CVE-2021-22768

A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service or remote code execution via a specially crafted HTTP packet.This CVE ID is unique from CVE-2021-22767

critical 9.8 CVSS 3.1
Published: Jun 11, 2021
Modified: May 29, 2026
Vendor: Schneider-Electric
Product: Powerlogic Egx100 Firmware

Description

A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service or remote code execution via a specially crafted HTTP packet.This CVE ID is unique from CVE-2021-22767

References

Related CVEs

CVE-2022-0715 critical · 9.1
A CWE-287: Improper Authentication vulnerability exists that could cause an attacker to arbitrarily change the behavior of the UPS when a key is leaked and used to upload malicious
CVE-2021-22787 high · 7.5
A CWE-20: Improper Input Validation vulnerability exists that could cause denial of service of the device when an attacker sends a specially crafted HTTP request to the web server
CVE-2021-22788 high · 7.5
A CWE-787: Out-of-bounds Write vulnerability exists that could cause denial of service when an attacker sends a specially crafted HTTP request to the web server of the device. Affe
CVE-2021-22785 high · 7.5
A CWE-200: Information Exposure vulnerability exists that could cause sensitive information of files located in the web root directory to leak when an attacker sends a HTTP request
CVE-2020-7534 high · 8.8
A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists on the web server used, that could cause a leak of sensitive data or unauthorized actions on the web server during
CVE-2021-22789 medium · 6.5
A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when