High severity8.8NVD Advisory· Published Feb 13, 2017· Updated May 13, 2026

CVE-2016-5809

Description

An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and PM5XXX series. There is no CSRF Token generated to authenticate the user during a session. Successful exploitation of this vulnerability can allow unauthorized configuration changes to be made and saved.

Affected products

N/a/Schneider Electric Ionxxxx Seriesv5
Range: Schneider Electric IONXXXX Series
Schneider Electric/Ion5000
cpe:2.3:h:schneider-electric:ion5000:-:*:*:*:*:*:*:*
Schneider Electric/Ion7300
cpe:2.3:h:schneider-electric:ion7300:-:*:*:*:*:*:*:*
Schneider Electric/Ion7500
cpe:2.3:h:schneider-electric:ion7500:-:*:*:*:*:*:*:*
Schneider Electric/Ion7600
cpe:2.3:h:schneider-electric:ion7600:-:*:*:*:*:*:*:*
Schneider Electric/Ion8650
cpe:2.3:h:schneider-electric:ion8650:-:*:*:*:*:*:*:*
Schneider Electric/Ion8800
cpe:2.3:h:schneider-electric:ion8800:-:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/92916nvdThird Party AdvisoryVDB Entry
ics-cert.us-cert.gov/advisories/ICSA-16-308-03nvdThird Party AdvisoryUS Government Resource
www.exploit-db.com/exploits/44640/nvd

News mentions

No linked articles in our index yet.

cvss	0.572
epss	0.001
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000