CVE-2021-22701 Information

Description

A CWE-352: Cross-Site Request Forgery vulnerability exists in PowerLogic ION7400 ION7650 ION83xx/84xx/85xx/8600 ION8650 ION8800 ION9000 and PM800 (see notification for affected versions) that could cause a user to perform an unintended action on the target device when using the HTTP web interface.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N

Reference

https://www.se.com/ww/en/download/document/SEVD-2021-040-01/

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction Required

HIGH

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

HIGH

Base Score

NONE

Base Severity

4.5