CVE-2016-5809 Schneider Electric CVE debrief

Who should care

Operators, engineers, and defenders responsible for Schneider Electric ION meter deployments, especially ION73XX, ION75XX, ION76XX, ION8650, ION8800, PM5XXX, and related ION5XXX/ION5000-class devices exposed through management interfaces.

Technical summary

The vulnerability is classified as CWE-352 (CSRF). The NVD vector is CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating a network-reachable issue that depends on user interaction. The root problem is the absence of a CSRF token in session-based authentication, which can allow a crafted request to be accepted as legitimate and alter device configuration state.

Defensive priority

High. The issue can impact device configuration integrity on operational power-management equipment, and the published CVSS score reflects high potential impact if a management user is induced to interact with a malicious request.

Recommended defensive actions

• Review Schneider Electric and ICS-CERT guidance for CVE-2016-5809 and apply any vendor-provided remediation or compensating controls.
• Restrict access to device management interfaces to trusted administrative networks only.
• Use network segmentation and strong access controls around power meter administration.
• Monitor for unexpected configuration changes on affected devices and review administrative activity.
• Where possible, reduce reliance on browser-based management workflows that can be abused through CSRF.
• Track the official CVE and NVD records for any updated remediation notes.

Evidence notes

The supplied NVD record identifies affected CPEs including Schneider Electric ION5000, ION7300, ION7500, ION7600, ION8650, and ION8800, and lists CWE-352 with a high-severity CVSS 3.0 vector. The record references ICS-CERT advisory ICSA-16-308-03 and a SecurityFocus BID entry as third-party advisories. An Exploit-DB reference is present in the source corpus, but this debrief does not rely on it for operational guidance.

Official resources