Vulnerabilities > SE

DATE CVE VULNERABILITY TITLE RISK
2021-07-21 CVE-2021-22777 Deserialization of Untrusted Data vulnerability in SE Sosafe Configurable
A CWE-502: Deserialization of Untrusted Data vulnerability exists that could cause code execution by opening a malicious project file.
network
se CWE-502
6.8
2021-07-21 CVE-2021-22784 Missing Authentication for Critical Function vulnerability in SE C-Bus Toolkit
A CWE-306: Missing Authentication for Critical Function vulnerability exists in C-Bus Toolkit v1.15.8 and prior that could allow an attacker to use a crafted webpage to obtain remote access to the system.
network
se CWE-306
4.3
2021-06-11 CVE-2021-22765 Improper Input Validation vulnerability in SE Egx100 Firmware and Egx300 Firmware
** UNSUPPORTED WHEN ASSIGNED ** A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service or remote code execution via a specially crafted HTTP packet.
network
low complexity
se CWE-20
7.5
2021-06-11 CVE-2021-22766 Improper Input Validation vulnerability in SE Egx100 Firmware and Egx300 Firmware
** UNSUPPORTED WHEN ASSIGNED ** A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service via a specially crafted HTTP packet.
network
low complexity
se CWE-20
5.0
2021-06-11 CVE-2021-22767 Improper Input Validation vulnerability in SE Egx100 Firmware and Egx300 Firmware
** UNSUPPORTED WHEN ASSIGNED ** A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service or remote code execution via a specially crafted HTTP packet.This CVE ID is unique from CVE-2021-22768
network
low complexity
se CWE-20
7.5
2021-06-11 CVE-2021-22768 Improper Input Validation vulnerability in SE Egx100 Firmware and Egx300 Firmware
** UNSUPPORTED WHEN ASSIGNED ** A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service or remote code execution via a specially crafted HTTP packet.This CVE ID is unique from CVE-2021-22767.
network
low complexity
se CWE-20
7.5
2021-03-11 CVE-2021-22714 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in SE Ion7400 Firmware, Ion9000 Firmware and Pm8000 Firmware
A CWE-119:Improper restriction of operations within the bounds of a memory buffer vulnerability exists in PowerLogic ION7400, PM8000 and ION9000 (All versions prior to V3.0.0), which could cause the meter to reboot or allow for remote code execution.
network
low complexity
se CWE-119
7.5
2021-03-11 CVE-2021-22713 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in SE products
A CWE-119:Improper restriction of operations within the bounds of a memory buffer vulnerability exists in PowerLogic ION8650, ION8800, ION7650, ION7700/73xx, and ION83xx/84xx/85xx/8600 (see security notifcation for affected versions), which could cause the meter to reboot.
network
low complexity
se CWE-119
7.8
2021-02-19 CVE-2021-22703 Cleartext Transmission of Sensitive Information vulnerability in SE products
A CWE-319: Cleartext transmission of sensitive information vulnerability exists in PowerLogic ION7400, ION7650, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notification for affected versions), that could cause disclosure of user credentials when a malicious actor intercepts HTTP network traffic between a user and the device.
network
low complexity
se CWE-319
5.0
2021-02-19 CVE-2021-22702 Cleartext Transmission of Sensitive Information vulnerability in SE products
A CWE-319: Cleartext transmission of sensitive information vulnerability exists in PowerLogic ION7400, ION7650, ION7700/73xx, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notification for affected versions), that could cause disclosure of user credentials when a malicious actor intercepts Telnet network traffic between a user and the device.
network
low complexity
se CWE-319
5.0