Details of VAR-201303-0527

ID

VAR-201303-0527

TITLE

PowerHawk 6320 Smart Meter Information Disclosure Vulnerability

Trust: 1.5

sources: CNVD: CNVD-2013-02259 // BID: 58709 // CNNVD: CNNVD-201303-535

DESCRIPTION

The PowerHawk 6320 meter is a smart meter device. The PowerHawk 6320 meter incorrectly restricts access to web-based UIs, allowing remote attackers to exploit the vulnerability to request serial numbers, MAC addresses, and firmware versions. Successful exploits may allow an attacker to obtain sensitive information that may aid in launching further attacks. PowerHawk 6320 Smart Meter running firmware 1.12 is vulnerable; other versions may also be affected

Trust: 0.81

sources: CNVD: CNVD-2013-02259 // BID: 58709

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2013-02259

AFFECTED PRODUCTS

vendor:

triacta power

model:

powerhawk series meters

scope:

version:

6000

Trust: 0.6

sources: CNVD: CNVD-2013-02259

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2013-02259
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2013-02259
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2013-02259

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201303-535

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201303-535

EXTERNAL IDS

db:	BID	id:	58709	Trust: 1.5
db:	SECUNIA	id:	52720	Trust: 0.6
db:	CNVD	id:	CNVD-2013-02259	Trust: 0.6
db:	CNNVD	id:	CNNVD-201303-535	Trust: 0.6

sources: CNVD: CNVD-2013-02259 // BID: 58709 // CNNVD: CNNVD-201303-535

REFERENCES

url:	http://secunia.com/advisories/52720/	Trust: 0.6
url:	http://www.securityfocus.com/bid/58709	Trust: 0.6
url:	http://www.triacta.com/products/powerhawk-energy-meters-6000-series.html	Trust: 0.3
url:	http://dariusfreamon.wordpress.com/2013/03/24/powerhawk-6320-smart-meter-information-disclosure/	Trust: 0.3

sources: CNVD: CNVD-2013-02259 // BID: 58709 // CNNVD: CNNVD-201303-535

CREDITS

Darius Freamon

Trust: 0.9

sources: BID: 58709 // CNNVD: CNNVD-201303-535

SOURCES

db:	CNVD	id:	CNVD-2013-02259
db:	BID	id:	58709
db:	CNNVD	id:	CNNVD-201303-535

LAST UPDATE DATE

2022-05-17T01:53:14.120000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2013-02259	date:	2013-05-24T00:00:00
db:	BID	id:	58709	date:	2013-03-26T00:00:00
db:	CNNVD	id:	CNNVD-201303-535	date:	2013-03-29T00:00:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2013-02259	date:	2013-03-28T00:00:00
db:	BID	id:	58709	date:	2013-03-26T00:00:00
db:	CNNVD	id:	CNNVD-201303-535	date:	2013-03-27T00:00:00