Vulnerability Details : CVE-2016-5815
An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and PM5XXX series. No authentication is configured by default. An unauthorized user can access the device management portal and make configuration changes.
Vulnerability category: BypassGain privilege
Products affected by CVE-2016-5815
- cpe:2.3:h:schneider-electric:ion5000:-:*:*:*:*:*:*:*
- cpe:2.3:h:schneider-electric:ion8650:-:*:*:*:*:*:*:*
- cpe:2.3:h:schneider-electric:ion8800:-:*:*:*:*:*:*:*
- cpe:2.3:h:schneider-electric:ion7300:-:*:*:*:*:*:*:*
- cpe:2.3:h:schneider-electric:ion7500:-:*:*:*:*:*:*:*
- cpe:2.3:h:schneider-electric:ion7600:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-5815
0.21%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 59 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-5815
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2016-5815
-
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-5815
-
https://ics-cert.us-cert.gov/advisories/ICSA-16-308-03
Schneider Electric IONXXXX Series Power Meter Vulnerabilities | CISAThird Party Advisory;US Government Resource
-
http://www.securityfocus.com/bid/94091
Schneider Electric ION CVE-2016-5815 Series Security Bypass VulnerabilityThird Party Advisory;VDB Entry
Jump to