CVE-2021-22703
moderate-risk
Published 2021-02-19
A CWE-319: Cleartext transmission of sensitive information vulnerability exists in PowerLogic ION7400, ION7650, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notification for affected versions), that could cause disclosure of user credentials when a malicious actor intercepts HTTP network traffic between a user and the device.
Do I need to act?
-
0.22% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10
High
NETWORK
/ LOW complexity
Affected Products (10)
Powerlogic Ion7400 Firmware
Powerlogic Ion7650 Firmware
Powerlogic Ion8600 Firmware
Powerlogic Ion8650 Firmware
Powerlogic Ion8800 Firmware
Powerlogic Ion9000 Firmware
Powerlogic Pm8000 Firmware
Powerlogic Ion8300 Firmware
Powerlogic Ion8400 Firmware
Powerlogic Ion8500 Firmware
Affected Vendors
References (2)
43
/ 100
moderate-risk
Severity
26/34 · High
Exploitability
1/34 · Minimal
Exposure
16/34 · Moderate