Details of VAR-201602-0022

ID

VAR-201602-0022

CVE

CVE-2016-0864

TITLE

Tollgrade SmartGrid LightHouse Sensor Management System Software EMS Vulnerability in obtaining critical reports and username information

Trust: 0.8

sources: JVNDB: JVNDB-2016-001456

DESCRIPTION

Tollgrade SmartGrid LightHouse Sensor Management System (SMS) Software EMS before 5.1, and 4.1.0 Build 16, allows remote attackers to obtain sensitive report and username information via unspecified vectors. Tollgrade SmartGrid LightHouse Sensor Management System (SMS) Software is a set of Web-based smart grid lighthouse sensor management system developed by Tollgrade Company in the United States. Security vulnerabilities exist in Tollgrade SmartGrid LightHouse SMS Software versions prior to 5.1 and 4.1.0 Build 16

Trust: 1.71

sources: NVD: CVE-2016-0864 // JVNDB: JVNDB-2016-001456 // VULHUB: VHN-88374

IOT TAXONOMY

category:

['embedded device']

sub_category:

smart grid sensor

Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:	tollgrade	model:	smartgrid lighthouse sensor management system	scope:	eq	version:	4.1.0	Trust: 1.6
vendor:	tollgrade	model:	smartgrid lighthouse sensor management system	scope:	lte	version:	5.0	Trust: 1.0
vendor:	tollgrade	model:	lighthouse sensor management system	scope:	eq	version:	4.1.0 build 16	Trust: 0.8
vendor:	tollgrade	model:	lighthouse sensor management system	scope:	lt	version:	5.1	Trust: 0.8
vendor:	tollgrade	model:	smartgrid lighthouse sensor management system	scope:	eq	version:	5.0	Trust: 0.6

sources: JVNDB: JVNDB-2016-001456 // CNNVD: CNNVD-201602-263 // NVD: CVE-2016-0864

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-0864
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2016-0864
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201602-263
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-88374
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2016-0864
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-88374
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-0864
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.0
Trust: 1.0

sources: VULHUB: VHN-88374 // JVNDB: JVNDB-2016-001456 // CNNVD: CNNVD-201602-263 // NVD: CVE-2016-0864

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-88374 // JVNDB: JVNDB-2016-001456 // NVD: CVE-2016-0864

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201602-263

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201602-263

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-001456

PATCH

title:	Smart Grid	url:	http://www.tollgrade.com/smartgrid/smart-grid-products/predictivegrid-analytics-software/	Trust: 0.8
title:	Tollgrade SmartGrid LightHouse Sensor Management System Software Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=60204	Trust: 0.6

sources: JVNDB: JVNDB-2016-001456 // CNNVD: CNNVD-201602-263

EXTERNAL IDS

db:	NVD	id:	CVE-2016-0864	Trust: 2.6
db:	ICS CERT	id:	ICSA-16-040-01	Trust: 2.5
db:	JVNDB	id:	JVNDB-2016-001456	Trust: 0.8
db:	CNNVD	id:	CNNVD-201602-263	Trust: 0.7
db:	OTHER	id:	NONE	Trust: 0.1
db:	VULHUB	id:	VHN-88374	Trust: 0.1

sources: OTHER: None // VULHUB: VHN-88374 // JVNDB: JVNDB-2016-001456 // CNNVD: CNNVD-201602-263 // NVD: CVE-2016-0864

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-16-040-01	Trust: 2.5
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0864	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-0864	Trust: 0.8
url:	https://ieeexplore.ieee.org/abstract/document/10769424	Trust: 0.1

sources: OTHER: None // VULHUB: VHN-88374 // JVNDB: JVNDB-2016-001456 // CNNVD: CNNVD-201602-263 // NVD: CVE-2016-0864

SOURCES

db:	OTHER	id:	-
db:	VULHUB	id:	VHN-88374
db:	JVNDB	id:	JVNDB-2016-001456
db:	CNNVD	id:	CNNVD-201602-263
db:	NVD	id:	CVE-2016-0864

LAST UPDATE DATE

2025-04-13T20:20:26.278000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-88374	date:	2016-05-09T00:00:00
db:	JVNDB	id:	JVNDB-2016-001456	date:	2016-02-19T00:00:00
db:	CNNVD	id:	CNNVD-201602-263	date:	2016-02-16T00:00:00
db:	NVD	id:	CVE-2016-0864	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-88374	date:	2016-02-13T00:00:00
db:	JVNDB	id:	JVNDB-2016-001456	date:	2016-02-19T00:00:00
db:	CNNVD	id:	CNNVD-201602-263	date:	2016-02-16T00:00:00
db:	NVD	id:	CVE-2016-0864	date:	2016-02-13T02:59:03.963