1. EXECUTIVE SUMMARY
- CVSS v4 9.5
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Schneider Electric
- Equipment: PowerLogic PM5500 and PowerLogic PM8ECC
- Vulnerabilities: Weak Password Recovery Mechanism for Forgotten Password, Improper Authentication
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could result in an attacker gaining escalated privileges and obtaining control of the device.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
The following versions of PowerLogic PM55xx power metering devices and PowerLogic PM8ECC ethernet communication module are affected:
- PM5560: Versions pri
[…]
This article has been indexed from All CISA Advisories
Read the original article: