Sign-up

ID

VAR-201702-0424


CVE

CVE-2016-5809


TITLE

plural Schneider Electric of IONXXXX Series and PM5XXX Vulnerability to execute unauthenticated setting change in series power meter

Trust: 0.8

sources: JVNDB: JVNDB-2016-007981

DESCRIPTION

An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and PM5XXX series. There is no CSRF Token generated to authenticate the user during a session. Successful exploitation of this vulnerability can allow unauthorized configuration changes to be made and saved. SchneiderElectricIONPowerMeter is an electric energy meter. SchneiderElectricIONPowerMeter has a cross-site request forgery vulnerability. The remote attacker is allowed to exploit the vulnerability to perform certain unauthorized operations and access to the affected device because the program failed to properly validate the HTTP request. are all power quality analysis instruments of French Schneider Electric (Schneider Electric). The vulnerability stems from the program not properly validating HTTP requests

Trust: 2.52

sources: NVD: CVE-2016-5809 // JVNDB: JVNDB-2016-007981 // CNVD: CNVD-2016-07831 // BID: 92916 // VULHUB: VHN-94628

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2016-07831

AFFECTED PRODUCTS

vendor:schneider electricmodel:ion7500scope:eqversion: -

Trust: 1.6

vendor:schneider electricmodel:ion8800scope:eqversion: -

Trust: 1.6

vendor:schneider electricmodel:ion7600scope:eqversion: -

Trust: 1.6

vendor:schneider electricmodel:ion8650scope:eqversion: -

Trust: 1.6

vendor:schneider electricmodel:ion7300scope:eqversion: -

Trust: 1.6

vendor:schneider electricmodel:ion5000scope:eqversion: -

Trust: 1.6

vendor:schneider electricmodel:ion73xxscope:eqversion:series

Trust: 0.8

vendor:schneider electricmodel:ion75xxscope:eqversion:series

Trust: 0.8

vendor:schneider electricmodel:ion76xxscope:eqversion:series

Trust: 0.8

vendor:schneider electricmodel:ion8650scope:eqversion:series

Trust: 0.8

vendor:schneider electricmodel:ion8800scope:eqversion:series

Trust: 0.8

vendor:schneider electricmodel:pm5xxxscope:eqversion:series

Trust: 0.8

vendor:schneidermodel:electric ion7300 power meterscope:eqversion:0

Trust: 0.6

vendor:schneidermodel:electric ion7500 power meterscope:eqversion:0

Trust: 0.6

vendor:schneidermodel:electric ion7600 power meterscope:eqversion:0

Trust: 0.6

vendor:schneidermodel:electric ion8650 power meterscope:eqversion:0

Trust: 0.6

vendor:schneidermodel:electric ion8800 power meterscope:eqversion:0

Trust: 0.6

vendor:schneidermodel:electric ionpm5000 power meterscope:eqversion:0

Trust: 0.6

vendor:schneider electricmodel:ionpm5000 power meterscope:eqversion:0

Trust: 0.3

vendor:schneider electricmodel:ion8800 power meterscope:eqversion:0

Trust: 0.3

vendor:schneider electricmodel:ion8650 power meterscope:eqversion:0

Trust: 0.3

vendor:schneider electricmodel:ion7600 power meterscope:eqversion:0

Trust: 0.3

vendor:schneider electricmodel:ion7500 power meterscope:eqversion:0

Trust: 0.3

vendor:schneider electricmodel:ion7300 power meterscope:eqversion:0

Trust: 0.3

sources: CNVD: CNVD-2016-07831 // BID: 92916 // JVNDB: JVNDB-2016-007981 // CNNVD: CNNVD-201611-087 // NVD: CVE-2016-5809

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-5809
value: HIGH

Trust: 1.0

NVD: CVE-2016-5809
value: HIGH

Trust: 0.8

CNVD: CNVD-2016-07831
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201611-087
value: MEDIUM

Trust: 0.6

VULHUB: VHN-94628
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-5809
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2016-07831
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-94628
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-5809
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2016-07831 // VULHUB: VHN-94628 // JVNDB: JVNDB-2016-007981 // CNNVD: CNNVD-201611-087 // NVD: CVE-2016-5809

PROBLEMTYPE DATA

problemtype:CWE-352

Trust: 1.9

sources: VULHUB: VHN-94628 // JVNDB: JVNDB-2016-007981 // NVD: CVE-2016-5809

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201611-087

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201611-087

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-007981

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-94628

PATCH
title:SEVD-2016-256-02url:http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2016-256-02
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2016-007981

EXTERNAL IDS
db:NVDid:CVE-2016-5809
Trust: 2.8
db:BIDid:92916
Trust: 2.6
db:ICS CERTid:ICSA-16-308-03
Trust: 2.0
db:ICS CERT ALERTid:ICS-ALERT-16-256-02
Trust: 1.7
db:EXPLOIT-DBid:44640
Trust: 1.1
db:JVNDBid:JVNDB-2016-007981
Trust: 0.8
db:CNNVDid:CNNVD-201611-087
Trust: 0.7
db:CNVDid:CNVD-2016-07831
Trust: 0.6
db:PACKETSTORMid:147677
Trust: 0.1
db:VULHUBid:VHN-94628
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2016-07831 // 
            
            
            
            VULHUB: VHN-94628 // 
            
            
            
            BID: 92916 // 
            
            
            
            JVNDB: JVNDB-2016-007981 // 
            
            
            
            CNNVD: CNNVD-201611-087 // 
            
            
            
            NVD: CVE-2016-5809

REFERENCES
url:http://www.securityfocus.com/bid/92916
Trust: 2.3
url:https://ics-cert.us-cert.gov/advisories/icsa-16-308-03
Trust: 2.0
url:https://ics-cert.us-cert.gov/alerts/ics-alert-16-256-02
Trust: 1.7
url:https://www.exploit-db.com/exploits/44640/
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5809
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2016-5809
Trust: 0.8
url:http://www.schneider-electric.us/en/download/document/70012-0260-00/
Trust: 0.3
url:http://www.schneider-electric.com/site/home/index.cfm/ww/?selectcountry=true
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2016-07831 // 
            
            
            
            VULHUB: VHN-94628 // 
            
            
            
            BID: 92916 // 
            
            
            
            JVNDB: JVNDB-2016-007981 // 
            
            
            
            CNNVD: CNNVD-201611-087 // 
            
            
            
            NVD: CVE-2016-5809

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 92916

SOURCES
db:CNVDid:CNVD-2016-07831
db:VULHUBid:VHN-94628
db:BIDid:92916
db:JVNDBid:JVNDB-2016-007981
db:CNNVDid:CNNVD-201611-087
db:NVDid:CVE-2016-5809

LAST UPDATE DATE
2025-04-20T23:26:13.691000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2016-07831date:2016-09-22T00:00:00
db:VULHUBid:VHN-94628date:2018-05-20T00:00:00
db:BIDid:92916date:2016-11-24T01:07:00
db:JVNDBid:JVNDB-2016-007981date:2017-04-04T00:00:00
db:CNNVDid:CNNVD-201611-087date:2016-11-08T00:00:00
db:NVDid:CVE-2016-5809date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2016-07831date:2016-09-22T00:00:00
db:VULHUBid:VHN-94628date:2017-02-13T00:00:00
db:BIDid:92916date:2016-09-12T00:00:00
db:JVNDBid:JVNDB-2016-007981date:2017-04-04T00:00:00
db:CNNVDid:CNNVD-201611-087date:2016-09-12T00:00:00
db:NVDid:CVE-2016-5809date:2017-02-13T21:59:00.407