CVE-2016-5815 – Schneider Electric ION and PM5XXX series power ... (How to Fix)

Q: What is the severity of CVE-2016-5815?

CVE-2016-5815 has a CVSS score of 9.8 (CRITICAL). Schneider Electric ION and PM5XXX series power meters have no authentication configured by default, allowing unauthorized users to access the device management portal and make configuration changes. This affects ION73XX, ION75XX, ION76XX, ION8650, ION8800, and PM5XXX series devices.

📋 TL;DR

Schneider Electric ION and PM5XXX series power meters have no authentication configured by default, allowing unauthorized users to access the device management portal and make configuration changes. This affects ION73XX, ION75XX, ION76XX, ION8650, ION8800, and PM5XXX series devices.

💻 Affected Systems

Products:

ION73XX series
ION75XX series
ION76XX series
ION8650 series
ION8800 series
PM5XXX series

Versions: All versions with default configuration

Operating Systems: Embedded firmware

Default Config Vulnerable: ⚠️ Yes

Notes: All devices with factory default settings are vulnerable. Custom configurations with authentication enabled are not affected.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could reconfigure power meters to cause physical damage, disrupt critical infrastructure operations, or manipulate energy monitoring data for financial gain.

🟠

Likely Case

Unauthorized configuration changes leading to service disruption, inaccurate energy monitoring, or unauthorized access to connected systems.

🟢

If Mitigated

Limited impact with proper network segmentation and authentication controls in place.

🌐 Internet-Facing: HIGH - Devices exposed to internet are trivially exploitable without authentication.

🏢 Internal Only: HIGH - Internal attackers or compromised systems can easily exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires only network access to the device management interface with no authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Firmware updates available per vendor advisory

Vendor Advisory: https://ics-cert.us-cert.gov/advisories/ICSA-16-308-03

Restart Required: Yes

Instructions:

1. Download firmware update from Schneider Electric portal. 2. Backup current configuration. 3. Apply firmware update via device management interface. 4. Configure authentication settings. 5. Restart device.

🔧 Temporary Workarounds

Configure Authentication

all

Enable authentication on device management portal with strong credentials

Network Segmentation

all

Isolate power meters in separate VLAN with strict firewall rules

🧯 If You Can't Patch

Implement strict network access controls to limit device management interface access
Enable logging and monitoring for unauthorized configuration changes

🔍 How to Verify

Check if Vulnerable:

Attempt to access device management web interface without credentials. If access is granted, device is vulnerable.

Check Version:

Check firmware version via device management interface or serial console

Verify Fix Applied:

Verify authentication is required to access management interface and firmware version matches patched version.

📡 Detection & Monitoring

Log Indicators:

Unauthorized access attempts to management interface
Configuration changes from unexpected IP addresses

Network Indicators:

HTTP requests to device management port without authentication headers
Unusual configuration traffic patterns

SIEM Query:

source_ip NOT IN (authorized_admin_ips) AND dest_port=80 AND uri_path CONTAINS "/admin"

📊 Metadata

CVE ID: CVE-2016-5815

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-284

Published: February 13, 2017

Last Updated: April 20, 2025

🔗 References

http://www.securityfocus.com/bid/94091 Third Party Advisory,VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-16-308-03 Third Party Advisory,US Government Resource
http://www.securityfocus.com/bid/94091 Third Party Advisory,VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-16-308-03 Third Party Advisory,US Government Resource

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2016-5815, you might also want to check these: