Details of VAR-201604-0067

ID

VAR-201604-0067

CVE

CVE-2016-2294

TITLE

Accuenergy Acuvim II and Acuvim IIR of NET Firmware AXM-NET Vulnerability in obtaining plaintext mail server password in module

Trust: 0.8

sources: JVNDB: JVNDB-2016-002360

DESCRIPTION

The AXM-NET module in Accuenergy Acuvim II NET Firmware 3.08 and Acuvim IIR NET Firmware 3.08 allows remote attackers to discover a cleartext mail-server password via unspecified vectors. Accuenergy Acuvim II\IIR series are prone to multiple authentication-bypass vulnerabilities and an information-disclosure vulnerability. Attackers may exploit these issues to gain unauthorized access to restricted content by bypassing intended security restrictions or to obtain sensitive information that may aid in launching further attacks. Both Accuenergy Acuvim II and IIR are multi-functional network power meters of Accuenergy Company in the United States, which provide functions such as power parameter measurement, four-quadrant electric energy measurement and limit alarm. AXN-NET is one of the Ethernet module accessories

Trust: 1.98

sources: NVD: CVE-2016-2294 // JVNDB: JVNDB-2016-002360 // BID: 86082 // VULHUB: VHN-91113

AFFECTED PRODUCTS

vendor:	accuenergy	model:	acuvim iir net	scope:	lte	version:	3.08	Trust: 1.0
vendor:	accuenergy	model:	acuvim ii net	scope:	lte	version:	3.08	Trust: 1.0
vendor:	accuenergy	model:	acuvim ii	scope:	-	version:	-	Trust: 0.8
vendor:	accuenergy	model:	acuvim ii net	scope:	eq	version:	3.08	Trust: 0.8
vendor:	accuenergy	model:	acuvim iir	scope:	-	version:	-	Trust: 0.8
vendor:	accuenergy	model:	acuvim iir net	scope:	eq	version:	3.08	Trust: 0.8
vendor:	accuenergy	model:	acuvim iir	scope:	eq	version:	-	Trust: 0.6
vendor:	accuenergy	model:	acuvim ii	scope:	eq	version:	-	Trust: 0.6

sources: JVNDB: JVNDB-2016-002360 // CNNVD: CNNVD-201604-324 // NVD: CVE-2016-2294

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-2294
value:	HIGH
Trust: 1.0
NVD:	CVE-2016-2294
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201604-324
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-91113
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2016-2294
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-91113
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-2294
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-91113 // JVNDB: JVNDB-2016-002360 // CNNVD: CNNVD-201604-324 // NVD: CVE-2016-2294

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-91113 // JVNDB: JVNDB-2016-002360 // NVD: CVE-2016-2294

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201604-324

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201604-324

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-002360

PATCH

title:

Top Page

url:

https://www.accuenergy.com/

Trust: 0.8

sources: JVNDB: JVNDB-2016-002360

EXTERNAL IDS

db:	NVD	id:	CVE-2016-2294	Trust: 2.8
db:	ICS CERT	id:	ICSA-16-105-02	Trust: 2.5
db:	JVNDB	id:	JVNDB-2016-002360	Trust: 0.8
db:	CNNVD	id:	CNNVD-201604-324	Trust: 0.7
db:	BID	id:	86082	Trust: 0.3
db:	VULHUB	id:	VHN-91113	Trust: 0.1

sources: VULHUB: VHN-91113 // BID: 86082 // JVNDB: JVNDB-2016-002360 // CNNVD: CNNVD-201604-324 // NVD: CVE-2016-2294

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-16-105-02	Trust: 2.5
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2294	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-2294	Trust: 0.8

sources: VULHUB: VHN-91113 // JVNDB: JVNDB-2016-002360 // CNNVD: CNNVD-201604-324 // NVD: CVE-2016-2294

CREDITS

Maxim Rupp

Trust: 0.9

sources: BID: 86082 // CNNVD: CNNVD-201604-324

SOURCES

db:	VULHUB	id:	VHN-91113
db:	BID	id:	86082
db:	JVNDB	id:	JVNDB-2016-002360
db:	CNNVD	id:	CNNVD-201604-324
db:	NVD	id:	CVE-2016-2294

LAST UPDATE DATE

2025-04-12T23:16:45.866000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-91113	date:	2016-04-28T00:00:00
db:	BID	id:	86082	date:	2016-04-14T00:00:00
db:	JVNDB	id:	JVNDB-2016-002360	date:	2016-05-02T00:00:00
db:	CNNVD	id:	CNNVD-201604-324	date:	2016-04-22T00:00:00
db:	NVD	id:	CVE-2016-2294	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-91113	date:	2016-04-21T00:00:00
db:	BID	id:	86082	date:	2016-04-14T00:00:00
db:	JVNDB	id:	JVNDB-2016-002360	date:	2016-05-02T00:00:00
db:	CNNVD	id:	CNNVD-201604-324	date:	2016-04-15T00:00:00
db:	NVD	id:	CVE-2016-2294	date:	2016-04-21T11:00:11.073