Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2016-5815

An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and PM5XXX series. No authentication is configured by default. An unauthorized user can access the device management portal and make configuration changes.

Published

2017-02-13T21:59:00.503

Last Modified

2025-04-20T01:37:25.860

Status

Deferred

Source

[email protected]

Severity

CVSSv3.0: 9.8 (CRITICAL)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: PARTIAL
  • Availability Impact: PARTIAL
Exploitability Score

10.0

Impact Score

6.4

Weaknesses
  • Type: Primary
    CWE-284
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Hardware schneider-electric ion5000 - Yes
Hardware schneider-electric ion7300 - Yes
Hardware schneider-electric ion7500 - Yes
Hardware schneider-electric ion7600 - Yes
Hardware schneider-electric ion8650 - Yes
Hardware schneider-electric ion8800 - Yes
References