1. Home
  2. CVE Database
  3. CVE-2016-5809
HIGH · 8.8

CVE-2016-5809

An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and PM5XXX series. There is no CSRF Token gene...

Vulnerability Description

An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and PM5XXX series. There is no CSRF Token generated to authenticate the user during a session. Successful exploitation of this vulnerability can allow unauthorized configuration changes to be made and saved.

CVSS Score

8.8

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
Schneider-ElectricIon5000-
Schneider-ElectricIon7300-
Schneider-ElectricIon7500-
Schneider-ElectricIon7600-
Schneider-ElectricIon8650-
Schneider-ElectricIon8800-

Related Weaknesses (CWE)

CWE-352

References

FAQ

What is CVE-2016-5809?

CVE-2016-5809 is a vulnerability with a CVSS score of 8.8 (HIGH). An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and PM5XXX series. There is no CSRF Token gene...

How severe is CVE-2016-5809?

CVE-2016-5809 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2016-5809?

Check the references section above for vendor advisories and patch information. Affected products include: Schneider-Electric Ion5000, Schneider-Electric Ion7300, Schneider-Electric Ion7500, Schneider-Electric Ion7600, Schneider-Electric Ion8650.