Vulnerability Details CVE-2021-22702
A CWE-319: Cleartext transmission of sensitive information vulnerability exists in PowerLogic ION7400, ION7650, ION7700/73xx, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notification for affected versions), that could cause disclosure of user credentials when a malicious actor intercepts Telnet network traffic between a user and the device.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 39.9%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
Products affected by CVE-2021-22702
-
cpe:2.3:h:schneider-electric:powerlogic_ion7300:-
-
cpe:2.3:h:schneider-electric:powerlogic_ion7400:-
-
cpe:2.3:h:schneider-electric:powerlogic_ion7650:-
-
cpe:2.3:h:schneider-electric:powerlogic_ion7700:-
-
cpe:2.3:h:schneider-electric:powerlogic_ion8300:-
-
cpe:2.3:h:schneider-electric:powerlogic_ion8400:-
-
cpe:2.3:h:schneider-electric:powerlogic_ion8500:-
-
cpe:2.3:h:schneider-electric:powerlogic_ion8600:-
-
cpe:2.3:h:schneider-electric:powerlogic_ion8650:-
-
cpe:2.3:h:schneider-electric:powerlogic_ion8800:-
-
cpe:2.3:h:schneider-electric:powerlogic_ion9000:-
-
cpe:2.3:h:schneider-electric:powerlogic_pm8000:-
-
cpe:2.3:o:schneider-electric:powerlogic_ion7300_firmware:-
-
cpe:2.3:o:schneider-electric:powerlogic_ion7400_firmware:*
-
cpe:2.3:o:schneider-electric:powerlogic_ion7650_firmware:*
-
cpe:2.3:o:schneider-electric:powerlogic_ion7700_firmware:-
-
cpe:2.3:o:schneider-electric:powerlogic_ion8300_firmware:*
-
cpe:2.3:o:schneider-electric:powerlogic_ion8400_firmware:*
-
cpe:2.3:o:schneider-electric:powerlogic_ion8500_firmware:*
-
cpe:2.3:o:schneider-electric:powerlogic_ion8600_firmware:*
-
cpe:2.3:o:schneider-electric:powerlogic_ion8650_firmware:-
-
cpe:2.3:o:schneider-electric:powerlogic_ion8800_firmware:-
-
cpe:2.3:o:schneider-electric:powerlogic_ion9000_firmware:*
-
cpe:2.3:o:schneider-electric:powerlogic_pm8000_firmware:*