FixVibe
Couvert par FixVibecritical

Critical Input Validation Vulnerability in PowerLogic EGX Gateways (CVE-2021-22765)

FixVibe already covers CVE-2021-22765 through the shipped PowerLogic EGX verified-active HTTP product/firmware advisory check. The detector flags public EGX100 firmware or EGX300 product evidence for the shared Schneider advisory family without sending crafted HTTP packets, authenticating, querying industrial protocols, crash-testing, or proving exploitability.

CVE-2021-22765CWE-20

CVE-2021-22765 is part of Schneider Electric's PowerLogic EGX100 and EGX300 advisory family. Public sources list PowerLogic EGX100 firmware 3.0.0 and newer, and all PowerLogic EGX300 versions, as affected by improper input validation risk that can lead to denial of service or remote code execution when the vulnerable HTTP handling path is reachable.

When this matters

A public PowerLogic EGX management surface can sit close to industrial or energy-management networks. Source advisories describe severe impact for affected devices, but a scanner should distinguish product and firmware evidence from exploit confirmation.

Covered by FixVibe

FixVibe covers this issue through the existing PowerLogic EGX verified active scan check. The check looks for target-specific HTTP evidence of a PowerLogic EGX100 firmware version in the affected range or a PowerLogic EGX300 product fingerprint, then reports the result as product/firmware advisory context for CVE-2021-22765, CVE-2021-22767, and CVE-2021-22768.

FixVibe does not send crafted HTTP packets, authenticate to the gateway, query Modbus or serial-device paths, crash-test the device, or prove denial of service or code execution. The finding should be verified against trusted device inventory and network-access controls.

Remediation

Confirm the running PowerLogic EGX model and firmware from trusted inventory or Schneider-supported tooling. Because the affected EGX100 and EGX300 products are end-of-service, block HTTP management access from untrusted networks after commissioning, keep management behind industrial firewall, VPN, or segmentation controls, review logs for unexpected access, and plan replacement with a supported Schneider Electric gateway.

Critical Input Validation Vulnerability in PowerLogic EGX Gateways (CVE-2021-22765) — FixVibe research · FixVibe