CVE-2016-5782

EPSS 0.88%
Veröffentlicht 13.02.2017 21:59:00
Zuletzt bearbeitet 20.04.2025 01:37:25
Quelle ics-cert@hq.dhs.gov
CVE-Watchlists
Login
Unerledigt
Login

An issue was discovered in Locus Energy LGate prior to 1.05H, LGate 50, LGate 100, LGate 101, LGate 120, and LGate 320. Locus Energy meters use a PHP script to manage the energy meter parameters for voltage monitoring and network configuration. The PHP code does not properly validate information that is sent in the POST request.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Locusenergy ≫ Lgate Firmware Version-

   Locusenergy ≫ Lgate 100 Version-
   Locusenergy ≫ Lgate 101 Version-
   Locusenergy ≫ Lgate 120 Version-
   Locusenergy ≫ Lgate 320 Version-
   Locusenergy ≫ Lgate 50 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.88%	0.731

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.6	3.9	4.7	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.securityfocus.com/bid/94698

Third Party Advisory

VDB Entry

http://www.securityfocus.com/bid/94782

Third Party Advisory

VDB Entry

https://ics-cert.us-cert.gov/advisories/ICSA-16-231-01-0

Third Party Advisory

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2016-5782

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-5782

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-5782

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2016-5782