Lucene search

K

ION8650 Security Vulnerabilities

cve
cve

CVE-2023-5984

A CWE-494 Download of Code Without Integrity Check vulnerability exists that could allow modified firmware to be uploaded when an authorized admin user begins a firmware update procedure which could result in full control over the...

7.2CVSS

5.2AI Score

0.0005EPSS

2023-11-15 04:15 AM
17
cve
cve

CVE-2023-5985

A CWE-79 Improper Neutralization of Input During Web Page Generation vulnerability exists that could cause compromise of a user’s browser when an attacker with admin privileges has modified system...

4.8CVSS

5.1AI Score

0.0004EPSS

2023-11-15 04:15 AM
10
cve
cve

CVE-2022-46680

A CWE-319: Cleartext transmission of sensitive information vulnerability exists that could cause disclosure of sensitive information, denial of service, or modification of data if an attacker is able to intercept network...

9.8CVSS

9.2AI Score

0.001EPSS

2023-05-22 02:15 PM
25
cve
cve

CVE-2021-22713

A CWE-119:Improper restriction of operations within the bounds of a memory buffer vulnerability exists in PowerLogic ION8650, ION8800, ION7650, ION7700/73xx, and ION83xx/84xx/85xx/8600 (see security notifcation for affected versions), which could cause the meter to...

7.5CVSS

7.5AI Score

0.001EPSS

2021-03-11 09:15 PM
33
3
cve
cve

CVE-2021-22702

A CWE-319: Cleartext transmission of sensitive information vulnerability exists in PowerLogic ION7400, ION7650, ION7700/73xx, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notification for affected versions), that could cause disclosure of user credentials when a malicious actor....

7.5CVSS

7.2AI Score

0.001EPSS

2021-02-19 04:15 PM
24
3
cve
cve

CVE-2021-22703

A CWE-319: Cleartext transmission of sensitive information vulnerability exists in PowerLogic ION7400, ION7650, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notification for affected versions), that could cause disclosure of user credentials when a malicious actor intercepts...

7.5CVSS

7.3AI Score

0.001EPSS

2021-02-19 04:15 PM
29
3
cve
cve

CVE-2021-22701

A CWE-352: Cross-Site Request Forgery vulnerability exists in PowerLogic ION7400, ION7650, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notification for affected versions), that could cause a user to perform an unintended action on the target device when using the HTTP web...

4.5CVSS

4.7AI Score

0.0004EPSS

2021-02-19 04:15 PM
30
5
cve
cve

CVE-2016-5815

An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and PM5XXX series. No authentication is configured by default. An unauthorized user can access the device management portal and make...

9.8CVSS

9.4AI Score

0.002EPSS

2017-02-13 09:59 PM
30
cve
cve

CVE-2016-5809

An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and PM5XXX series. There is no CSRF Token generated to authenticate the user during a session. Successful exploitation of this vulnerability can....

8.8CVSS

8.4AI Score

0.002EPSS

2017-02-13 09:59 PM
41