CVE-2021-22765 in PowerLogic EGX100
Summary
by MITRE • 06/11/2021
A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service or remote code execution via a specially crafted HTTP packet
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 05/30/2026
The vulnerability identified as CVE-2021-22765 represents a critical security flaw classified under CWE-20: Improper Input Validation within PowerLogic EGX100 and EGX300 industrial network devices. This weakness manifests in the form of inadequate validation of HTTP packet inputs, creating a pathway for malicious actors to exploit the system through carefully crafted network traffic. The affected versions include PowerLogic EGX100 firmware versions 3.0.0 and newer, alongside all versions of the EGX300 series, making this a widespread concern across industrial control systems. The vulnerability's classification as an improper input validation issue means that the system fails to properly sanitize or verify incoming HTTP requests before processing them, creating potential attack vectors that could be leveraged by threat actors.
The technical exploitation of this vulnerability can result in either denial of service conditions or remote code execution capabilities, both of which pose severe operational risks to industrial environments. When an attacker sends a specially crafted HTTP packet to the affected device, the improper input validation allows malicious data to bypass normal security checks and potentially execute arbitrary code on the target system. This type of vulnerability is particularly dangerous in industrial settings where network devices control critical infrastructure, as it could lead to complete system compromise. The attack surface is expanded by the fact that HTTP traffic is commonly used for device management and monitoring purposes, making legitimate communication channels susceptible to exploitation. From an operational standpoint, this vulnerability represents a significant risk to industrial control system security and could potentially disrupt critical processes or allow unauthorized access to sensitive operational data.
The impact of this vulnerability extends beyond simple system availability concerns, as it creates opportunities for attackers to gain persistent access to industrial networks. The potential for remote code execution means that an attacker could install backdoors, modify system configurations, or even take control of connected industrial processes. This aligns with attack patterns documented in the MITRE ATT&CK framework where adversaries exploit input validation weaknesses to establish persistent access and escalate privileges within industrial control environments. Organizations utilizing PowerLogic EGX series devices face significant operational risks, including potential production disruptions, data integrity compromises, and increased attack surface for broader network infiltration. The vulnerability's nature suggests that it could be exploited through network-based attacks without requiring physical access to the devices, making it particularly concerning for industrial environments where security perimeters may be less strictly enforced.
Mitigation strategies for CVE-2021-22765 should prioritize immediate firmware updates from PowerLogic to address the improper input validation issue. Network segmentation and access controls should be implemented to limit exposure of affected devices to untrusted networks, while also employing network monitoring solutions to detect anomalous HTTP traffic patterns. Regular security assessments of industrial control systems should include validation of input handling mechanisms across all networked devices to identify similar vulnerabilities. Organizations should also consider implementing intrusion detection systems specifically configured to monitor for exploitation attempts targeting known input validation vulnerabilities in industrial equipment. The remediation process must be carefully managed to avoid disrupting critical industrial operations, requiring thorough testing in controlled environments before deployment. Additionally, implementing network access controls and restricting HTTP service exposure to only necessary administrative systems can significantly reduce the attack surface while maintaining operational functionality.