CVE-2021-22763
moderate-risk
Published 2021-06-11
A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists in PowerLogic PM55xx, PowerLogic PM8ECC, PowerLogic EGX100 and PowerLogic EGX300 (see security notification for version infromation) that could allow an attacker administrator level access to a device.
Do I need to act?
-
0.27% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10
Critical
NETWORK
/ LOW complexity
Affected Products (5)
Powerlogic Pm5560 Firmware
Powerlogic Pm5561 Firmware
Powerlogic Pm5562 Firmware
Powerlogic Pm5563 Firmware
Powerlogic Pm8Ecc Firmware
Affected Vendors
45
/ 100
moderate-risk
Severity
32/34 · Critical
Exploitability
1/34 · Minimal
Exposure
12/34 · Low