CVE-2016-5809
published 2017-02-13CVE-2016-5809: An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and…
PriorityP350high8.8CVSS 3.0
AVNACLPRNUIRSUCHIHAH
EXPLOIT
EPSS
2.04%
78.8th percentile
An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and PM5XXX series. There is no CSRF Token generated to authenticate the user during a session. Successful exploitation of this vulnerability can allow unauthorized configuration changes to be made and saved.
CVSS provenance
nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Schneider Electric IONXXXX Series Power Meter Vulnerabilities
cisa_ics·2016-09-12
Schneider Electric IONXXXX Series Power Meter Vulnerabilities
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Schneider Electric IONXXXX Series Power Meter Vulnerabilities
Last RevisedNovember 03, 2016
Alert CodeICSA-16-308-03
## OVERVIEW
This advisory is a follow-up to the alert titled ICS-ALERT-16-256-02 Schneider Electric ION Power Meter CSRF Vulnerability that was published September 12, 2016, on the NCCIC/ICS-CERT web site.
Independent researcher Karn Ganeshen has identified a cross-site request forgery (CSRF) and no access control vulnerabilities in Schneider Electric’s IONXXXX series power meters. Schneider Electric has produced instructions to mitigate these vulnerabilities.
T
GHSA
GHSA-rrvq-67jw-2vxq: An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 seri
ghsa_unreviewed·2022-05-14
CVE-2016-5809 [HIGH] CWE-352 GHSA-rrvq-67jw-2vxq: An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 seri
An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and PM5XXX series. There is no CSRF Token generated to authenticate the user during a session. Successful exploitation of this vulnerability can allow unauthorized configuration changes to be made and saved.
No detection rules found.
No writeups or analysis indexed.
2017-02-13
Published