← back
CVE-2016-5809

CVE-2016-5809

EPSS 2.0%
An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and PM5XXX series. There is no CSRF Token generated to authenticate the user during a session. Successful exploitation of this vulnerability can allow unauthorized configuration changes to be made and saved.
Affected products
n/a · Schneider Electric IONXXXX Series
public PoCs found2
cve_referencewww.exploit-db.com/exploits/44640/unverifiedexploitdbwww.exploit-db.com/exploits/44640unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://ics-cert.us-cert.gov/advisories/ICSA-16-308-03https://www.exploit-db.com/exploits/44640/http://www.securityfocus.com/bid/92916