CVE-2016-5782 Information

Description

An issue was discovered in Locus Energy LGate prior to 1.05H LGate 50 LGate 100 LGate 101 LGate 120 and LGate 320. Locus Energy meters use a PHP script to manage the energy meter parameters for voltage monitoring and network configuration. The PHP code does not properly validate information that is sent in the POST request.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

Reference

http://www.securityfocus.com/bid/94698 http://www.securityfocus.com/bid/94782 https://ics-cert.us-cert.gov/advisories/ICSA-16-231-01-0

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

LOW

Base Score

LOW

Base Severity

8.6