Vulnerabilities > Schneider Electric > Powerlogic Ion9000 Firmware
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-22 | CVE-2022-46680 | Cleartext Transmission of Sensitive Information vulnerability in Schneider-Electric products A CWE-319: Cleartext transmission of sensitive information vulnerability exists that could cause disclosure of sensitive information, denial of service, or modification of data if an attacker is able to intercept network traffic. | 9.8 |
| 2021-03-11 | CVE-2021-22714 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Schneider-Electric products A CWE-119:Improper restriction of operations within the bounds of a memory buffer vulnerability exists in PowerLogic ION7400, PM8000 and ION9000 (All versions prior to V3.0.0), which could cause the meter to reboot or allow for remote code execution. | 7.5 |
| 2021-02-19 | CVE-2021-22703 | Cleartext Transmission of Sensitive Information vulnerability in Schneider-Electric products A CWE-319: Cleartext transmission of sensitive information vulnerability exists in PowerLogic ION7400, ION7650, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notification for affected versions), that could cause disclosure of user credentials when a malicious actor intercepts HTTP network traffic between a user and the device. | 5.0 |
| 2021-02-19 | CVE-2021-22702 | Cleartext Transmission of Sensitive Information vulnerability in Schneider-Electric products A CWE-319: Cleartext transmission of sensitive information vulnerability exists in PowerLogic ION7400, ION7650, ION7700/73xx, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notification for affected versions), that could cause disclosure of user credentials when a malicious actor intercepts Telnet network traffic between a user and the device. | 5.0 |
| 2021-02-19 | CVE-2021-22701 | Cross-Site Request Forgery (CSRF) vulnerability in Schneider-Electric products A CWE-352: Cross-Site Request Forgery vulnerability exists in PowerLogic ION7400, ION7650, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notification for affected versions), that could cause a user to perform an unintended action on the target device when using the HTTP web interface. | 3.5 |