Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

  1. Reconshell
  2. Vulnerabilities (CVE)
Filtered by vendor Schneider-electric Subscribe
Filtered by product Powerlogic Ion7400 Firmware
Total 4 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-22714 1 Schneider-electric 6 Powerlogic Ion7400, Powerlogic Ion7400 Firmware, Powerlogic Ion9000 and 3 more 2022-02-03 7.5 HIGH 9.8 CRITICAL
A CWE-119:Improper restriction of operations within the bounds of a memory buffer vulnerability exists in PowerLogic ION7400, PM8000 and ION9000 (All versions prior to V3.0.0), which could cause the meter to reboot or allow for remote code execution.
CVE-2021-22703 1 Schneider-electric 20 Powerlogic Ion7400, Powerlogic Ion7400 Firmware, Powerlogic Ion7650 and 17 more 2022-02-03 5.0 MEDIUM 7.5 HIGH
A CWE-319: Cleartext transmission of sensitive information vulnerability exists in PowerLogic ION7400, ION7650, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notification for affected versions), that could cause disclosure of user credentials when a malicious actor intercepts HTTP network traffic between a user and the device.
CVE-2021-22702 1 Schneider-electric 24 Powerlogic Ion7300, Powerlogic Ion7300 Firmware, Powerlogic Ion7400 and 21 more 2022-02-03 5.0 MEDIUM 7.5 HIGH
A CWE-319: Cleartext transmission of sensitive information vulnerability exists in PowerLogic ION7400, ION7650, ION7700/73xx, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notification for affected versions), that could cause disclosure of user credentials when a malicious actor intercepts Telnet network traffic between a user and the device.
CVE-2021-22701 1 Schneider-electric 21 Powerlogic Ion7400, Powerlogic Ion7400 Firmware, Powerlogic Ion7410 and 18 more 2022-02-03 3.5 LOW 4.5 MEDIUM
A CWE-352: Cross-Site Request Forgery vulnerability exists in PowerLogic ION7400, ION7650, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notification for affected versions), that could cause a user to perform an unintended action on the target device when using the HTTP web interface.