Details of VAR-201609-0695

ID

VAR-201609-0695

TITLE

Schneider Electric PowerLogic PM8ECC Module Unauthorized Access Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2016-07658

DESCRIPTION

Schneider Electric PowerLogic PM8ECC is a communication module used by Schneider Electric (France) for 800 series meters. The Schneider Electric PowerLogic PM8ECC module has an unauthorized access vulnerability that allows an attacker to exploit this vulnerability to gain all permissions of the Web management interface and FTP.

Trust: 0.6

sources: CNVD: CNVD-2016-07658

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2016-07658

AFFECTED PRODUCTS

vendor:

schneider

model:

electric powerlogic pm8ecc

scope:

version:

Trust: 0.6

sources: CNVD: CNVD-2016-07658

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2016-07658
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2016-07658
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	8.5
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2016-07658

EXTERNAL IDS

db:

CNVD

id:

CNVD-2016-07658

Trust: 0.6

sources: CNVD: CNVD-2016-07658

SOURCES

db:

CNVD

id:

CNVD-2016-07658

LAST UPDATE DATE

2022-05-04T10:01:15.491000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2016-07658

date:

2016-09-19T00:00:00

SOURCES RELEASE DATE

db:

CNVD

id:

CNVD-2016-07658

date:

2016-09-19T00:00:00