Vulnerability Description
An issue was discovered in Locus Energy LGate prior to 1.05H, LGate 50, LGate 100, LGate 101, LGate 120, and LGate 320. Locus Energy meters use a PHP script to manage the energy meter parameters for voltage monitoring and network configuration. The PHP code does not properly validate information that is sent in the POST request.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Locusenergy | Lgate Firmware | - |
| Locusenergy | Lgate 100 | - |
| Locusenergy | Lgate 101 | - |
| Locusenergy | Lgate 120 | - |
| Locusenergy | Lgate 320 | - |
| Locusenergy | Lgate 50 | - |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/94698Third Party AdvisoryVDB Entry
- http://www.securityfocus.com/bid/94782Third Party AdvisoryVDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-16-231-01-0Third Party AdvisoryUS Government Resource
- http://www.securityfocus.com/bid/94698Third Party AdvisoryVDB Entry
- http://www.securityfocus.com/bid/94782Third Party AdvisoryVDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-16-231-01-0Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2016-5782?
CVE-2016-5782 is a vulnerability with a CVSS score of 8.6 (HIGH). An issue was discovered in Locus Energy LGate prior to 1.05H, LGate 50, LGate 100, LGate 101, LGate 120, and LGate 320. Locus Energy meters use a PHP script to manage the energy meter parameters for v...
How severe is CVE-2016-5782?
CVE-2016-5782 has been rated HIGH with a CVSS base score of 8.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-5782?
Check the references section above for vendor advisories and patch information. Affected products include: Locusenergy Lgate Firmware, Locusenergy Lgate 100, Locusenergy Lgate 101, Locusenergy Lgate 120, Locusenergy Lgate 320.