Description
An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and PM5XXX series. There is no CSRF Token generated to authenticate the user during a session. Successful exploitation of this vulnerability can allow unauthorized configuration changes to be made and saved.
Exploits (1)
References (3)
Core 3
Core References
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/44640/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/92916
Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-16-308-03
Scores
CVSS v3
8.8
EPSS
0.0093
EPSS Percentile
76.2%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-352
Status
published
Products (7)
n/a/Schneider Electric IONXXXX Series
Schneider Electric IONXXXX Series
schneider-electric/ion5000
schneider-electric/ion7300
schneider-electric/ion7500
schneider-electric/ion7600
schneider-electric/ion8650
schneider-electric/ion8800
Published
Feb 13, 2017
Tracked Since
Feb 18, 2026