Vulnerability-Lookup - Search a vulnerability

Search criteria

Vendor

Product

Assigner

Sources

Sort by

Order

FKIE_CVE-2016-5815

Vulnerability from fkie_nvd - Published: 2017-02-13 21:59 - Updated: 2025-04-20 01:37

Severity ?

9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and PM5XXX series. No authentication is configured by default. An unauthorized user can access the device management portal and make configuration changes.

References

URL	Tags
ics-cert@hq.dhs.gov	http://www.securityfocus.com/bid/94091	Third Party Advisory, VDB Entry
ics-cert@hq.dhs.gov	https://ics-cert.us-cert.gov/advisories/ICSA-16-308-03	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/94091	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://ics-cert.us-cert.gov/advisories/ICSA-16-308-03	Third Party Advisory, US Government Resource

Impacted products

Vendor	Product	Version
schneider-electric	ion5000	-
schneider-electric	ion7300	-
schneider-electric	ion7500	-
schneider-electric	ion7600	-
schneider-electric	ion8650	-
schneider-electric	ion8800	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:ion5000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0DA1F9F-A898-4059-93FB-05F5C28280E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:ion7300:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DD65F3D-EB57-4AB3-BB33-81B42D460AC4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:ion7500:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DC9074B-EA61-4D44-8A16-9E117138629A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:ion7600:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CFC7C001-9AB5-453F-BC3B-5544627B06CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:ion8650:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1DA97CA0-DDE0-4418-9D72-7D463C003693",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:ion8800:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3449157-3715-4D89-A3BD-49EE47160B25",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and PM5XXX series. No authentication is configured by default. An unauthorized user can access the device management portal and make configuration changes."
    },
    {
      "lang": "es",
      "value": "Ha sido descubierto un problema en los medidores de potencia de las series IONXXXX, ION73XX, ION75XX, ION76XX, ION8650, ION8800 y PM5XXX de Schneider Electric. Ninguna autenticaci\u00f3n est\u00e1 configurada de forma predeterminada. Un usuario no autorizado puede acceder al portal de administraci\u00f3n de dispositivo y realizar cambios de configuraci\u00f3n."
    }
  ],
  "id": "CVE-2016-5815",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-02-13T21:59:00.503",
  "references": [
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/94091"
    },
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-308-03"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/94091"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-308-03"
    }
  ],
  "sourceIdentifier": "ics-cert@hq.dhs.gov",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2016-5809

Vulnerability from fkie_nvd - Published: 2017-02-13 21:59 - Updated: 2025-04-20 01:37

Severity ?

8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and PM5XXX series. There is no CSRF Token generated to authenticate the user during a session. Successful exploitation of this vulnerability can allow unauthorized configuration changes to be made and saved.

References

URL	Tags
ics-cert@hq.dhs.gov	http://www.securityfocus.com/bid/92916	Third Party Advisory, VDB Entry
ics-cert@hq.dhs.gov	https://ics-cert.us-cert.gov/advisories/ICSA-16-308-03	Third Party Advisory, US Government Resource
ics-cert@hq.dhs.gov	https://www.exploit-db.com/exploits/44640/
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/92916	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://ics-cert.us-cert.gov/advisories/ICSA-16-308-03	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/44640/

Impacted products

Vendor	Product	Version
schneider-electric	ion5000	-
schneider-electric	ion7300	-
schneider-electric	ion7500	-
schneider-electric	ion7600	-
schneider-electric	ion8650	-
schneider-electric	ion8800	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:ion5000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0DA1F9F-A898-4059-93FB-05F5C28280E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:ion7300:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DD65F3D-EB57-4AB3-BB33-81B42D460AC4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:ion7500:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DC9074B-EA61-4D44-8A16-9E117138629A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:ion7600:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CFC7C001-9AB5-453F-BC3B-5544627B06CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:ion8650:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1DA97CA0-DDE0-4418-9D72-7D463C003693",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:ion8800:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3449157-3715-4D89-A3BD-49EE47160B25",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and PM5XXX series. There is no CSRF Token generated to authenticate the user during a session. Successful exploitation of this vulnerability can allow unauthorized configuration changes to be made and saved."
    },
    {
      "lang": "es",
      "value": "Ha sido descubierto un problema en los medidores de potencia de las series IONXXXX, ION73XX, ION75XX, ION76XX, ION8650, ION8800 y PM5XXX de Schneider Electric. No hay Token CSRF generado para autenticar al usuario durante una sesi\u00f3n. La explotaci\u00f3n exitosa de esta vulnerabilidad puede permitir que se realicen y se guarden cambios de configuraci\u00f3n no autorizados."
    }
  ],
  "id": "CVE-2016-5809",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-02-13T21:59:00.407",
  "references": [
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/92916"
    },
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-308-03"
    },
    {
      "source": "ics-cert@hq.dhs.gov",
      "url": "https://www.exploit-db.com/exploits/44640/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/92916"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-308-03"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.exploit-db.com/exploits/44640/"
    }
  ],
  "sourceIdentifier": "ics-cert@hq.dhs.gov",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2016-5809 (GCVE-0-2016-5809)

Vulnerability from cvelistv5 – Published: 2017-02-13 21:00 – Updated: 2024-08-06 01:15

Summary

An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and PM5XXX series. There is no CSRF Token generated to authenticate the user during a session. Successful exploitation of this vulnerability can allow unauthorized configuration changes to be made and saved.

Severity ?

No CVSS data available.

CWE

Schneider Electric IONXXXX Series csrf

Assigner

icscert

References

URL

Tags

	https://www.exploit-db.com/exploits/44640/	exploitx_refsource_EXPLOIT-DB
	http://www.securityfocus.com/bid/92916	vdb-entryx_refsource_BID
	https://ics-cert.us-cert.gov/advisories/ICSA-16-308-03	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	Schneider Electric IONXXXX Series	Affected: Schneider Electric IONXXXX Series

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:15:10.763Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "44640",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/44640/"
          },
          {
            "name": "92916",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/92916"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-308-03"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Schneider Electric IONXXXX Series",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Schneider Electric IONXXXX Series"
            }
          ]
        }
      ],
      "datePublic": "2017-02-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and PM5XXX series. There is no CSRF Token generated to authenticate the user during a session. Successful exploitation of this vulnerability can allow unauthorized configuration changes to be made and saved."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Schneider Electric IONXXXX Series csrf",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-05-19T09:57:01",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "name": "44640",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/44640/"
        },
        {
          "name": "92916",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/92916"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-308-03"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2016-5809",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Schneider Electric IONXXXX Series",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Schneider Electric IONXXXX Series"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and PM5XXX series. There is no CSRF Token generated to authenticate the user during a session. Successful exploitation of this vulnerability can allow unauthorized configuration changes to be made and saved."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Schneider Electric IONXXXX Series csrf"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "44640",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/44640/"
            },
            {
              "name": "92916",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/92916"
            },
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-308-03",
              "refsource": "MISC",
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-308-03"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2016-5809",
    "datePublished": "2017-02-13T21:00:00",
    "dateReserved": "2016-06-23T00:00:00",
    "dateUpdated": "2024-08-06T01:15:10.763Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-5815 (GCVE-0-2016-5815)

Vulnerability from cvelistv5 – Published: 2017-02-13 21:00 – Updated: 2024-08-06 01:15

Summary

An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and PM5XXX series. No authentication is configured by default. An unauthorized user can access the device management portal and make configuration changes.

Severity ?

No CVSS data available.

CWE

Schneider Electric IONXXXX Series Power Meter Vulnerabilities

Assigner

icscert

References

URL

Tags

	http://www.securityfocus.com/bid/94091	vdb-entryx_refsource_BID
	https://ics-cert.us-cert.gov/advisories/ICSA-16-308-03	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	Schneider Electric IONXXXX Series Power Meter Vulnerabilities	Affected: Schneider Electric IONXXXX Series Power Meter Vulnerabilities

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:15:09.863Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "94091",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/94091"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-308-03"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Schneider Electric IONXXXX Series Power Meter Vulnerabilities",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Schneider Electric IONXXXX Series Power Meter Vulnerabilities"
            }
          ]
        }
      ],
      "datePublic": "2017-02-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and PM5XXX series. No authentication is configured by default. An unauthorized user can access the device management portal and make configuration changes."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Schneider Electric IONXXXX Series Power Meter Vulnerabilities",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-02-14T10:57:01",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "name": "94091",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/94091"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-308-03"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2016-5815",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Schneider Electric IONXXXX Series Power Meter Vulnerabilities",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Schneider Electric IONXXXX Series Power Meter Vulnerabilities"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and PM5XXX series. No authentication is configured by default. An unauthorized user can access the device management portal and make configuration changes."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Schneider Electric IONXXXX Series Power Meter Vulnerabilities"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "94091",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/94091"
            },
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-308-03",
              "refsource": "MISC",
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-308-03"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2016-5815",
    "datePublished": "2017-02-13T21:00:00",
    "dateReserved": "2016-06-23T00:00:00",
    "dateUpdated": "2024-08-06T01:15:09.863Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-5809 (GCVE-0-2016-5809)

Vulnerability from nvd – Published: 2017-02-13 21:00 – Updated: 2024-08-06 01:15

Summary

An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and PM5XXX series. There is no CSRF Token generated to authenticate the user during a session. Successful exploitation of this vulnerability can allow unauthorized configuration changes to be made and saved.

Severity ?

No CVSS data available.

CWE

Schneider Electric IONXXXX Series csrf

Assigner

icscert

References

URL

Tags

	https://www.exploit-db.com/exploits/44640/	exploitx_refsource_EXPLOIT-DB
	http://www.securityfocus.com/bid/92916	vdb-entryx_refsource_BID
	https://ics-cert.us-cert.gov/advisories/ICSA-16-308-03	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	Schneider Electric IONXXXX Series	Affected: Schneider Electric IONXXXX Series

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:15:10.763Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "44640",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/44640/"
          },
          {
            "name": "92916",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/92916"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-308-03"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Schneider Electric IONXXXX Series",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Schneider Electric IONXXXX Series"
            }
          ]
        }
      ],
      "datePublic": "2017-02-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and PM5XXX series. There is no CSRF Token generated to authenticate the user during a session. Successful exploitation of this vulnerability can allow unauthorized configuration changes to be made and saved."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Schneider Electric IONXXXX Series csrf",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-05-19T09:57:01",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "name": "44640",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/44640/"
        },
        {
          "name": "92916",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/92916"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-308-03"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2016-5809",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Schneider Electric IONXXXX Series",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Schneider Electric IONXXXX Series"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and PM5XXX series. There is no CSRF Token generated to authenticate the user during a session. Successful exploitation of this vulnerability can allow unauthorized configuration changes to be made and saved."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Schneider Electric IONXXXX Series csrf"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "44640",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/44640/"
            },
            {
              "name": "92916",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/92916"
            },
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-308-03",
              "refsource": "MISC",
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-308-03"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2016-5809",
    "datePublished": "2017-02-13T21:00:00",
    "dateReserved": "2016-06-23T00:00:00",
    "dateUpdated": "2024-08-06T01:15:10.763Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-5815 (GCVE-0-2016-5815)

Vulnerability from nvd – Published: 2017-02-13 21:00 – Updated: 2024-08-06 01:15

Summary

An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and PM5XXX series. No authentication is configured by default. An unauthorized user can access the device management portal and make configuration changes.

Severity ?

No CVSS data available.

CWE

Schneider Electric IONXXXX Series Power Meter Vulnerabilities

Assigner

icscert

References

URL

Tags

	http://www.securityfocus.com/bid/94091	vdb-entryx_refsource_BID
	https://ics-cert.us-cert.gov/advisories/ICSA-16-308-03	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	Schneider Electric IONXXXX Series Power Meter Vulnerabilities	Affected: Schneider Electric IONXXXX Series Power Meter Vulnerabilities

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:15:09.863Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "94091",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/94091"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-308-03"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Schneider Electric IONXXXX Series Power Meter Vulnerabilities",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Schneider Electric IONXXXX Series Power Meter Vulnerabilities"
            }
          ]
        }
      ],
      "datePublic": "2017-02-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and PM5XXX series. No authentication is configured by default. An unauthorized user can access the device management portal and make configuration changes."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Schneider Electric IONXXXX Series Power Meter Vulnerabilities",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-02-14T10:57:01",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "name": "94091",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/94091"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-308-03"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2016-5815",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Schneider Electric IONXXXX Series Power Meter Vulnerabilities",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Schneider Electric IONXXXX Series Power Meter Vulnerabilities"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and PM5XXX series. No authentication is configured by default. An unauthorized user can access the device management portal and make configuration changes."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Schneider Electric IONXXXX Series Power Meter Vulnerabilities"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "94091",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/94091"
            },
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-308-03",
              "refsource": "MISC",
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-308-03"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2016-5815",
    "datePublished": "2017-02-13T21:00:00",
    "dateReserved": "2016-06-23T00:00:00",
    "dateUpdated": "2024-08-06T01:15:09.863Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Search criteria

6 vulnerabilities found for ion7600 by schneider-electric

FKIE_CVE-2016-5815

FKIE_CVE-2016-5809

CVE-2016-5809 (GCVE-0-2016-5809)

CVE-2016-5815 (GCVE-0-2016-5815)

CVE-2016-5809 (GCVE-0-2016-5809)

CVE-2016-5815 (GCVE-0-2016-5815)