CVE-2016-5782 - Vulnerability Details - OpenCVE

An issue was discovered in Locus Energy LGate prior to 1.05H, LGate 50, LGate 100, LGate 101, LGate 120, and LGate 320. Locus Energy meters use a PHP script to manage the energy meter parameters for voltage monitoring and network configuration. The PHP code does not properly validate information that is sent in the POST request.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Locusenergy	Lgate 100 Lgate 101 Lgate 120 Lgate 320 Lgate 50 Lgate Firmware

Configuration 1 [-]

AND

cpe:2.3:o:locusenergy:lgate_firmware:-:*:*:*:*:*:*:*

OR	cpe:2.3:h:locusenergy:lgate_100:-:::::::*
	cpe:2.3:h:locusenergy:lgate_101:-:::::::*
	cpe:2.3:h:locusenergy:lgate_120:-:::::::*
	cpe:2.3:h:locusenergy:lgate_320:-:::::::*
	cpe:2.3:h:locusenergy:lgate_50:-:::::::*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/94698
http://www.securityfocus.com/bid/94782
https://ics-cert.us-cert.gov/advisories/ICSA-16-231-01-0

History

No history.

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2017-02-13T21:00:00

Updated: 2024-08-06T01:15:10.549Z

Reserved: 2016-06-23T00:00:00

Link: CVE-2016-5782

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2017-02-13T21:59:00.190

Modified: 2025-04-20T01:37:25.860

Link: CVE-2016-5782

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Locus Energy LGate through 320", "vendor": "n/a", "versions": [{"status": "affected", "version": "Locus Energy LGate through 320"}]}], "datePublic": "2017-02-13T00:00:00", "descriptions": [{"lang": "en", "value": "An issue was discovered in Locus Energy LGate prior to 1.05H, LGate 50, LGate 100, LGate 101, LGate 120, and LGate 320. Locus Energy meters use a PHP script to manage the energy meter parameters for voltage monitoring and network configuration. The PHP code does not properly validate information that is sent in the POST request."}], "problemTypes": [{"descriptions": [{"description": "Locus Energy LGate Command Injection Vulnerability", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-02-14T10:57:01", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"name": "94782", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/94782"}, {"name": "94698", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/94698"}, {"tags": ["x_refsource_MISC"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-231-01-0"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2016-5782", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Locus Energy LGate through 320", "version": {"version_data": [{"version_value": "Locus Energy LGate through 320"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in Locus Energy LGate prior to 1.05H, LGate 50, LGate 100, LGate 101, LGate 120, and LGate 320. Locus Energy meters use a PHP script to manage the energy meter parameters for voltage monitoring and network configuration. The PHP code does not properly validate information that is sent in the POST request."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Locus Energy LGate Command Injection Vulnerability"}]}]}, "references": {"reference_data": [{"name": "94782", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94782"}, {"name": "94698", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94698"}, {"name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-231-01-0", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-231-01-0"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T01:15:10.549Z"}, "title": "CVE Program Container", "references": [{"name": "94782", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/94782"}, {"name": "94698", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/94698"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-231-01-0"}]}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2016-5782", "datePublished": "2017-02-13T21:00:00", "dateReserved": "2016-06-23T00:00:00", "dateUpdated": "2024-08-06T01:15:10.549Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:locusenergy:lgate_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "CA8AE7BB-4AAC-45E2-A194-8D72C4A5DD6D", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:locusenergy:lgate_100:-:*:*:*:*:*:*:*", "matchCriteriaId": "7EB68DEF-2A97-42C8-BA73-43C97BAD2F8A", "vulnerable": false}, {"criteria": "cpe:2.3:h:locusenergy:lgate_101:-:*:*:*:*:*:*:*", "matchCriteriaId": "9DB10815-4C28-4DC1-9525-6B9D5BCC4E60", "vulnerable": false}, {"criteria": "cpe:2.3:h:locusenergy:lgate_120:-:*:*:*:*:*:*:*", "matchCriteriaId": "3059C40F-AF97-4D7E-9470-C6791CF0154C", "vulnerable": false}, {"criteria": "cpe:2.3:h:locusenergy:lgate_320:-:*:*:*:*:*:*:*", "matchCriteriaId": "D2F42CBC-A4F1-4078-8E18-D6EF2238194D", "vulnerable": false}, {"criteria": "cpe:2.3:h:locusenergy:lgate_50:-:*:*:*:*:*:*:*", "matchCriteriaId": "051167FD-3CF8-4D76-955C-C77066D156A4", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in Locus Energy LGate prior to 1.05H, LGate 50, LGate 100, LGate 101, LGate 120, and LGate 320. Locus Energy meters use a PHP script to manage the energy meter parameters for voltage monitoring and network configuration. The PHP code does not properly validate information that is sent in the POST request."}, {"lang": "es", "value": "Ha sido descubierto un problema en Locus Energy LGate en versiones anteriores a 1.05H, LGate 50, LGate 100, LGate 101, LGate 120 y LGate 320. Medidores Locus Energy utilizan secuencias de comandos PHP para gestionar los par\u00e1metros del medidor de energ\u00eda para el control de voltaje y configuraci\u00f3n de red. El c\u00f3digo PHP no valida adecuadamente la informaci\u00f3n que es enviada en la solicitud POST."}], "id": "CVE-2016-5782", "lastModified": "2025-04-20T01:37:25.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 4.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-02-13T21:59:00.190", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/94698"}, {"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/94782"}, {"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-231-01-0"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/94698"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/94782"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-231-01-0"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}