Sign-up

ID

VAR-201702-0680


CVE

CVE-2017-5162


TITLE

BINOM3 Electric Power Quality Meter Multiple Security Vulnerabilities

Trust: 0.9

sources: BID: 93028 // CNNVD: CNNVD-201609-547

DESCRIPTION

An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. Lack of authentication for remote service gives access to application set up and configuration. Cross-site scripting vulnerability 2. HTML injection vulnerability 3. Security bypass vulnerability 4. Information disclosure vulnerability. Attackers can use these vulnerabilities to execute arbitrary code in the context of the affected application, steal cookie-based authentication, obtain sensitive information, or bypass security restrictions to gain elevated permissions. Multiple information-disclosure vulnerabilities. 5

Trust: 3.78

sources: NVD: CVE-2017-5162 // JVNDB: JVNDB-2017-001591 // CNVD: CNVD-2017-01596 // CNVD: CNVD-2016-08235 // CNNVD: CNNVD-201609-547 // BID: 93028 // IVD: 23e8b2f2-c868-4492-8352-8f408b870e01 // VULHUB: VHN-113365

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 1.4

sources: IVD: 23e8b2f2-c868-4492-8352-8f408b870e01 // CNVD: CNVD-2017-01596 // CNVD: CNVD-2016-08235

AFFECTED PRODUCTS

vendor:algorithmmodel:binom3 universal multifunctional electric power quality meterscope: - version: -

Trust: 1.6

vendor:binom3model:universal multifunctional electric power quality meterscope:eqversion: -

Trust: 1.6

vendor:binom3model:electric power quality meterscope:eqversion:0

Trust: 0.9

vendor:binom3model:electric power quality meterscope: - version: -

Trust: 0.6

vendor:universal multifunctional electric power quality metermodel: - scope:eqversion: -

Trust: 0.2

sources: IVD: 23e8b2f2-c868-4492-8352-8f408b870e01 // CNVD: CNVD-2017-01596 // CNVD: CNVD-2016-08235 // BID: 93028 // JVNDB: JVNDB-2017-001591 // CNNVD: CNNVD-201702-241 // NVD: CVE-2017-5162

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-5162
value: CRITICAL

Trust: 1.0

NVD: CVE-2017-5162
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2017-01596
value: HIGH

Trust: 0.6

CNVD: CNVD-2016-08235
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201702-241
value: CRITICAL

Trust: 0.6

IVD: 23e8b2f2-c868-4492-8352-8f408b870e01
value: CRITICAL

Trust: 0.2

VULHUB: VHN-113365
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-5162
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-01596
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

CNVD: CNVD-2016-08235
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 23e8b2f2-c868-4492-8352-8f408b870e01
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-113365
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-5162
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: IVD: 23e8b2f2-c868-4492-8352-8f408b870e01 // CNVD: CNVD-2017-01596 // CNVD: CNVD-2016-08235 // VULHUB: VHN-113365 // JVNDB: JVNDB-2017-001591 // CNNVD: CNNVD-201702-241 // NVD: CVE-2017-5162

PROBLEMTYPE DATA

problemtype:CWE-306

Trust: 1.9

sources: VULHUB: VHN-113365 // JVNDB: JVNDB-2017-001591 // NVD: CVE-2017-5162

THREAT TYPE

remote

Trust: 1.2

sources: CNNVD: CNNVD-201609-547 // CNNVD: CNNVD-201702-241

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201609-547

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-001591

PATCH
title:BINOM3url:http://www.binom3.ru/index.php?lang=en
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2017-001591

EXTERNAL IDS
db:BIDid:93028
Trust: 3.8
db:NVDid:CVE-2017-5162
Trust: 3.6
db:ICS CERTid:ICSA-17-031-01A
Trust: 2.5
db:CNNVDid:CNNVD-201702-241
Trust: 0.9
db:CNVDid:CNVD-2017-01596
Trust: 0.8
db:JVNDBid:JVNDB-2017-001591
Trust: 0.8
db:CNVDid:CNVD-2016-08235
Trust: 0.6
db:CNNVDid:CNNVD-201609-547
Trust: 0.6
db:ICS CERT ALERTid:ICS-ALERT-16-263-01
Trust: 0.3
db:ICS CERTid:ICSA-17-031-01
Trust: 0.3
db:IVDid:23E8B2F2-C868-4492-8352-8F408B870E01
Trust: 0.2
db:VULHUBid:VHN-113365
Trust: 0.1
sources:
            
            
            IVD: 23e8b2f2-c868-4492-8352-8f408b870e01 // 
            
            
            
            CNVD: CNVD-2017-01596 // 
            
            
            
            CNVD: CNVD-2016-08235 // 
            
            
            
            VULHUB: VHN-113365 // 
            
            
            
            BID: 93028 // 
            
            
            
            JVNDB: JVNDB-2017-001591 // 
            
            
            
            CNNVD: CNNVD-201609-547 // 
            
            
            
            CNNVD: CNNVD-201702-241 // 
            
            
            
            NVD: CVE-2017-5162

REFERENCES
url:http://www.securityfocus.com/bid/93028
Trust: 3.5
url:https://ics-cert.us-cert.gov/advisories/icsa-17-031-01a
Trust: 2.5
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-5162
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2017-5162
Trust: 0.8
url:http://www.binom3.ru/
Trust: 0.3
url:https://ics-cert.us-cert.gov/advisories/icsa-17-031-01
Trust: 0.3
url:https://ics-cert.us-cert.gov/alerts/ics-alert-16-263-01
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2017-01596 // 
            
            
            
            CNVD: CNVD-2016-08235 // 
            
            
            
            VULHUB: VHN-113365 // 
            
            
            
            BID: 93028 // 
            
            
            
            JVNDB: JVNDB-2017-001591 // 
            
            
            
            CNNVD: CNNVD-201609-547 // 
            
            
            
            CNNVD: CNNVD-201702-241 // 
            
            
            
            NVD: CVE-2017-5162

CREDITS
Karn Ganeshen
Trust: 1.5
sources:
            
            
            BID: 93028 // 
            
            
            
            CNNVD: CNNVD-201609-547 // 
            
            
            
            CNNVD: CNNVD-201702-241

SOURCES
db:IVDid:23e8b2f2-c868-4492-8352-8f408b870e01
db:CNVDid:CNVD-2017-01596
db:CNVDid:CNVD-2016-08235
db:VULHUBid:VHN-113365
db:BIDid:93028
db:JVNDBid:JVNDB-2017-001591
db:CNNVDid:CNNVD-201609-547
db:CNNVDid:CNNVD-201702-241
db:NVDid:CVE-2017-5162

LAST UPDATE DATE
2025-04-20T23:25:07.208000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-01596date:2017-02-20T00:00:00
db:CNVDid:CNVD-2016-08235date:2016-09-28T00:00:00
db:VULHUBid:VHN-113365date:2017-02-16T00:00:00
db:BIDid:93028date:2017-02-02T00:08:00
db:JVNDBid:JVNDB-2017-001591date:2017-03-07T00:00:00
db:CNNVDid:CNNVD-201609-547date:2016-09-22T00:00:00
db:CNNVDid:CNNVD-201702-241date:2017-02-09T00:00:00
db:NVDid:CVE-2017-5162date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:IVDid:23e8b2f2-c868-4492-8352-8f408b870e01date:2017-02-20T00:00:00
db:CNVDid:CNVD-2017-01596date:2017-02-20T00:00:00
db:CNVDid:CNVD-2016-08235date:2016-09-28T00:00:00
db:VULHUBid:VHN-113365date:2017-02-13T00:00:00
db:BIDid:93028date:2016-09-19T00:00:00
db:JVNDBid:JVNDB-2017-001591date:2017-03-07T00:00:00
db:CNNVDid:CNNVD-201609-547date:2016-09-22T00:00:00
db:CNNVDid:CNNVD-201702-241date:2016-09-19T00:00:00
db:NVDid:CVE-2017-5162date:2017-02-13T21:59:02.860