowerLogic ION7400, consider disabling access to the HTTP web interface until a patch is available. For PowerLogic ION7650, restrict access to the web interface to minimize the risk of exploitation. For PowerLogic ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000, and PM800, avoid using the web interface for critical operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.