PatchSiren cyber security CVE debrief

CVE-2016-5811 Visonic CVE debrief

CVE-2016-5811 is a cross-site scripting issue in Visonic PowerLink2 firmware. According to the NVD description, user-controlled input is not neutralized before being placed in web page output, affecting all versions prior to the October 2016 firmware release. The published CVSS v3.1 score is 6.1 (medium), with network attack vector, no privileges required, and user interaction required.

Vendor: Visonic
Product: CVE-2016-5811
CVSS: MEDIUM 6.1
CISA KEV: Not listed in stored evidence
Original CVE published: 2017-02-13
Original CVE updated: 2026-05-13
Advisory published: 2017-02-13
Advisory updated: 2026-05-13

Who should care

Organizations that operate or manage Visonic PowerLink2 firmware, especially if the device’s web interface is reachable by administrators or other users. Security teams responsible for embedded/IoT devices, remote management portals, and internal web interfaces should also review exposure because the attack requires a user to view a crafted page or response.

Technical summary

NVD maps the issue to CWE-79 (Cross-Site Scripting) and lists the affected scope as Visonic PowerLink2 firmware, not the hardware CPE itself. The CVSS vector (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) indicates a remotely reachable web issue that depends on user interaction and can impact confidentiality and integrity at a limited level. The issue is described as fixed in the October 2016 firmware release boundary, so earlier firmware should be treated as vulnerable.

Defensive priority

Medium. This is not a KNS/KEV-listed issue in the supplied corpus, but it is a remotely reachable web XSS flaw with no authentication requirement and browser-mediated impact, so exposed systems should be prioritized for firmware review and update.

Recommended defensive actions

Inventory all Visonic PowerLink2 deployments and confirm the installed firmware version.
Upgrade to the October 2016 firmware release or a later vendor-provided version, if any is available for the device.
Restrict access to the device web interface to trusted administrative networks until patched.
Review any custom pages, integrations, or management workflows that pass user input into web output and ensure output encoding is enforced.
Monitor for suspicious requests or inputs that could indicate attempts to inject script into the management interface.

Evidence notes

The debrief is based only on the supplied NVD/CVE corpus and linked official resources. NVD records the vulnerability as CVE-2016-5811 with publishedAt 2017-02-13T21:59:00.440Z and modifiedAt 2026-05-13T00:24:29.033Z; the 2026 modification date is a record update, not the vulnerability issue date. The reference set includes the CVE record, NVD detail page, and ICS-CERT advisory ICSA-16-348-01. The supplied source item states the affected firmware versions are those prior to the October 2016 firmware release.

Official resources

CVE-2016-5811 CVE record
CVE.org
CVE-2016-5811 NVD detail
NVD
Source item URL
nvd_modified
Mitigation or vendor reference
[email protected] - Third Party Advisory, VDB Entry
Mitigation or vendor reference
[email protected] - Third Party Advisory, US Government Resource

Publicly disclosed in the CVE/NVD record on 2017-02-13, with related ICS-CERT advisory and SecurityFocus references listed in NVD. The supplied corpus indicates the vulnerable firmware boundary is prior to the October 2016 release.