CVE-2021-22731
Severity CVSS v4.0:
Pending analysis
Type:
CWE-640
Weak Password Recovery Mechanism for Forgotten Password
Publication date:
26/05/2021
Last modified:
01/02/2022
Description
Weak Password Recovery Mechanism for Forgotten Password vulnerability exists on Modicon Managed Switch MCSESM* and MCSESP* V8.21 and prior which could cause an unauthorized password change through HTTP / HTTPS when basic user information is known by a remote attacker.
Impact
Base Score 3.x
9.80
Severity 3.x
CRITICAL
Base Score 2.0
7.50
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:schneider-electric:mcsesp083f23g0_firmware:*:*:*:*:*:*:*:* | 8.22 (excluding) | |
| cpe:2.3:h:schneider-electric:mcsesp083f23g0:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:schneider-electric:mcsesp083f23g0t_firmware:*:*:*:*:*:*:*:* | 8.22 (excluding) | |
| cpe:2.3:h:schneider-electric:mcsesp083f23g0t:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:schneider-electric:mcsesm043f23f0_firmware:*:*:*:*:*:*:*:* | 8.22 (excluding) | |
| cpe:2.3:h:schneider-electric:mcsesm043f23f0:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:schneider-electric:mcsesm053f1cu0_firmware:*:*:*:*:*:*:*:* | 8.22 (excluding) | |
| cpe:2.3:h:schneider-electric:mcsesm053f1cu0:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:schneider-electric:mcsesm063f2cu0_firmware:*:*:*:*:*:*:*:* | 8.22 (excluding) | |
| cpe:2.3:h:schneider-electric:mcsesm063f2cu0:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:schneider-electric:mcsesm053f1cs0_firmware:*:*:*:*:*:*:*:* | 8.22 (excluding) | |
| cpe:2.3:h:schneider-electric:mcsesm053f1cs0:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:schneider-electric:mcsesm063f2cs0_firmware:*:*:*:*:*:*:*:* | 8.22 (excluding) | |
| cpe:2.3:h:schneider-electric:mcsesm063f2cs0:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:schneider-electric:mcsesm083f23f0_firmware:*:*:*:*:*:*:*:* | 8.22 (excluding) |
To consult the complete list of CPE names with products and versions, see this page