Improper Memory Buffer Restriction in PowerLogic Meters by Schneider Electric
CVE-2021-22714

9.8CRITICAL

Key Information:

Vendor: Schneider Electric
Status: Powerlogic Ion7400, Pm8000 And Ion9000 (all Versions Prior To V3.0.0)
Vendor: CVE Published:; 11 March 2021

Summary

A vulnerability exists in Schneider Electric's PowerLogic ION7400, PM8000, and ION9000 meters, affecting all versions prior to V3.0.0. This flaw involves an improper restriction of operations within the bounds of a memory buffer, potentially allowing an attacker to exploit this weakness. The exploitation may lead to unexpected device reboots or even enable remote code execution, raising significant concerns for device integrity and security in industrial settings.

Affected Version(s)

PowerLogic ION7400, PM8000 and ION9000 (All prior to V3.0.0) PowerLogic ION7400, PM8000 and ION9000 (All versions prior to V3.0.0)

References

https://www.se.com/ww/en/download/document/SEVD-2021-068-02

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 11, 2021
Vulnerability Reserved
Jan 6, 2021