Vulnerability Details : CVE-2016-5782
An issue was discovered in Locus Energy LGate prior to 1.05H, LGate 50, LGate 100, LGate 101, LGate 120, and LGate 320. Locus Energy meters use a PHP script to manage the energy meter parameters for voltage monitoring and network configuration. The PHP code does not properly validate information that is sent in the POST request.
Vulnerability category: Input validation
Products affected by CVE-2016-5782
- cpe:2.3:o:locusenergy:lgate_firmware:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-5782
0.88%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 73 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-5782
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
|
8.6
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L |
3.9
|
4.7
|
NIST |
CWE ids for CVE-2016-5782
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-5782
-
http://www.securityfocus.com/bid/94698
Multple Locus Energy LGate products Products CVE-2016-5782 Command Injection VulnerabilityThird Party Advisory;VDB Entry
-
http://www.securityfocus.com/bid/94782
Sauter NovaWeb Web HMI CVE-2016-10224 Authentication Bypass VulnerabilityVDB Entry;Third Party Advisory
-
https://ics-cert.us-cert.gov/advisories/ICSA-16-231-01-0
Locus Energy LGate Command Injection Vulnerability | CISAThird Party Advisory;US Government Resource
Jump to