Schneider-Electric: >> Powerlogic Ion8650 Security Vulnerabilities
A CWE-319: Cleartext transmission of sensitive information vulnerability exists that could
cause disclosure of sensitive information, denial of service, or modification of data if an attacker
is able to intercept network traffic.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-05-22
A CWE-119:Improper restriction of operations within the bounds of a memory buffer vulnerability exists in PowerLogic ION8650, ION8800, ION7650, ION7700/73xx, and ION83xx/84xx/85xx/8600 (see security notifcation for affected versions), which could cause the meter to reboot.
CVSS Score
7.5
EPSS Score
0.009
Published
2021-03-11
A CWE-319: Cleartext transmission of sensitive information vulnerability exists in PowerLogic ION7400, ION7650, ION7700/73xx, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notification for affected versions), that could cause disclosure of user credentials when a malicious actor intercepts Telnet network traffic between a user and the device.
CVSS Score
7.5
EPSS Score
0.002
Published
2021-02-19
A CWE-319: Cleartext transmission of sensitive information vulnerability exists in PowerLogic ION7400, ION7650, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notification for affected versions), that could cause disclosure of user credentials when a malicious actor intercepts HTTP network traffic between a user and the device.
CVSS Score
7.5
EPSS Score
0.002
Published
2021-02-19
A CWE-352: Cross-Site Request Forgery vulnerability exists in PowerLogic ION7400, ION7650, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notification for affected versions), that could cause a user to perform an unintended action on the target device when using the HTTP web interface.
CVSS Score
4.5
EPSS Score
0.002
Published
2021-02-19