CVE-2016-5782

HIGH

Locus Energy LGate < 1.05H, LGate 50, LGate 100, LGate 101, LGate 120, LGate 320 - Improper Input Validation

Title source: llm
STIX 2.1

Description

An issue was discovered in Locus Energy LGate prior to 1.05H, LGate 50, LGate 100, LGate 101, LGate 120, and LGate 320. Locus Energy meters use a PHP script to manage the energy meter parameters for voltage monitoring and network configuration. The PHP code does not properly validate information that is sent in the POST request.

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/94782
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/94698
Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-16-231-01-0

Scores

CVSS v3 8.6
EPSS 0.0207
EPSS Percentile 79.1%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

Details

CWE
CWE-20
Status published
Products (2)
locusenergy/lgate_firmware
n/a/Locus Energy LGate through 320 Locus Energy LGate through 320
Published Feb 13, 2017
Tracked Since Feb 18, 2026