Schneider-Electric: >> Ion8800 Security Vulnerabilities
A CWE-494 Download of Code Without Integrity Check vulnerability exists that could allow
modified firmware to be uploaded when an authorized admin user begins a firmware update
procedure which could result in full control over the device.
CVSS Score
7.2
EPSS Score
0.0
Published
2023-11-15
A CWE-79 Improper Neutralization of Input During Web Page Generation vulnerability
exists that could cause compromise of a user’s browser when an attacker with admin privileges
has modified system values.
CVSS Score
4.8
EPSS Score
0.001
Published
2023-11-15
An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and PM5XXX series. There is no CSRF Token generated to authenticate the user during a session. Successful exploitation of this vulnerability can allow unauthorized configuration changes to be made and saved.
CVSS Score
8.8
EPSS Score
0.003
Published
2017-02-13
An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and PM5XXX series. No authentication is configured by default. An unauthorized user can access the device management portal and make configuration changes.
CVSS Score
9.8
EPSS Score
0.012
Published
2017-02-13