CVE-2021-22764 in PowerLogic PM55xxinfo

Summary

by MITRE • 06/11/2021

A CWE-287: Improper Authentication vulnerability exists in PowerLogic PM55xx, PowerLogic PM8ECC, PowerLogic EGX100 and PowerLogic EGX300 (see security notification for version infromation) that could cause loss of connectivity to the device via Modbus TCP protocol when an attacker sends a specially crafted HTTP request.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Analysis

by VulDB Data Team • 05/30/2026

The vulnerability identified as CVE-2021-22764 represents a critical improper authentication flaw classified under CWE-287 within several PowerLogic power monitoring devices including the PM55xx series, PM8ECC, EGX100, and EGX300 models. This authentication weakness specifically manifests through the Modbus TCP protocol interface, creating a significant security risk for industrial control systems and power management infrastructure. The affected devices operate within critical infrastructure environments where uninterrupted connectivity and secure communication protocols are paramount for operational continuity and safety.

The technical implementation of this vulnerability stems from inadequate authentication mechanisms within the HTTP request processing subsystem of these power monitoring devices. When an attacker crafts and sends specifically formatted HTTP requests to the affected devices, the authentication process fails to properly validate the incoming requests, allowing unauthorized access attempts that can disrupt normal device operations. This flaw enables attackers to exploit the Modbus TCP communication channel, potentially leading to complete loss of connectivity to the device and subsequent operational disruption of the power monitoring system. The vulnerability specifically targets the device's web interface authentication, which serves as the primary access point for configuration and monitoring activities.

From an operational impact perspective, this vulnerability poses severe risks to industrial environments where continuous power monitoring is essential for maintaining system stability and safety. The loss of connectivity through Modbus TCP protocol can result in complete operational paralysis of the affected monitoring systems, potentially leading to undetected power issues, equipment failures, or safety hazards. Power monitoring systems are critical for maintaining grid stability and ensuring proper power distribution, making this vulnerability particularly dangerous in utility environments, manufacturing facilities, or any industrial setting where power quality monitoring is essential. The attack vector through HTTP requests means that even remote attackers with basic network access can potentially compromise these systems, expanding the attack surface significantly.

Mitigation strategies for CVE-2021-22764 should focus on implementing robust network segmentation and access controls to limit exposure of these devices to untrusted networks. Organizations should ensure that affected devices are properly patched with vendor-supplied security updates and that network access to these devices is restricted through firewalls and access control lists. The implementation of network monitoring solutions that can detect anomalous HTTP request patterns and unauthorized access attempts provides additional layers of defense. According to ATT&CK framework, this vulnerability maps to T1110.001 (Brute Force: Password Guessing) and T1071.001 (Application Layer Protocol: Web Protocols) techniques, indicating that defensive measures should include both authentication hardening and network traffic analysis. Regular security assessments and vulnerability scanning should be conducted to identify and remediate similar authentication weaknesses in industrial control systems, following NIST SP 800-82 guidelines for industrial control systems security.

Sources

Do you know our Splunk app?

Download it now for free!