var-201702-0424
Vulnerability from variot
An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and PM5XXX series. There is no CSRF Token generated to authenticate the user during a session. Successful exploitation of this vulnerability can allow unauthorized configuration changes to be made and saved. SchneiderElectricIONPowerMeter is an electric energy meter. SchneiderElectricIONPowerMeter has a cross-site request forgery vulnerability. The remote attacker is allowed to exploit the vulnerability to perform certain unauthorized operations and access to the affected device because the program failed to properly validate the HTTP request. are all power quality analysis instruments of French Schneider Electric (Schneider Electric). The vulnerability stems from the program not properly validating HTTP requests
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201702-0424",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ion7500",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "ion8800",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "ion7600",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "ion8650",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "ion7300",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "ion5000",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "ion73xx",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "series"
},
{
"model": "ion75xx",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "series"
},
{
"model": "ion76xx",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "series"
},
{
"model": "ion8650",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "series"
},
{
"model": "ion8800",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "series"
},
{
"model": "pm5xxx",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "series"
},
{
"model": "electric ion7300 power meter",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "0"
},
{
"model": "electric ion7500 power meter",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "0"
},
{
"model": "electric ion7600 power meter",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "0"
},
{
"model": "electric ion8650 power meter",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "0"
},
{
"model": "electric ion8800 power meter",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "0"
},
{
"model": "electric ionpm5000 power meter",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "0"
},
{
"model": "ionpm5000 power meter",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "ion8800 power meter",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "ion8650 power meter",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "ion7600 power meter",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "ion7500 power meter",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "ion7300 power meter",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-07831"
},
{
"db": "BID",
"id": "92916"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007981"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-087"
},
{
"db": "NVD",
"id": "CVE-2016-5809"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:schneider_electric:ion7300",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:schneider_electric:ion7500",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:schneider_electric:ion7600",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:schneider_electric:ion8650",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:schneider_electric:ion8800",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:schneider_electric:pm5000",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-007981"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "92916"
}
],
"trust": 0.3
},
"cve": "CVE-2016-5809",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2016-5809",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2016-07831",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-94628",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2016-5809",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-5809",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-5809",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2016-07831",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201611-087",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-94628",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-07831"
},
{
"db": "VULHUB",
"id": "VHN-94628"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007981"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-087"
},
{
"db": "NVD",
"id": "CVE-2016-5809"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and PM5XXX series. There is no CSRF Token generated to authenticate the user during a session. Successful exploitation of this vulnerability can allow unauthorized configuration changes to be made and saved. SchneiderElectricIONPowerMeter is an electric energy meter. SchneiderElectricIONPowerMeter has a cross-site request forgery vulnerability. The remote attacker is allowed to exploit the vulnerability to perform certain unauthorized operations and access to the affected device because the program failed to properly validate the HTTP request. are all power quality analysis instruments of French Schneider Electric (Schneider Electric). The vulnerability stems from the program not properly validating HTTP requests",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-5809"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007981"
},
{
"db": "CNVD",
"id": "CNVD-2016-07831"
},
{
"db": "BID",
"id": "92916"
},
{
"db": "VULHUB",
"id": "VHN-94628"
}
],
"trust": 2.52
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-94628",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-94628"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-5809",
"trust": 2.8
},
{
"db": "BID",
"id": "92916",
"trust": 2.6
},
{
"db": "ICS CERT",
"id": "ICSA-16-308-03",
"trust": 2.0
},
{
"db": "ICS CERT ALERT",
"id": "ICS-ALERT-16-256-02",
"trust": 1.7
},
{
"db": "EXPLOIT-DB",
"id": "44640",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007981",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201611-087",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2016-07831",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "147677",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-94628",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-07831"
},
{
"db": "VULHUB",
"id": "VHN-94628"
},
{
"db": "BID",
"id": "92916"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007981"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-087"
},
{
"db": "NVD",
"id": "CVE-2016-5809"
}
]
},
"id": "VAR-201702-0424",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-07831"
},
{
"db": "VULHUB",
"id": "VHN-94628"
}
],
"trust": 1.53333335
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-07831"
}
]
},
"last_update_date": "2024-08-14T14:20:37.120000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2016-256-02",
"trust": 0.8,
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2016-256-02"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-007981"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-94628"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007981"
},
{
"db": "NVD",
"id": "CVE-2016-5809"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/92916"
},
{
"trust": 2.0,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-308-03"
},
{
"trust": 1.7,
"url": "https://ics-cert.us-cert.gov/alerts/ics-alert-16-256-02"
},
{
"trust": 1.1,
"url": "https://www.exploit-db.com/exploits/44640/"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5809"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5809"
},
{
"trust": 0.3,
"url": "http://www.schneider-electric.us/en/download/document/70012-0260-00/"
},
{
"trust": 0.3,
"url": "http://www.schneider-electric.com/site/home/index.cfm/ww/?selectcountry=true"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-07831"
},
{
"db": "VULHUB",
"id": "VHN-94628"
},
{
"db": "BID",
"id": "92916"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007981"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-087"
},
{
"db": "NVD",
"id": "CVE-2016-5809"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-07831"
},
{
"db": "VULHUB",
"id": "VHN-94628"
},
{
"db": "BID",
"id": "92916"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007981"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-087"
},
{
"db": "NVD",
"id": "CVE-2016-5809"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-09-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-07831"
},
{
"date": "2017-02-13T00:00:00",
"db": "VULHUB",
"id": "VHN-94628"
},
{
"date": "2016-09-12T00:00:00",
"db": "BID",
"id": "92916"
},
{
"date": "2017-04-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-007981"
},
{
"date": "2016-09-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201611-087"
},
{
"date": "2017-02-13T21:59:00.407000",
"db": "NVD",
"id": "CVE-2016-5809"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-09-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-07831"
},
{
"date": "2018-05-20T00:00:00",
"db": "VULHUB",
"id": "VHN-94628"
},
{
"date": "2016-11-24T01:07:00",
"db": "BID",
"id": "92916"
},
{
"date": "2017-04-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-007981"
},
{
"date": "2016-11-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201611-087"
},
{
"date": "2018-05-20T01:29:00.523000",
"db": "NVD",
"id": "CVE-2016-5809"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201611-087"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Schneider Electric of IONXXXX Series and PM5XXX Vulnerability to execute unauthenticated setting change in series power meter",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-007981"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201611-087"
}
],
"trust": 0.6
}
}
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.