Details of VAR-201602-0021

ID

VAR-201602-0021

CVE

CVE-2016-0863

TITLE

Tollgrade SmartGrid LightHouse Sensor Management System Software EMS Vulnerable to cross-site request forgery

Trust: 0.8

sources: JVNDB: JVNDB-2016-001455

DESCRIPTION

Cross-site request forgery (CSRF) vulnerability in Tollgrade SmartGrid LightHouse Sensor Management System (SMS) Software EMS before 5.1, and 4.1.0 Build 16, allows remote attackers to hijack the authentication of arbitrary users. A remote attacker could exploit this vulnerability to perform unauthorized operations

Trust: 1.71

sources: NVD: CVE-2016-0863 // JVNDB: JVNDB-2016-001455 // VULHUB: VHN-88373

IOT TAXONOMY

category:

['embedded device']

sub_category:

smart grid sensor

Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:	tollgrade	model:	smartgrid lighthouse sensor management system	scope:	eq	version:	4.1.0	Trust: 1.6
vendor:	tollgrade	model:	smartgrid lighthouse sensor management system	scope:	lte	version:	5.0	Trust: 1.0
vendor:	tollgrade	model:	lighthouse sensor management system	scope:	eq	version:	4.1.0 build 16	Trust: 0.8
vendor:	tollgrade	model:	lighthouse sensor management system	scope:	lt	version:	5.1	Trust: 0.8
vendor:	tollgrade	model:	smartgrid lighthouse sensor management system	scope:	eq	version:	5.0	Trust: 0.6

sources: JVNDB: JVNDB-2016-001455 // CNNVD: CNNVD-201602-262 // NVD: CVE-2016-0863

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-0863
value:	HIGH
Trust: 1.0
NVD:	CVE-2016-0863
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201602-262
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-88373
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2016-0863
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-88373
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-0863
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-88373 // JVNDB: JVNDB-2016-001455 // CNNVD: CNNVD-201602-262 // NVD: CVE-2016-0863

PROBLEMTYPE DATA

problemtype:

CWE-352

Trust: 1.9

sources: VULHUB: VHN-88373 // JVNDB: JVNDB-2016-001455 // NVD: CVE-2016-0863

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201602-262

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201602-262

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-001455

PATCH

title:	Smart Grid	url:	http://www.tollgrade.com/smartgrid/smart-grid-products/predictivegrid-analytics-software/	Trust: 0.8
title:	Tollgrade SmartGrid LightHouse Sensor Management System Software Fixes for cross-site request forgery vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=60203	Trust: 0.6

sources: JVNDB: JVNDB-2016-001455 // CNNVD: CNNVD-201602-262

EXTERNAL IDS

db:	NVD	id:	CVE-2016-0863	Trust: 2.6
db:	ICS CERT	id:	ICSA-16-040-01	Trust: 2.5
db:	JVNDB	id:	JVNDB-2016-001455	Trust: 0.8
db:	CNNVD	id:	CNNVD-201602-262	Trust: 0.7
db:	OTHER	id:	NONE	Trust: 0.1
db:	VULHUB	id:	VHN-88373	Trust: 0.1

sources: OTHER: None // VULHUB: VHN-88373 // JVNDB: JVNDB-2016-001455 // CNNVD: CNNVD-201602-262 // NVD: CVE-2016-0863

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-16-040-01	Trust: 2.5
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0863	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-0863	Trust: 0.8
url:	https://ieeexplore.ieee.org/abstract/document/10769424	Trust: 0.1

sources: OTHER: None // VULHUB: VHN-88373 // JVNDB: JVNDB-2016-001455 // CNNVD: CNNVD-201602-262 // NVD: CVE-2016-0863

SOURCES

db:	OTHER	id:	-
db:	VULHUB	id:	VHN-88373
db:	JVNDB	id:	JVNDB-2016-001455
db:	CNNVD	id:	CNNVD-201602-262
db:	NVD	id:	CVE-2016-0863

LAST UPDATE DATE

2025-04-13T20:43:26.293000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-88373	date:	2016-05-09T00:00:00
db:	JVNDB	id:	JVNDB-2016-001455	date:	2016-05-31T00:00:00
db:	CNNVD	id:	CNNVD-201602-262	date:	2016-02-16T00:00:00
db:	NVD	id:	CVE-2016-0863	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-88373	date:	2016-02-13T00:00:00
db:	JVNDB	id:	JVNDB-2016-001455	date:	2016-02-19T00:00:00
db:	CNNVD	id:	CNNVD-201602-262	date:	2016-02-16T00:00:00
db:	NVD	id:	CVE-2016-0863	date:	2016-02-13T02:59:02.947