← Back

CVE-2016-5815

nvd nist
Published: Feb 13, 2017Modified: May 13, 2026

JSON object

Loading...
9.8
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD

Description

An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and PM5XXX series. No authentication is configured by default. An unauthorized user can access the device management portal and make configuration changes.

Affected (6)

Schneider Electric
6 products
Ion5000
Ion7300
Ion7500
Ion7600
Ion8650
Ion8800
Configuration A
6 vulnerable
Vulnerable SoftwareAffected Versions
Ion5000
All versions
Ion7300
All versions
Ion7500
All versions
Ion7600
All versions
Ion8650
All versions
Ion8800
All versions

Related CWEs

CWE-284
Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (4)

Source: ics-cert@hq.dhs.gov
Third Party AdvisoryVDB Entry
Source: ics-cert@hq.dhs.gov
Third Party AdvisoryUS Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryUS Government Resource

Timeline

No history available yet.