CVE-2016-5782

Name of the Vulnerable Software and Affected Versions Locus Energy LGate versions prior to 1.05H Locus Energy LGate 50 Locus Energy LGate 100 Locus Energy LGate 101 Locus Energy LGate 120 Locus Energy LGate 320

Description An issue was discovered in the PHP script used by Locus Energy meters to manage energy meter parameters for voltage monitoring and network configuration. The PHP code does not properly validate information sent in the POST request.

Recommendations For Locus Energy LGate versions prior to 1.05H, update to version 1.05H or later. For Locus Energy LGate 50, consider disabling the vulnerable PHP script until a patch is available. For Locus Energy LGate 100, restrict access to the PHP script to minimize the risk of exploitation. For Locus Energy LGate 101, avoid using the vulnerable PHP script for voltage monitoring and network configuration until the issue is resolved. For Locus Energy LGate 120, apply configuration changes to properly validate information sent in the POST request. For Locus Energy LGate 320, consider temporarily disabling the PHP script used for managing energy meter parameters until a fix is available.