Sign-up

ID

VAR-201702-0428


CVE

CVE-2016-5818


TITLE

Schneider Electric PowerLogic PM8ECC Security Bypass Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2016-10041 // CNNVD: CNNVD-201610-478

DESCRIPTION

An issue was discovered in Schneider Electric PowerLogic PM8ECC device 2.651 and older. Undocumented hard-coded credentials allow access to the device. Schneider Electric PowerLogic PM8ECC for PowerMeter 800 versions prior to 2.651 have a security bypass vulnerability that could be exploited by an attacker to bypass security restrictions and perform unauthorized operations. Attackers can exploit this issue to bypass the authentication mechanism and gain access to the vulnerable device

Trust: 2.52

sources: NVD: CVE-2016-5818 // JVNDB: JVNDB-2016-007629 // CNVD: CNVD-2016-10041 // BID: 93602 // VULHUB: VHN-94637

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2016-10041

AFFECTED PRODUCTS

vendor:schneider electricmodel:powerlogic pm8eccscope:eqversion:2.651

Trust: 1.9

vendor:schneider electricmodel:powerlogic pm8eccscope: - version: -

Trust: 0.8

vendor:schneider electricmodel:powerlogic pm8eccscope:lteversion:2.651

Trust: 0.8

vendor:schneidermodel:electric powerlogic pm8eccscope:lteversion:<=2.651

Trust: 0.6

sources: CNVD: CNVD-2016-10041 // BID: 93602 // JVNDB: JVNDB-2016-007629 // CNNVD: CNNVD-201610-478 // NVD: CVE-2016-5818

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-5818
value: CRITICAL

Trust: 1.0

NVD: CVE-2016-5818
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2016-10041
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201610-478
value: HIGH

Trust: 0.6

VULHUB: VHN-94637
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2016-5818
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2016-10041
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-94637
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-5818
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2016-10041 // VULHUB: VHN-94637 // JVNDB: JVNDB-2016-007629 // CNNVD: CNNVD-201610-478 // NVD: CVE-2016-5818

PROBLEMTYPE DATA

problemtype:CWE-798

Trust: 1.9

sources: VULHUB: VHN-94637 // JVNDB: JVNDB-2016-007629 // NVD: CVE-2016-5818

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201610-478

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201610-478

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-007629

PATCH
title:PM8ECCurl:http://www.schneider-electric.com/en/product/PM8ECC/ethernet-communication-module---10-100basetx-utp-port
Trust: 0.8
title:Patch for Schneider Electric PowerLogic PM8ECC Security Bypass Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/83039
Trust: 0.6
title:Schneider Electric PowerLogic PM8ECC Repair measures for security bypass vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=64847
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2016-10041 // 
            
            
            
            JVNDB: JVNDB-2016-007629 // 
            
            
            
            CNNVD: CNNVD-201610-478

EXTERNAL IDS
db:NVDid:CVE-2016-5818
Trust: 3.4
db:ICS CERTid:ICSA-16-292-01
Trust: 2.8
db:BIDid:93602
Trust: 2.6
db:JVNDBid:JVNDB-2016-007629
Trust: 0.8
db:CNNVDid:CNNVD-201610-478
Trust: 0.7
db:CNVDid:CNVD-2016-10041
Trust: 0.6
db:SEEBUGid:SSVID-91958
Trust: 0.1
db:VULHUBid:VHN-94637
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2016-10041 // 
            
            
            
            VULHUB: VHN-94637 // 
            
            
            
            BID: 93602 // 
            
            
            
            JVNDB: JVNDB-2016-007629 // 
            
            
            
            CNNVD: CNNVD-201610-478 // 
            
            
            
            NVD: CVE-2016-5818

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-16-292-01
Trust: 2.8
url:http://www.securityfocus.com/bid/93602
Trust: 2.3
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5818
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-5818
Trust: 0.8
url:http://www.schneider-electric.com/site/home/index.cfm/ww/?selectcountry=true
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2016-10041 // 
            
            
            
            VULHUB: VHN-94637 // 
            
            
            
            BID: 93602 // 
            
            
            
            JVNDB: JVNDB-2016-007629 // 
            
            
            
            CNNVD: CNNVD-201610-478 // 
            
            
            
            NVD: CVE-2016-5818

CREDITS
He Congwen.
Trust: 0.9
sources:
            
            
            BID: 93602 // 
            
            
            
            CNNVD: CNNVD-201610-478

SOURCES
db:CNVDid:CNVD-2016-10041
db:VULHUBid:VHN-94637
db:BIDid:93602
db:JVNDBid:JVNDB-2016-007629
db:CNNVDid:CNNVD-201610-478
db:NVDid:CVE-2016-5818

LAST UPDATE DATE
2024-11-23T22:30:51.308000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2016-10041date:2016-10-26T00:00:00
db:VULHUBid:VHN-94637date:2017-02-17T00:00:00
db:BIDid:93602date:2016-10-26T02:08:00
db:JVNDBid:JVNDB-2016-007629date:2017-03-08T00:00:00
db:CNNVDid:CNNVD-201610-478date:2016-10-19T00:00:00
db:NVDid:CVE-2016-5818date:2024-11-21T02:55:04.053

SOURCES RELEASE DATE
db:CNVDid:CNVD-2016-10041date:2016-10-26T00:00:00
db:VULHUBid:VHN-94637date:2017-02-13T00:00:00
db:BIDid:93602date:2016-10-18T00:00:00
db:JVNDBid:JVNDB-2016-007629date:2017-03-08T00:00:00
db:CNNVDid:CNNVD-201610-478date:2016-10-19T00:00:00
db:NVDid:CVE-2016-5818date:2017-02-13T21:59:00.533