Vulnerability Details CVE-2021-22701
A CWE-352: Cross-Site Request Forgery vulnerability exists in PowerLogic ION7400, ION7650, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notification for affected versions), that could cause a user to perform an unintended action on the target device when using the HTTP web interface.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 36.7%
CVSS Severity
CVSS v3 Score 4.5
CVSS v2 Score 3.5
References
Products affected by CVE-2021-22701
-
cpe:2.3:h:schneider-electric:powerlogic_ion7400:-
-
cpe:2.3:h:schneider-electric:powerlogic_ion7410:-
-
cpe:2.3:h:schneider-electric:powerlogic_ion7650:-
-
cpe:2.3:h:schneider-electric:powerlogic_ion8300:-
-
cpe:2.3:h:schneider-electric:powerlogic_ion8400:-
-
cpe:2.3:h:schneider-electric:powerlogic_ion8500:-
-
cpe:2.3:h:schneider-electric:powerlogic_ion8600:-
-
cpe:2.3:h:schneider-electric:powerlogic_ion8650:-
-
cpe:2.3:h:schneider-electric:powerlogic_ion8800:-
-
cpe:2.3:h:schneider-electric:powerlogic_ion9000:-
-
cpe:2.3:h:schneider-electric:powerlogic_pm8000:-
-
cpe:2.3:o:schneider-electric:powerlogic_ion7400_firmware:*
-
cpe:2.3:o:schneider-electric:powerlogic_ion7650_firmware:*
-
cpe:2.3:o:schneider-electric:powerlogic_ion8300_firmware:*
-
cpe:2.3:o:schneider-electric:powerlogic_ion8400_firmware:*
-
cpe:2.3:o:schneider-electric:powerlogic_ion8500_firmware:*
-
cpe:2.3:o:schneider-electric:powerlogic_ion8600_firmware:*
-
cpe:2.3:o:schneider-electric:powerlogic_ion8650_firmware:-
-
cpe:2.3:o:schneider-electric:powerlogic_ion8800_firmware:-
-
cpe:2.3:o:schneider-electric:powerlogic_ion9000_firmware:*
-
cpe:2.3:o:schneider-electric:powerlogic_pm8000_firmware:*