Search
Find a vulnerability
Search criteria
4 vulnerabilities found for ion7500 by schneider-electric
CVE-2016-5815 (GCVE-0-2016-5815)
Vulnerability from nvd – Published: 2017-02-13 21:00 – Updated: 2024-08-06 01:15
VLAI
Summary
An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and PM5XXX series. No authentication is configured by default. An unauthorized user can access the device management portal and make configuration changes.
Severity
No CVSS data available.
CWE
- Schneider Electric IONXXXX Series Power Meter Vulnerabilities
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/94091 | vdb-entryx_refsource_BID |
| https://ics-cert.us-cert.gov/advisories/ICSA-16-308-03 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Schneider Electric IONXXXX Series Power Meter Vulnerabilities |
Affected:
Schneider Electric IONXXXX Series Power Meter Vulnerabilities
|
Date Public
2017-02-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:15:09.863Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "94091",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94091"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-308-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Schneider Electric IONXXXX Series Power Meter Vulnerabilities",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Schneider Electric IONXXXX Series Power Meter Vulnerabilities"
}
]
}
],
"datePublic": "2017-02-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and PM5XXX series. No authentication is configured by default. An unauthorized user can access the device management portal and make configuration changes."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Schneider Electric IONXXXX Series Power Meter Vulnerabilities",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-14T10:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "94091",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94091"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-308-03"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2016-5815",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Schneider Electric IONXXXX Series Power Meter Vulnerabilities",
"version": {
"version_data": [
{
"version_value": "Schneider Electric IONXXXX Series Power Meter Vulnerabilities"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and PM5XXX series. No authentication is configured by default. An unauthorized user can access the device management portal and make configuration changes."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Schneider Electric IONXXXX Series Power Meter Vulnerabilities"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94091",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94091"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-308-03",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-308-03"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2016-5815",
"datePublished": "2017-02-13T21:00:00.000Z",
"dateReserved": "2016-06-23T00:00:00.000Z",
"dateUpdated": "2024-08-06T01:15:09.863Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-5809 (GCVE-0-2016-5809)
Vulnerability from nvd – Published: 2017-02-13 21:00 – Updated: 2024-08-06 01:15
VLAI
Summary
An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and PM5XXX series. There is no CSRF Token generated to authenticate the user during a session. Successful exploitation of this vulnerability can allow unauthorized configuration changes to be made and saved.
Severity
No CVSS data available.
CWE
- Schneider Electric IONXXXX Series csrf
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/44640/ | exploitx_refsource_EXPLOIT-DB |
| http://www.securityfocus.com/bid/92916 | vdb-entryx_refsource_BID |
| https://ics-cert.us-cert.gov/advisories/ICSA-16-308-03 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Schneider Electric IONXXXX Series |
Affected:
Schneider Electric IONXXXX Series
|
Date Public
2017-02-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:15:10.763Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "44640",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/44640/"
},
{
"name": "92916",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92916"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-308-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Schneider Electric IONXXXX Series",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Schneider Electric IONXXXX Series"
}
]
}
],
"datePublic": "2017-02-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and PM5XXX series. There is no CSRF Token generated to authenticate the user during a session. Successful exploitation of this vulnerability can allow unauthorized configuration changes to be made and saved."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Schneider Electric IONXXXX Series csrf",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-19T09:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "44640",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/44640/"
},
{
"name": "92916",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92916"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-308-03"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2016-5809",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Schneider Electric IONXXXX Series",
"version": {
"version_data": [
{
"version_value": "Schneider Electric IONXXXX Series"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and PM5XXX series. There is no CSRF Token generated to authenticate the user during a session. Successful exploitation of this vulnerability can allow unauthorized configuration changes to be made and saved."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Schneider Electric IONXXXX Series csrf"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "44640",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44640/"
},
{
"name": "92916",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92916"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-308-03",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-308-03"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2016-5809",
"datePublished": "2017-02-13T21:00:00.000Z",
"dateReserved": "2016-06-23T00:00:00.000Z",
"dateUpdated": "2024-08-06T01:15:10.763Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-5815 (GCVE-0-2016-5815)
Vulnerability from cvelistv5 – Published: 2017-02-13 21:00 – Updated: 2024-08-06 01:15
VLAI
Summary
An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and PM5XXX series. No authentication is configured by default. An unauthorized user can access the device management portal and make configuration changes.
Severity
No CVSS data available.
CWE
- Schneider Electric IONXXXX Series Power Meter Vulnerabilities
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/94091 | vdb-entryx_refsource_BID |
| https://ics-cert.us-cert.gov/advisories/ICSA-16-308-03 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Schneider Electric IONXXXX Series Power Meter Vulnerabilities |
Affected:
Schneider Electric IONXXXX Series Power Meter Vulnerabilities
|
Date Public
2017-02-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:15:09.863Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "94091",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94091"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-308-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Schneider Electric IONXXXX Series Power Meter Vulnerabilities",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Schneider Electric IONXXXX Series Power Meter Vulnerabilities"
}
]
}
],
"datePublic": "2017-02-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and PM5XXX series. No authentication is configured by default. An unauthorized user can access the device management portal and make configuration changes."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Schneider Electric IONXXXX Series Power Meter Vulnerabilities",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-14T10:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "94091",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94091"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-308-03"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2016-5815",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Schneider Electric IONXXXX Series Power Meter Vulnerabilities",
"version": {
"version_data": [
{
"version_value": "Schneider Electric IONXXXX Series Power Meter Vulnerabilities"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and PM5XXX series. No authentication is configured by default. An unauthorized user can access the device management portal and make configuration changes."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Schneider Electric IONXXXX Series Power Meter Vulnerabilities"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94091",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94091"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-308-03",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-308-03"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2016-5815",
"datePublished": "2017-02-13T21:00:00.000Z",
"dateReserved": "2016-06-23T00:00:00.000Z",
"dateUpdated": "2024-08-06T01:15:09.863Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-5809 (GCVE-0-2016-5809)
Vulnerability from cvelistv5 – Published: 2017-02-13 21:00 – Updated: 2024-08-06 01:15
VLAI
Summary
An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and PM5XXX series. There is no CSRF Token generated to authenticate the user during a session. Successful exploitation of this vulnerability can allow unauthorized configuration changes to be made and saved.
Severity
No CVSS data available.
CWE
- Schneider Electric IONXXXX Series csrf
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/44640/ | exploitx_refsource_EXPLOIT-DB |
| http://www.securityfocus.com/bid/92916 | vdb-entryx_refsource_BID |
| https://ics-cert.us-cert.gov/advisories/ICSA-16-308-03 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Schneider Electric IONXXXX Series |
Affected:
Schneider Electric IONXXXX Series
|
Date Public
2017-02-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:15:10.763Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "44640",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/44640/"
},
{
"name": "92916",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92916"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-308-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Schneider Electric IONXXXX Series",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Schneider Electric IONXXXX Series"
}
]
}
],
"datePublic": "2017-02-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and PM5XXX series. There is no CSRF Token generated to authenticate the user during a session. Successful exploitation of this vulnerability can allow unauthorized configuration changes to be made and saved."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Schneider Electric IONXXXX Series csrf",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-19T09:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "44640",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/44640/"
},
{
"name": "92916",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92916"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-308-03"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2016-5809",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Schneider Electric IONXXXX Series",
"version": {
"version_data": [
{
"version_value": "Schneider Electric IONXXXX Series"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and PM5XXX series. There is no CSRF Token generated to authenticate the user during a session. Successful exploitation of this vulnerability can allow unauthorized configuration changes to be made and saved."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Schneider Electric IONXXXX Series csrf"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "44640",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44640/"
},
{
"name": "92916",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92916"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-308-03",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-308-03"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2016-5809",
"datePublished": "2017-02-13T21:00:00.000Z",
"dateReserved": "2016-06-23T00:00:00.000Z",
"dateUpdated": "2024-08-06T01:15:10.763Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}