PowerLogic%20ION7400%2C%20ION7650%2C%20ION83xx%2F84xx%2F85xx%2F8600%2C%20ION8650%2C%20ION8800%2C%20ION9000%20and%20PM800%20(see%20notification%20for%20affected%20versions)

PowerLogic ION7400, ION7650, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notification for affected versions)

Source -

CNA

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

2Vulnerabilities found

CVE-2021-22701

Assigner-Schneider Electric

View Details

Assigner-Schneider Electric

CVSS Score-4.5||MEDIUM

EPSS-0.15% / 36.46%

7 Day CHG~0.00%

Published-19 Feb, 2021 | 15:15

Updated-03 Aug, 2024 | 18:51

A CWE-352: Cross-Site Request Forgery vulnerability exists in PowerLogic ION7400, ION7650, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notification for affected versions), that could cause a user to perform an unintended action on the target device when using the HTTP web interface.

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2021-22703

Assigner-Schneider Electric

View Details

Assigner-Schneider Electric

CVSS Score-7.5||HIGH

EPSS-0.16% / 37.31%

7 Day CHG~0.00%

Published-19 Feb, 2021 | 15:14

Updated-03 Aug, 2024 | 18:51

A CWE-319: Cleartext transmission of sensitive information vulnerability exists in PowerLogic ION7400, ION7650, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notification for affected versions), that could cause disclosure of user credentials when a malicious actor intercepts HTTP network traffic between a user and the device.

CWE ID-CWE-319

Cleartext Transmission of Sensitive Information