CVE-2016-5809

HIGH

Schneider Electric IONXXXX Series - Cross-Site Request Forgery

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-5809. PoCs published by t4rkd3vilz.

AI-analyzed exploit summary This is a CSRF PoC for CVE-2016-5809, targeting Schneider Electric IONXXXX series devices. It demonstrates how an attacker can trick a user into submitting a malicious form to modify device configurations.

Description

An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and PM5XXX series. There is no CSRF Token generated to authenticate the user during a session. Successful exploitation of this vulnerability can allow unauthorized configuration changes to be made and saved.

Exploits (1)

exploitdb WORKING POC
by t4rkd3vilz · textwebappslinux
https://www.exploit-db.com/exploits/44640

This is a CSRF PoC for CVE-2016-5809, targeting Schneider Electric IONXXXX series devices. It demonstrates how an attacker can trick a user into submitting a malicious form to modify device configurations.

Classification
Working Poc 90%
Attack Type
Other
Complexity
Trivial
Reliability
Reliable
Target: Schneider Electric ION73XX, ION75XX, ION76XX, ION8650, ION8800, PM5XXX series
Auth required
Prerequisites: Victim must be authenticated to the target device · Victim must be tricked into submitting the form
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/44640/
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/92916
Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-16-308-03

Scores

CVSS v3 8.8
EPSS 0.0204
EPSS Percentile 78.7%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-352
Status published
Products (7)
n/a/Schneider Electric IONXXXX Series Schneider Electric IONXXXX Series
schneider-electric/ion5000
schneider-electric/ion7300
schneider-electric/ion7500
schneider-electric/ion7600
schneider-electric/ion8650
schneider-electric/ion8800
Published Feb 13, 2017
Tracked Since Feb 18, 2026