Details of VAR-201602-0024

ID

VAR-201602-0024

CVE

CVE-2016-0866

TITLE

Tollgrade SmartGrid LightHouse Sensor Management System Software EMS Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2016-001458

DESCRIPTION

Cross-site scripting (XSS) vulnerability in Tollgrade SmartGrid LightHouse Sensor Management System (SMS) Software EMS before 5.1, and 4.1.0 Build 16, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors

Trust: 1.8

sources: NVD: CVE-2016-0866 // JVNDB: JVNDB-2016-001458 // VULHUB: VHN-88376 // VULMON: CVE-2016-0866

IOT TAXONOMY

category:

['embedded device']

sub_category:

smart grid sensor

Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:	tollgrade	model:	smartgrid lighthouse sensor management system	scope:	eq	version:	4.1.0	Trust: 1.6
vendor:	tollgrade	model:	smartgrid lighthouse sensor management system	scope:	lte	version:	5.0	Trust: 1.0
vendor:	tollgrade	model:	lighthouse sensor management system	scope:	eq	version:	4.1.0 build 16	Trust: 0.8
vendor:	tollgrade	model:	lighthouse sensor management system	scope:	lt	version:	5.1	Trust: 0.8
vendor:	tollgrade	model:	smartgrid lighthouse sensor management system	scope:	eq	version:	5.0	Trust: 0.6

sources: JVNDB: JVNDB-2016-001458 // CNNVD: CNNVD-201602-265 // NVD: CVE-2016-0866

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-0866
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2016-0866
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201602-265
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-88376
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2016-0866
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2016-0866
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-88376
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-0866
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.0
Trust: 1.0

sources: VULHUB: VHN-88376 // VULMON: CVE-2016-0866 // JVNDB: JVNDB-2016-001458 // CNNVD: CNNVD-201602-265 // NVD: CVE-2016-0866

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-88376 // JVNDB: JVNDB-2016-001458 // NVD: CVE-2016-0866

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201602-265

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201602-265

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-001458

PATCH

title:	Smart Grid	url:	http://www.tollgrade.com/smartgrid/smart-grid-products/predictivegrid-analytics-software/	Trust: 0.8
title:	Tollgrade SmartGrid LightHouse Sensor Management System Software Fixes for cross-site scripting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=60206	Trust: 0.6

sources: JVNDB: JVNDB-2016-001458 // CNNVD: CNNVD-201602-265

EXTERNAL IDS

db:	NVD	id:	CVE-2016-0866	Trust: 2.7
db:	ICS CERT	id:	ICSA-16-040-01	Trust: 2.6
db:	JVNDB	id:	JVNDB-2016-001458	Trust: 0.8
db:	CNNVD	id:	CNNVD-201602-265	Trust: 0.7
db:	OTHER	id:	NONE	Trust: 0.1
db:	VULHUB	id:	VHN-88376	Trust: 0.1
db:	VULMON	id:	CVE-2016-0866	Trust: 0.1

sources: OTHER: None // VULHUB: VHN-88376 // VULMON: CVE-2016-0866 // JVNDB: JVNDB-2016-001458 // CNNVD: CNNVD-201602-265 // NVD: CVE-2016-0866

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-16-040-01	Trust: 2.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0866	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-0866	Trust: 0.8
url:	https://ieeexplore.ieee.org/abstract/document/10769424	Trust: 0.1
url:	https://cwe.mitre.org/data/definitions/79.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: OTHER: None // VULHUB: VHN-88376 // VULMON: CVE-2016-0866 // JVNDB: JVNDB-2016-001458 // CNNVD: CNNVD-201602-265 // NVD: CVE-2016-0866

SOURCES

db:	OTHER	id:	-
db:	VULHUB	id:	VHN-88376
db:	VULMON	id:	CVE-2016-0866
db:	JVNDB	id:	JVNDB-2016-001458
db:	CNNVD	id:	CNNVD-201602-265
db:	NVD	id:	CVE-2016-0866

LAST UPDATE DATE

2025-04-13T21:03:11.372000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-88376	date:	2016-02-18T00:00:00
db:	VULMON	id:	CVE-2016-0866	date:	2016-02-18T00:00:00
db:	JVNDB	id:	JVNDB-2016-001458	date:	2016-02-19T00:00:00
db:	CNNVD	id:	CNNVD-201602-265	date:	2016-02-16T00:00:00
db:	NVD	id:	CVE-2016-0866	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-88376	date:	2016-02-13T00:00:00
db:	VULMON	id:	CVE-2016-0866	date:	2016-02-13T00:00:00
db:	JVNDB	id:	JVNDB-2016-001458	date:	2016-02-19T00:00:00
db:	CNNVD	id:	CNNVD-201602-265	date:	2016-02-16T00:00:00
db:	NVD	id:	CVE-2016-0866	date:	2016-02-13T02:59:05.947