Schneider Electric PowerLogic ION8650,ION8800 Download of Code Without Integrity Check (CVE-2023-5984)

A CWE-494 Download of Code Without Integrity Check vulnerability exists that could allow modified firmware to be uploaded when an authorized admin user begins a firmware update procedure which could result in full control over the device. This plugin only works with Tenable.ot. Please visit...

Schneider Electric PowerLogic ION8650,ION8800 Cross-site Scripting (CVE-2023-5985)

A CWE-79 Improper Neutralization of Input During Web Page Generation vulnerability exists that could cause compromise of a user's browser when an attacker with admin privileges has modified system values. This plugin only works with Tenable.ot. Please visit...

Schneider Electric ION8650 and ION8800 Cross-Site Scripting Vulnerability

The Schneider Electric ION8650 and Schneider Electric ION8800 are both next-generation outlet and switchboard meters for utility network monitoring from Schneider Electric France. A security vulnerability exists in the Schneider Electric ION8650 and ION8800 that stems from the presence of a...

Schneider Electric ION8650 and ION8800 Security Vulnerabilities

The Schneider Electric ION8650 and Schneider Electric ION8800 are both next-generation outlet and switchboard meters for utility network monitoring from Schneider Electric France. A security vulnerability exists in the Schneider Electric ION8650 and ION8800 that stems from the presence of a code...

PT-2023-7005 · Schneider Electric · Schneider Electric Powerlogic Ion8650 +1

Name of the Vulnerable Software and Affected Versions: Schneider Electric PowerLogic ION8650, ION8800 affected versions not specified Description: A Download of Code Without Integrity Check issue exists, allowing modified firmware to be uploaded during a firmware update procedure initiated by an...

PT-2023-7004 · Schneider Electric · Schneider Electric Powerlogic Ion8650 +1

Name of the Vulnerable Software and Affected Versions: Schneider Electric PowerLogic ION8650, PowerLogic ION8800 affected versions not specified Description: The issue is related to improper neutralization of input during web page generation, which could lead to compromise of a user's browser. An...

Schneider Electric PowerLogic ION7400 / PM8000 / ION8650 / ION8800 / ION9000 Power Meters

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: PowerLogic ION7400 / PM8000 / ION8650 / ION8800 / ION9000 Vulnerability: Cleartext Transmission of Sensitive Information 2. RISK EVALUATION Successful exploitation of this...

CVE-2021-22713

A CWE-119:Improper restriction of operations within the bounds of a memory buffer vulnerability exists in PowerLogic ION8650, ION8800, ION7650, ION7700/73xx, and ION83xx/84xx/85xx/8600 see security notifcation for affected versions, which could cause the meter to reboot...

CVE-2021-22713

A CWE-119:Improper restriction of operations within the bounds of a memory buffer vulnerability exists in PowerLogic ION8650, ION8800, ION7650, ION7700/73xx, and ION83xx/84xx/85xx/8600 see security notifcation for affected versions, which could cause the meter to reboot...

CVE-2021-22713

CVE-2021-22713 affects Schneider Electric PowerLogic meters: PowerLogic ION8650, ION8800, ION7650, ION7700/73xx, and ION83xx/84xx/85xx/8600. The root cause is a CWE-119 improper restriction of operations within the bounds of a memory buffer, which can cause the meter to reboot. The vulnerability ...

Schneider Electric PowerLogic 缓冲区错误漏洞

Schneider Electric PowerLogic is an industrial control device from Schneider Electric, France. It provides increased power factor to improve power quality and troubleshoot power failures to protect networks, devices, and operators. A security vulnerability exists in PowerLogic, which stems from a...

CVE-2021-22702

A CWE-319: Cleartext transmission of sensitive information vulnerability exists in PowerLogic ION7400, ION7650, ION7700/73xx, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 see notification for affected versions, that could cause disclosure of user credentials when a malicious actor...

CVE-2021-22703

A CWE-319: Cleartext transmission of sensitive information vulnerability exists in PowerLogic ION7400, ION7650, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 see notification for affected versions, that could cause disclosure of user credentials when a malicious actor intercepts HTT...

CVE-2021-22701

A CWE-352: Cross-Site Request Forgery vulnerability exists in PowerLogic ION7400, ION7650, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 see notification for affected versions, that could cause a user to perform an unintended action on the target device when using the HTTP web...

CVE-2021-22701

A CWE-352: Cross-Site Request Forgery vulnerability exists in PowerLogic ION7400, ION7650, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 see notification for affected versions, that could cause a user to perform an unintended action on the target device when using the HTTP web...

Design/Logic Flaw

A CWE-319: Cleartext transmission of sensitive information vulnerability exists in PowerLogic ION7400, ION7650, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 see notification for affected versions, that could cause disclosure of user credentials when a malicious actor intercepts HTT...

Cross site request forgery (csrf)

A CWE-352: Cross-Site Request Forgery vulnerability exists in PowerLogic ION7400, ION7650, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 see notification for affected versions, that could cause a user to perform an unintended action on the target device when using the HTTP web...

CVE-2021-22701

A CWE-352: Cross-Site Request Forgery vulnerability exists in PowerLogic ION7400, ION7650, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 see notification for affected versions, that could cause a user to perform an unintended action on the target device when using the HTTP web...

CVE-2021-22701

CVE-2021-22701 affects Schneider Electric PowerLogic devices: ION7400, ION7650, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800. The vulnerability is a Cross-Site Request Forgery (CSRF) in the HTTP web interface, enabling an attacker to induce unintended actions on the target device. ...

CVE-2021-22703

CVE-2021-22703 affects Schneider Electric PowerLogic devices: ION7400, ION7650, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800. The issue is CWE-319 Cleartext transmission of sensitive information, enabling disclosure of user credentials if an attacker intercepts HTTP traffic between...