cvelistv5 - cve-2016-5815

CVE-2016-5815 (GCVE-0-2016-5815)

Vulnerability from cvelistv5 – Published: 2017-02-13 21:00 – Updated: 2024-08-06 01:15

Summary

An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and PM5XXX series. No authentication is configured by default. An unauthorized user can access the device management portal and make configuration changes.

Severity ?

No CVSS data available.

CWE

Schneider Electric IONXXXX Series Power Meter Vulnerabilities

Assigner

icscert

References

URL

Tags

	http://www.securityfocus.com/bid/94091	vdb-entryx_refsource_BID
	https://ics-cert.us-cert.gov/advisories/ICSA-16-308-03	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	Schneider Electric IONXXXX Series Power Meter Vulnerabilities	Affected: Schneider Electric IONXXXX Series Power Meter Vulnerabilities

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:15:09.863Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "94091",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/94091"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-308-03"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Schneider Electric IONXXXX Series Power Meter Vulnerabilities",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Schneider Electric IONXXXX Series Power Meter Vulnerabilities"
            }
          ]
        }
      ],
      "datePublic": "2017-02-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and PM5XXX series. No authentication is configured by default. An unauthorized user can access the device management portal and make configuration changes."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Schneider Electric IONXXXX Series Power Meter Vulnerabilities",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-02-14T10:57:01",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "name": "94091",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/94091"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-308-03"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2016-5815",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Schneider Electric IONXXXX Series Power Meter Vulnerabilities",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Schneider Electric IONXXXX Series Power Meter Vulnerabilities"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and PM5XXX series. No authentication is configured by default. An unauthorized user can access the device management portal and make configuration changes."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Schneider Electric IONXXXX Series Power Meter Vulnerabilities"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "94091",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/94091"
            },
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-308-03",
              "refsource": "MISC",
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-308-03"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2016-5815",
    "datePublished": "2017-02-13T21:00:00",
    "dateReserved": "2016-06-23T00:00:00",
    "dateUpdated": "2024-08-06T01:15:09.863Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:schneider-electric:ion5000:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B0DA1F9F-A898-4059-93FB-05F5C28280E1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:schneider-electric:ion7300:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5DD65F3D-EB57-4AB3-BB33-81B42D460AC4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:schneider-electric:ion7500:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9DC9074B-EA61-4D44-8A16-9E117138629A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:schneider-electric:ion7600:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CFC7C001-9AB5-453F-BC3B-5544627B06CF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:schneider-electric:ion8650:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1DA97CA0-DDE0-4418-9D72-7D463C003693\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:schneider-electric:ion8800:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B3449157-3715-4D89-A3BD-49EE47160B25\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and PM5XXX series. No authentication is configured by default. An unauthorized user can access the device management portal and make configuration changes.\"}, {\"lang\": \"es\", \"value\": \"Ha sido descubierto un problema en los medidores de potencia de las series IONXXXX, ION73XX, ION75XX, ION76XX, ION8650, ION8800 y PM5XXX de Schneider Electric. Ninguna autenticaci\\u00f3n est\\u00e1 configurada de forma predeterminada. Un usuario no autorizado puede acceder al portal de administraci\\u00f3n de dispositivo y realizar cambios de configuraci\\u00f3n.\"}]",
      "id": "CVE-2016-5815",
      "lastModified": "2024-11-21T02:55:03.693",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2017-02-13T21:59:00.503",
      "references": "[{\"url\": \"http://www.securityfocus.com/bid/94091\", \"source\": \"ics-cert@hq.dhs.gov\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://ics-cert.us-cert.gov/advisories/ICSA-16-308-03\", \"source\": \"ics-cert@hq.dhs.gov\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"http://www.securityfocus.com/bid/94091\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://ics-cert.us-cert.gov/advisories/ICSA-16-308-03\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}]",
      "sourceIdentifier": "ics-cert@hq.dhs.gov",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-284\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2016-5815\",\"sourceIdentifier\":\"ics-cert@hq.dhs.gov\",\"published\":\"2017-02-13T21:59:00.503\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and PM5XXX series. No authentication is configured by default. An unauthorized user can access the device management portal and make configuration changes.\"},{\"lang\":\"es\",\"value\":\"Ha sido descubierto un problema en los medidores de potencia de las series IONXXXX, ION73XX, ION75XX, ION76XX, ION8650, ION8800 y PM5XXX de Schneider Electric. Ninguna autenticaci\u00f3n est\u00e1 configurada de forma predeterminada. Un usuario no autorizado puede acceder al portal de administraci\u00f3n de dispositivo y realizar cambios de configuraci\u00f3n.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-284\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:schneider-electric:ion5000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B0DA1F9F-A898-4059-93FB-05F5C28280E1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:schneider-electric:ion7300:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5DD65F3D-EB57-4AB3-BB33-81B42D460AC4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:schneider-electric:ion7500:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9DC9074B-EA61-4D44-8A16-9E117138629A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:schneider-electric:ion7600:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CFC7C001-9AB5-453F-BC3B-5544627B06CF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:schneider-electric:ion8650:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1DA97CA0-DDE0-4418-9D72-7D463C003693\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:schneider-electric:ion8800:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B3449157-3715-4D89-A3BD-49EE47160B25\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/94091\",\"source\":\"ics-cert@hq.dhs.gov\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://ics-cert.us-cert.gov/advisories/ICSA-16-308-03\",\"source\":\"ics-cert@hq.dhs.gov\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.securityfocus.com/bid/94091\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://ics-cert.us-cert.gov/advisories/ICSA-16-308-03\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]}]}}"
  }
}

GSD-2016-5815

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2016-5815

Aliases

CVE-2016-5815

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-5815",
    "description": "An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and PM5XXX series. No authentication is configured by default. An unauthorized user can access the device management portal and make configuration changes.",
    "id": "GSD-2016-5815"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-5815"
      ],
      "details": "An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and PM5XXX series. No authentication is configured by default. An unauthorized user can access the device management portal and make configuration changes.",
      "id": "GSD-2016-5815",
      "modified": "2023-12-13T01:21:25.948282Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "ics-cert@hq.dhs.gov",
        "ID": "CVE-2016-5815",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Schneider Electric IONXXXX Series Power Meter Vulnerabilities",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Schneider Electric IONXXXX Series Power Meter Vulnerabilities"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and PM5XXX series. No authentication is configured by default. An unauthorized user can access the device management portal and make configuration changes."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Schneider Electric IONXXXX Series Power Meter Vulnerabilities"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "94091",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/94091"
          },
          {
            "name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-308-03",
            "refsource": "MISC",
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-308-03"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:h:schneider-electric:ion8650:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:schneider-electric:ion7600:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:schneider-electric:ion7500:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:schneider-electric:ion7300:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:schneider-electric:ion8800:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:schneider-electric:ion5000:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2016-5815"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and PM5XXX series. No authentication is configured by default. An unauthorized user can access the device management portal and make configuration changes."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-284"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-308-03",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-308-03"
            },
            {
              "name": "94091",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/94091"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2017-03-14T19:21Z",
      "publishedDate": "2017-02-13T21:59Z"
    }
  }
}

VAR-201702-0427

Vulnerability from variot - Updated: 2023-12-18 12:37

A security bypass vulnerability exists in Schneider Electric ION Series. An attacker could use this vulnerability to bypass certain security mechanisms to perform unauthorized operations

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201702-0427",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "ion5000",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "schneider electric",
        "version": null
      },
      {
        "model": "ion7500",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "schneider electric",
        "version": null
      },
      {
        "model": "ion7600",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "schneider electric",
        "version": null
      },
      {
        "model": "ion8800",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "schneider electric",
        "version": null
      },
      {
        "model": "ion8650",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "schneider electric",
        "version": null
      },
      {
        "model": "ion7300",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "schneider electric",
        "version": null
      },
      {
        "model": "ion73xx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "schneider electric",
        "version": "series"
      },
      {
        "model": "ion75xx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "schneider electric",
        "version": "series"
      },
      {
        "model": "ion76xx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "schneider electric",
        "version": "series"
      },
      {
        "model": "ion8650",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "schneider electric",
        "version": "series"
      },
      {
        "model": "ion8800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "schneider electric",
        "version": "series"
      },
      {
        "model": "pm5xxx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "schneider electric",
        "version": "series"
      },
      {
        "model": "electric ion series",
        "scope": null,
        "trust": 0.6,
        "vendor": "schneider",
        "version": null
      },
      {
        "model": "ionpm5000 power meter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "schneider electric",
        "version": "0"
      },
      {
        "model": "ion8800 power meter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "schneider electric",
        "version": "0"
      },
      {
        "model": "ion8650 power meter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "schneider electric",
        "version": "0"
      },
      {
        "model": "ion7600 power meter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "schneider electric",
        "version": "0"
      },
      {
        "model": "ion7500 power meter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "schneider electric",
        "version": "0"
      },
      {
        "model": "ion7300 power meter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "schneider electric",
        "version": "0"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-10728"
      },
      {
        "db": "BID",
        "id": "94091"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-007982"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-5815"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201611-110"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:h:schneider-electric:ion8650:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:schneider-electric:ion7600:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:schneider-electric:ion7500:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:schneider-electric:ion7300:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:schneider-electric:ion8800:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:schneider-electric:ion5000:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-5815"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Karn Ganeshen.",
    "sources": [
      {
        "db": "BID",
        "id": "94091"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201611-110"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2016-5815",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 7.5,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2016-5815",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2016-10728",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-94634",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 9.8,
            "baseSeverity": "Critical",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2016-5815",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2016-5815",
            "trust": 1.8,
            "value": "CRITICAL"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2016-10728",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201611-110",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-94634",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-10728"
      },
      {
        "db": "VULHUB",
        "id": "VHN-94634"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-007982"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-5815"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201611-110"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and PM5XXX series. No authentication is configured by default. An unauthorized user can access the device management portal and make configuration changes. Schneider Electric ION Power Meter is an electrical energy meter. \n\nA security bypass vulnerability exists in Schneider Electric ION Series. An attacker could use this vulnerability to bypass certain security mechanisms to perform unauthorized operations",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-5815"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-007982"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-10728"
      },
      {
        "db": "BID",
        "id": "94091"
      },
      {
        "db": "VULHUB",
        "id": "VHN-94634"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2016-5815",
        "trust": 3.4
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-16-308-03",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "94091",
        "trust": 2.6
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-007982",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201611-110",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-10728",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-94634",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-10728"
      },
      {
        "db": "VULHUB",
        "id": "VHN-94634"
      },
      {
        "db": "BID",
        "id": "94091"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-007982"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-5815"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201611-110"
      }
    ]
  },
  "id": "VAR-201702-0427",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-10728"
      },
      {
        "db": "VULHUB",
        "id": "VHN-94634"
      }
    ],
    "trust": 1.414285742857143
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-10728"
      }
    ]
  },
  "last_update_date": "2023-12-18T12:37:37.283000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "SEVD-2016-256-02",
        "trust": 0.8,
        "url": "http://download.schneider-electric.com/files?p_doc_ref=sevd-2016-256-02"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-007982"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-284",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-94634"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-007982"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-5815"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.8,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-16-308-03"
      },
      {
        "trust": 2.3,
        "url": "http://www.securityfocus.com/bid/94091"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5815"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-5815"
      },
      {
        "trust": 0.3,
        "url": "www.controlmicrosystems.com"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-10728"
      },
      {
        "db": "VULHUB",
        "id": "VHN-94634"
      },
      {
        "db": "BID",
        "id": "94091"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-007982"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-5815"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201611-110"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-10728"
      },
      {
        "db": "VULHUB",
        "id": "VHN-94634"
      },
      {
        "db": "BID",
        "id": "94091"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-007982"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-5815"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201611-110"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-11-08T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2016-10728"
      },
      {
        "date": "2017-02-13T00:00:00",
        "db": "VULHUB",
        "id": "VHN-94634"
      },
      {
        "date": "2016-11-03T00:00:00",
        "db": "BID",
        "id": "94091"
      },
      {
        "date": "2017-04-04T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-007982"
      },
      {
        "date": "2017-02-13T21:59:00.503000",
        "db": "NVD",
        "id": "CVE-2016-5815"
      },
      {
        "date": "2016-11-08T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201611-110"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-11-08T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2016-10728"
      },
      {
        "date": "2017-03-14T00:00:00",
        "db": "VULHUB",
        "id": "VHN-94634"
      },
      {
        "date": "2016-11-24T01:07:00",
        "db": "BID",
        "id": "94091"
      },
      {
        "date": "2017-04-04T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-007982"
      },
      {
        "date": "2017-03-14T19:21:05.840000",
        "db": "NVD",
        "id": "CVE-2016-5815"
      },
      {
        "date": "2016-11-08T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201611-110"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201611-110"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Schneider Electric of  IONXXXX Series and  PM5XXX Vulnerability to Access Device Management Portal in Series Power Meter",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-007982"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201611-110"
      }
    ],
    "trust": 0.6
  }
}

CNVD-2016-10728

Vulnerability from cnvd - Published: 2016-11-08

Title

Schneider Electric ION安全绕过漏洞

Description

Schneider Electric ION Power Meter是电气电能表。 Schneider Electric ION Series中存在安全绕过漏洞。攻击者可以利用该漏洞绕过某些安全机制执行未经认证的操作。

Severity

中

Formal description

目前没有详细的解决方案提供： http://www.schneider-electric.cn/zh/

Reference

http://www.securityfocus.com/bid/94091

Impacted products

Name
Schneider Electric ION Series

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "94091"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-5815"
    }
  },
  "description": "Schneider Electric ION Power Meter\u662f\u7535\u6c14\u7535\u80fd\u8868\u3002\r\n\r\nSchneider Electric ION Series\u4e2d\u5b58\u5728\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u67d0\u4e9b\u5b89\u5168\u673a\u5236\u6267\u884c\u672a\u7ecf\u8ba4\u8bc1\u7684\u64cd\u4f5c\u3002",
  "discovererName": "Karn Ganeshen.",
  "formalWay": "\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u89e3\u51b3\u65b9\u6848\u63d0\u4f9b\uff1a\r\nhttp://www.schneider-electric.cn/zh/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-10728",
  "openTime": "2016-11-08",
  "products": {
    "product": "Schneider Electric ION Series"
  },
  "referenceLink": "http://www.securityfocus.com/bid/94091",
  "serverity": "\u4e2d",
  "submitTime": "2016-11-06",
  "title": "Schneider Electric ION\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e"
}

FKIE_CVE-2016-5815

Vulnerability from fkie_nvd - Published: 2017-02-13 21:59 - Updated: 2025-04-20 01:37

Severity ?

9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
ics-cert@hq.dhs.gov	http://www.securityfocus.com/bid/94091	Third Party Advisory, VDB Entry
ics-cert@hq.dhs.gov	https://ics-cert.us-cert.gov/advisories/ICSA-16-308-03	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/94091	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://ics-cert.us-cert.gov/advisories/ICSA-16-308-03	Third Party Advisory, US Government Resource

Impacted products

Vendor	Product	Version
schneider-electric	ion5000	-
schneider-electric	ion7300	-
schneider-electric	ion7500	-
schneider-electric	ion7600	-
schneider-electric	ion8650	-
schneider-electric	ion8800	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:ion5000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0DA1F9F-A898-4059-93FB-05F5C28280E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:ion7300:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DD65F3D-EB57-4AB3-BB33-81B42D460AC4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:ion7500:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DC9074B-EA61-4D44-8A16-9E117138629A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:ion7600:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CFC7C001-9AB5-453F-BC3B-5544627B06CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:ion8650:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1DA97CA0-DDE0-4418-9D72-7D463C003693",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:ion8800:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3449157-3715-4D89-A3BD-49EE47160B25",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and PM5XXX series. No authentication is configured by default. An unauthorized user can access the device management portal and make configuration changes."
    },
    {
      "lang": "es",
      "value": "Ha sido descubierto un problema en los medidores de potencia de las series IONXXXX, ION73XX, ION75XX, ION76XX, ION8650, ION8800 y PM5XXX de Schneider Electric. Ninguna autenticaci\u00f3n est\u00e1 configurada de forma predeterminada. Un usuario no autorizado puede acceder al portal de administraci\u00f3n de dispositivo y realizar cambios de configuraci\u00f3n."
    }
  ],
  "id": "CVE-2016-5815",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-02-13T21:59:00.503",
  "references": [
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/94091"
    },
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-308-03"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/94091"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-308-03"
    }
  ],
  "sourceIdentifier": "ics-cert@hq.dhs.gov",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-MFPM-XW3V-WFRJ

Vulnerability from github – Published: 2022-05-17 02:55 – Updated: 2022-05-17 02:55

Details

Severity ?

9.8 (Critical)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2016-5815"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-284"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-02-13T21:59:00Z",
    "severity": "CRITICAL"
  },
  "details": "An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and PM5XXX series. No authentication is configured by default. An unauthorized user can access the device management portal and make configuration changes.",
  "id": "GHSA-mfpm-xw3v-wfrj",
  "modified": "2022-05-17T02:55:26Z",
  "published": "2022-05-17T02:55:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5815"
    },
    {
      "type": "WEB",
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-308-03"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/94091"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2016-5815 (GCVE-0-2016-5815)

GSD-2016-5815

VAR-201702-0427

CNVD-2016-10728

FKIE_CVE-2016-5815

GHSA-MFPM-XW3V-WFRJ

Tags

Sightings

Nomenclature