Vulnerabilities > SE
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-07-21 | CVE-2021-22777 | Deserialization of Untrusted Data vulnerability in SE Sosafe Configurable A CWE-502: Deserialization of Untrusted Data vulnerability exists that could cause code execution by opening a malicious project file. | 6.8 |
| 2021-07-21 | CVE-2021-22784 | Missing Authentication for Critical Function vulnerability in SE C-Bus Toolkit A CWE-306: Missing Authentication for Critical Function vulnerability exists in C-Bus Toolkit v1.15.8 and prior that could allow an attacker to use a crafted webpage to obtain remote access to the system. | 4.3 |
| 2021-06-11 | CVE-2021-22765 | Improper Input Validation vulnerability in SE Egx100 Firmware and Egx300 Firmware ** UNSUPPORTED WHEN ASSIGNED ** A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service or remote code execution via a specially crafted HTTP packet. | 7.5 |
| 2021-06-11 | CVE-2021-22766 | Improper Input Validation vulnerability in SE Egx100 Firmware and Egx300 Firmware ** UNSUPPORTED WHEN ASSIGNED ** A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service via a specially crafted HTTP packet. | 5.0 |
| 2021-06-11 | CVE-2021-22767 | Improper Input Validation vulnerability in SE Egx100 Firmware and Egx300 Firmware ** UNSUPPORTED WHEN ASSIGNED ** A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service or remote code execution via a specially crafted HTTP packet.This CVE ID is unique from CVE-2021-22768 | 7.5 |
| 2021-06-11 | CVE-2021-22768 | Improper Input Validation vulnerability in SE Egx100 Firmware and Egx300 Firmware ** UNSUPPORTED WHEN ASSIGNED ** A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service or remote code execution via a specially crafted HTTP packet.This CVE ID is unique from CVE-2021-22767. | 7.5 |
| 2021-03-11 | CVE-2021-22714 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in SE Ion7400 Firmware, Ion9000 Firmware and Pm8000 Firmware A CWE-119:Improper restriction of operations within the bounds of a memory buffer vulnerability exists in PowerLogic ION7400, PM8000 and ION9000 (All versions prior to V3.0.0), which could cause the meter to reboot or allow for remote code execution. | 7.5 |
| 2021-03-11 | CVE-2021-22713 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in SE products A CWE-119:Improper restriction of operations within the bounds of a memory buffer vulnerability exists in PowerLogic ION8650, ION8800, ION7650, ION7700/73xx, and ION83xx/84xx/85xx/8600 (see security notifcation for affected versions), which could cause the meter to reboot. | 7.8 |
| 2021-02-19 | CVE-2021-22703 | Cleartext Transmission of Sensitive Information vulnerability in SE products A CWE-319: Cleartext transmission of sensitive information vulnerability exists in PowerLogic ION7400, ION7650, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notification for affected versions), that could cause disclosure of user credentials when a malicious actor intercepts HTTP network traffic between a user and the device. | 5.0 |
| 2021-02-19 | CVE-2021-22702 | Cleartext Transmission of Sensitive Information vulnerability in SE products A CWE-319: Cleartext transmission of sensitive information vulnerability exists in PowerLogic ION7400, ION7650, ION7700/73xx, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notification for affected versions), that could cause disclosure of user credentials when a malicious actor intercepts Telnet network traffic between a user and the device. | 5.0 |