The vulnerability of Microprogrammed Software for Power Measurement and Energy Meters from Schneider Electric’s PowerLogic ION8650 and PowerLogic ION8800 arises from loading code without verifying its integrity. This allows a malicious actor to alter the firmware version with administrator privileges.

The vulnerability of Microprogrammed Software for Power Measurement Devices and Energy Meters from Schneider Electric’s PowerLogic ION8650 and PowerLogic ION8800 lies in the fact that code can be loaded without checking its integrity. Exploiting this vulnerability could allow an attacker to...

PT-2023-7005 · Schneider Electric · Schneider Electric Powerlogic Ion8650 +1

Name of the Vulnerable Software and Affected Versions: Schneider Electric PowerLogic ION8650, ION8800 affected versions not specified Description: A Download of Code Without Integrity Check issue exists, allowing modified firmware to be uploaded during a firmware update procedure initiated by an...

PT-2023-7004 · Schneider Electric · Schneider Electric Powerlogic Ion8650 +1

Name of the Vulnerable Software and Affected Versions: Schneider Electric PowerLogic ION8650, PowerLogic ION8800 affected versions not specified Description: The issue is related to improper neutralization of input during web page generation, which could lead to compromise of a user's browser. An...

Schneider Electric PowerLogic ION7400 / PM8000 / ION8650 / ION8800 / ION9000 Power Meters

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: PowerLogic ION7400 / PM8000 / ION8650 / ION8800 / ION9000 Vulnerability: Cleartext Transmission of Sensitive Information 2. RISK EVALUATION Successful exploitation of this...

Unauthorized Access Vulnerability in PowerLogic ION8650 at Schneider Electric (China) Co.

Schneider Electric China Co., Ltd. is a global leader in energy efficiency management, founded by the Schneider brothers in 1836. Its main businesses include power, industrial automation, infrastructure, energy saving and efficiency, energy, building automation and security electronics, data...

CVE-2021-22713

A CWE-119:Improper restriction of operations within the bounds of a memory buffer vulnerability exists in PowerLogic ION8650, ION8800, ION7650, ION7700/73xx, and ION83xx/84xx/85xx/8600 see security notifcation for affected versions, which could cause the meter to reboot...

CVE-2021-22701

A CWE-352: Cross-Site Request Forgery vulnerability exists in PowerLogic ION7400, ION7650, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 see notification for affected versions, that could cause a user to perform an unintended action on the target device when using the HTTP web...

CVE-2021-22703

CVE-2021-22703 affects Schneider Electric PowerLogic devices: ION7400, ION7650, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800. The issue is CWE-319 Cleartext transmission of sensitive information, enabling disclosure of user credentials if an attacker intercepts HTTP traffic between...

PT-2021-15176

Name of the Vulnerable Software and Affected Versions PowerLogic ION7400 affected versions not specified PowerLogic ION7650 affected versions not specified PowerLogic ION83xx/84xx/85xx/8600 affected versions not specified PowerLogic ION8650 affected versions not specified PowerLogic ION8800...

Schneider PowerLogic Product Information Disclosure Vulnerability

Schneider PowerLogic is an industrial control device from Schneider China. Provides increased power factor to improve power quality and troubleshoot power failures to protect networks, devices and operators. An information disclosure vulnerability exists in multiple Schneider PowerLogic products...