Details of VAR-201702-0682

ID

VAR-201702-0682

CVE

CVE-2017-5164

TITLE

BINOM3 Electric Power Quality Meter Cross-Site Scripting Vulnerability

Trust: 1.4

sources: IVD: 21d3ca58-ccc1-4754-a628-d6d8eaccf73b // CNVD: CNVD-2017-01597 // CNNVD: CNNVD-201702-240

DESCRIPTION

An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. Input sent from a malicious client is not properly verified by the server. An attacker can execute arbitrary script code in another user's browser session (CROSS-SITE SCRIPTING). Cross-site scripting vulnerability 2. HTML injection vulnerability 3. Security bypass vulnerability 4. Information disclosure vulnerability. Attackers can use these vulnerabilities to execute arbitrary code in the context of the affected application, steal cookie-based authentication, obtain sensitive information, or bypass security restrictions to gain elevated permissions. Multiple information-disclosure vulnerabilities. 5

Trust: 4.05

sources: NVD: CVE-2017-5164 // JVNDB: JVNDB-2017-001592 // CNVD: CNVD-2017-01597 // CNVD: CNVD-2016-08235 // CNNVD: CNNVD-201609-547 // BID: 93028 // IVD: 21d3ca58-ccc1-4754-a628-d6d8eaccf73b // IVD: b757907c-a216-4393-9188-8cb0f2f8c54c // VULHUB: VHN-113367 // VULMON: CVE-2017-5164

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 1.6

sources: IVD: 21d3ca58-ccc1-4754-a628-d6d8eaccf73b // IVD: b757907c-a216-4393-9188-8cb0f2f8c54c // CNVD: CNVD-2017-01597 // CNVD: CNVD-2016-08235

AFFECTED PRODUCTS

vendor:	algorithm	model:	binom3 universal multifunctional electric power quality meter	scope:	-	version:	-	Trust: 1.6
vendor:	binom3	model:	universal multifunctional electric power quality meter	scope:	eq	version:	-	Trust: 1.6
vendor:	binom3	model:	electric power quality meter	scope:	eq	version:	0	Trust: 0.9
vendor:	binom3	model:	electric power quality meter	scope:	-	version:	-	Trust: 0.6
vendor:	universal multifunctional electric power quality meter	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	binom3	model:	electric power quality meter	scope:	eq	version:	*	Trust: 0.2

sources: IVD: 21d3ca58-ccc1-4754-a628-d6d8eaccf73b // IVD: b757907c-a216-4393-9188-8cb0f2f8c54c // CNVD: CNVD-2017-01597 // CNVD: CNVD-2016-08235 // BID: 93028 // JVNDB: JVNDB-2017-001592 // CNNVD: CNNVD-201702-240 // NVD: CVE-2017-5164

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-5164
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-5164
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2017-01597
value:	MEDIUM
Trust: 0.6
CNVD:	CNVD-2016-08235
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201702-240
value:	MEDIUM
Trust: 0.6
IVD:	21d3ca58-ccc1-4754-a628-d6d8eaccf73b
value:	MEDIUM
Trust: 0.2
IVD:	b757907c-a216-4393-9188-8cb0f2f8c54c
value:	MEDIUM
Trust: 0.2
VULHUB:	VHN-113367
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2017-5164
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-5164
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2017-01597
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
CNVD:	CNVD-2016-08235
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	21d3ca58-ccc1-4754-a628-d6d8eaccf73b
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
IVD:	b757907c-a216-4393-9188-8cb0f2f8c54c
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-113367
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-5164
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.0
Trust: 1.8

sources: IVD: 21d3ca58-ccc1-4754-a628-d6d8eaccf73b // IVD: b757907c-a216-4393-9188-8cb0f2f8c54c // CNVD: CNVD-2017-01597 // CNVD: CNVD-2016-08235 // VULHUB: VHN-113367 // VULMON: CVE-2017-5164 // JVNDB: JVNDB-2017-001592 // CNNVD: CNNVD-201702-240 // NVD: CVE-2017-5164

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-113367 // JVNDB: JVNDB-2017-001592 // NVD: CVE-2017-5164

THREAT TYPE

remote

Trust: 1.2

sources: CNNVD: CNNVD-201609-547 // CNNVD: CNNVD-201702-240

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201609-547

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-001592

PATCH

title:

BINOM3

url:

http://www.binom3.ru/index.php?lang=en

Trust: 0.8

sources: JVNDB: JVNDB-2017-001592

EXTERNAL IDS

db:	NVD	id:	CVE-2017-5164	Trust: 3.9
db:	BID	id:	93028	Trust: 3.9
db:	ICS CERT	id:	ICSA-17-031-01A	Trust: 2.6
db:	CNNVD	id:	CNNVD-201702-240	Trust: 1.1
db:	CNVD	id:	CNVD-2017-01597	Trust: 0.8
db:	CNVD	id:	CNVD-2016-08235	Trust: 0.8
db:	JVNDB	id:	JVNDB-2017-001592	Trust: 0.8
db:	CNNVD	id:	CNNVD-201609-547	Trust: 0.6
db:	ICS CERT ALERT	id:	ICS-ALERT-16-263-01	Trust: 0.3
db:	ICS CERT	id:	ICSA-17-031-01	Trust: 0.3
db:	IVD	id:	21D3CA58-CCC1-4754-A628-D6D8EACCF73B	Trust: 0.2
db:	IVD	id:	B757907C-A216-4393-9188-8CB0F2F8C54C	Trust: 0.2
db:	VULHUB	id:	VHN-113367	Trust: 0.1
db:	VULMON	id:	CVE-2017-5164	Trust: 0.1

sources: IVD: 21d3ca58-ccc1-4754-a628-d6d8eaccf73b // IVD: b757907c-a216-4393-9188-8cb0f2f8c54c // CNVD: CNVD-2017-01597 // CNVD: CNVD-2016-08235 // VULHUB: VHN-113367 // VULMON: CVE-2017-5164 // BID: 93028 // JVNDB: JVNDB-2017-001592 // CNNVD: CNNVD-201609-547 // CNNVD: CNNVD-201702-240 // NVD: CVE-2017-5164

REFERENCES

url:	http://www.securityfocus.com/bid/93028	Trust: 3.7
url:	https://ics-cert.us-cert.gov/advisories/icsa-17-031-01a	Trust: 2.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-5164	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2017-5164	Trust: 0.8
url:	http://www.binom3.ru/	Trust: 0.3
url:	https://ics-cert.us-cert.gov/advisories/icsa-17-031-01	Trust: 0.3
url:	https://ics-cert.us-cert.gov/alerts/ics-alert-16-263-01	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/79.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2017-01597 // CNVD: CNVD-2016-08235 // VULHUB: VHN-113367 // VULMON: CVE-2017-5164 // BID: 93028 // JVNDB: JVNDB-2017-001592 // CNNVD: CNNVD-201609-547 // CNNVD: CNNVD-201702-240 // NVD: CVE-2017-5164

CREDITS

Karn Ganeshen

Trust: 1.5

sources: BID: 93028 // CNNVD: CNNVD-201609-547 // CNNVD: CNNVD-201702-240

SOURCES

db:	IVD	id:	21d3ca58-ccc1-4754-a628-d6d8eaccf73b
db:	IVD	id:	b757907c-a216-4393-9188-8cb0f2f8c54c
db:	CNVD	id:	CNVD-2017-01597
db:	CNVD	id:	CNVD-2016-08235
db:	VULHUB	id:	VHN-113367
db:	VULMON	id:	CVE-2017-5164
db:	BID	id:	93028
db:	JVNDB	id:	JVNDB-2017-001592
db:	CNNVD	id:	CNNVD-201609-547
db:	CNNVD	id:	CNNVD-201702-240
db:	NVD	id:	CVE-2017-5164

LAST UPDATE DATE

2025-04-20T23:25:07.152000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-01597	date:	2017-02-20T00:00:00
db:	CNVD	id:	CNVD-2016-08235	date:	2016-09-28T00:00:00
db:	VULHUB	id:	VHN-113367	date:	2017-02-16T00:00:00
db:	VULMON	id:	CVE-2017-5164	date:	2017-02-16T00:00:00
db:	BID	id:	93028	date:	2017-02-02T00:08:00
db:	JVNDB	id:	JVNDB-2017-001592	date:	2017-03-07T00:00:00
db:	CNNVD	id:	CNNVD-201609-547	date:	2016-09-22T00:00:00
db:	CNNVD	id:	CNNVD-201702-240	date:	2017-02-09T00:00:00
db:	NVD	id:	CVE-2017-5164	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	IVD	id:	21d3ca58-ccc1-4754-a628-d6d8eaccf73b	date:	2017-02-20T00:00:00
db:	IVD	id:	b757907c-a216-4393-9188-8cb0f2f8c54c	date:	2016-09-28T00:00:00
db:	CNVD	id:	CNVD-2017-01597	date:	2017-02-20T00:00:00
db:	CNVD	id:	CNVD-2016-08235	date:	2016-09-28T00:00:00
db:	VULHUB	id:	VHN-113367	date:	2017-02-13T00:00:00
db:	VULMON	id:	CVE-2017-5164	date:	2017-02-13T00:00:00
db:	BID	id:	93028	date:	2016-09-19T00:00:00
db:	JVNDB	id:	JVNDB-2017-001592	date:	2017-03-07T00:00:00
db:	CNNVD	id:	CNNVD-201609-547	date:	2016-09-22T00:00:00
db:	CNNVD	id:	CNNVD-201702-240	date:	2016-09-19T00:00:00
db:	NVD	id:	CVE-2017-5164	date:	2017-02-13T21:59:02.923