Details of VAR-201702-0683

ID

VAR-201702-0683

CVE

CVE-2017-5165

TITLE

BINOM3 Electric Power Quality Meter Multiple Security Vulnerabilities

Trust: 0.9

sources: BID: 93028 // CNNVD: CNNVD-201609-547

DESCRIPTION

An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. There is no CSRF Token generated per page and/or per (sensitive) function. Successful exploitation of this vulnerability can allow silent execution of unauthorized actions on the device such as configuration parameter changes, and saving modified configuration. Cross-site scripting vulnerability 2. HTML injection vulnerability 3. Security bypass vulnerability 4. Information disclosure vulnerability. Attackers can use these vulnerabilities to execute arbitrary code in the context of the affected application, steal cookie-based authentication, obtain sensitive information, or bypass security restrictions to gain elevated permissions. Multiple information-disclosure vulnerabilities. 5

Trust: 3.78

sources: NVD: CVE-2017-5165 // JVNDB: JVNDB-2017-001593 // CNVD: CNVD-2016-08235 // CNVD: CNVD-2017-01595 // CNNVD: CNNVD-201609-547 // BID: 93028 // IVD: 26dabf8f-7e93-45f1-b2ba-cfa0a277ec61 // VULHUB: VHN-113368

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 1.4

sources: IVD: 26dabf8f-7e93-45f1-b2ba-cfa0a277ec61 // CNVD: CNVD-2016-08235 // CNVD: CNVD-2017-01595

AFFECTED PRODUCTS

vendor:	algorithm	model:	binom3 universal multifunctional electric power quality meter	scope:	-	version:	-	Trust: 1.6
vendor:	binom3	model:	universal multifunctional electric power quality meter	scope:	eq	version:	-	Trust: 1.6
vendor:	binom3	model:	electric power quality meter	scope:	eq	version:	0	Trust: 0.9
vendor:	binom3	model:	electric power quality meter	scope:	-	version:	-	Trust: 0.6
vendor:	universal multifunctional electric power quality meter	model:	-	scope:	eq	version:	-	Trust: 0.2

sources: IVD: 26dabf8f-7e93-45f1-b2ba-cfa0a277ec61 // CNVD: CNVD-2016-08235 // CNVD: CNVD-2017-01595 // BID: 93028 // JVNDB: JVNDB-2017-001593 // CNNVD: CNNVD-201702-242 // NVD: CVE-2017-5165

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-5165
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-5165
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2016-08235
value:	HIGH
Trust: 0.6
CNVD:	CNVD-2017-01595
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201702-242
value:	MEDIUM
Trust: 0.6
IVD:	26dabf8f-7e93-45f1-b2ba-cfa0a277ec61
value:	MEDIUM
Trust: 0.2
VULHUB:	VHN-113368
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-5165
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2016-08235
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
CNVD:	CNVD-2017-01595
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	26dabf8f-7e93-45f1-b2ba-cfa0a277ec61
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-113368
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-5165
baseSeverity:	HIGH
baseScore:	7.6
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	4.7
version:	3.0
Trust: 1.8

sources: IVD: 26dabf8f-7e93-45f1-b2ba-cfa0a277ec61 // CNVD: CNVD-2016-08235 // CNVD: CNVD-2017-01595 // VULHUB: VHN-113368 // JVNDB: JVNDB-2017-001593 // CNNVD: CNNVD-201702-242 // NVD: CVE-2017-5165

PROBLEMTYPE DATA

problemtype:

CWE-352

Trust: 1.9

sources: VULHUB: VHN-113368 // JVNDB: JVNDB-2017-001593 // NVD: CVE-2017-5165

THREAT TYPE

remote

Trust: 1.2

sources: CNNVD: CNNVD-201609-547 // CNNVD: CNNVD-201702-242

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201609-547

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-001593

PATCH

title:

BINOM3

url:

http://www.binom3.ru/index.php?lang=en

Trust: 0.8

sources: JVNDB: JVNDB-2017-001593

EXTERNAL IDS

db:	BID	id:	93028	Trust: 3.8
db:	NVD	id:	CVE-2017-5165	Trust: 3.6
db:	ICS CERT	id:	ICSA-17-031-01A	Trust: 2.5
db:	CNNVD	id:	CNNVD-201702-242	Trust: 0.9
db:	CNVD	id:	CNVD-2017-01595	Trust: 0.8
db:	JVNDB	id:	JVNDB-2017-001593	Trust: 0.8
db:	CNVD	id:	CNVD-2016-08235	Trust: 0.6
db:	CNNVD	id:	CNNVD-201609-547	Trust: 0.6
db:	ICS CERT ALERT	id:	ICS-ALERT-16-263-01	Trust: 0.3
db:	ICS CERT	id:	ICSA-17-031-01	Trust: 0.3
db:	IVD	id:	26DABF8F-7E93-45F1-B2BA-CFA0A277EC61	Trust: 0.2
db:	VULHUB	id:	VHN-113368	Trust: 0.1

sources: IVD: 26dabf8f-7e93-45f1-b2ba-cfa0a277ec61 // CNVD: CNVD-2016-08235 // CNVD: CNVD-2017-01595 // VULHUB: VHN-113368 // BID: 93028 // JVNDB: JVNDB-2017-001593 // CNNVD: CNNVD-201609-547 // CNNVD: CNNVD-201702-242 // NVD: CVE-2017-5165

REFERENCES

url:	http://www.securityfocus.com/bid/93028	Trust: 3.5
url:	https://ics-cert.us-cert.gov/advisories/icsa-17-031-01a	Trust: 2.5
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-5165	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2017-5165	Trust: 0.8
url:	http://www.binom3.ru/	Trust: 0.3
url:	https://ics-cert.us-cert.gov/advisories/icsa-17-031-01	Trust: 0.3
url:	https://ics-cert.us-cert.gov/alerts/ics-alert-16-263-01	Trust: 0.3

sources: CNVD: CNVD-2016-08235 // CNVD: CNVD-2017-01595 // VULHUB: VHN-113368 // BID: 93028 // JVNDB: JVNDB-2017-001593 // CNNVD: CNNVD-201609-547 // CNNVD: CNNVD-201702-242 // NVD: CVE-2017-5165

CREDITS

Karn Ganeshen

Trust: 1.5

sources: BID: 93028 // CNNVD: CNNVD-201609-547 // CNNVD: CNNVD-201702-242

SOURCES

db:	IVD	id:	26dabf8f-7e93-45f1-b2ba-cfa0a277ec61
db:	CNVD	id:	CNVD-2016-08235
db:	CNVD	id:	CNVD-2017-01595
db:	VULHUB	id:	VHN-113368
db:	BID	id:	93028
db:	JVNDB	id:	JVNDB-2017-001593
db:	CNNVD	id:	CNNVD-201609-547
db:	CNNVD	id:	CNNVD-201702-242
db:	NVD	id:	CVE-2017-5165

LAST UPDATE DATE

2025-04-20T23:25:07.005000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2016-08235	date:	2016-09-28T00:00:00
db:	CNVD	id:	CNVD-2017-01595	date:	2017-02-20T00:00:00
db:	VULHUB	id:	VHN-113368	date:	2017-02-16T00:00:00
db:	BID	id:	93028	date:	2017-02-02T00:08:00
db:	JVNDB	id:	JVNDB-2017-001593	date:	2017-03-07T00:00:00
db:	CNNVD	id:	CNNVD-201609-547	date:	2016-09-22T00:00:00
db:	CNNVD	id:	CNNVD-201702-242	date:	2017-02-09T00:00:00
db:	NVD	id:	CVE-2017-5165	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	IVD	id:	26dabf8f-7e93-45f1-b2ba-cfa0a277ec61	date:	2017-02-20T00:00:00
db:	CNVD	id:	CNVD-2016-08235	date:	2016-09-28T00:00:00
db:	CNVD	id:	CNVD-2017-01595	date:	2017-02-20T00:00:00
db:	VULHUB	id:	VHN-113368	date:	2017-02-13T00:00:00
db:	BID	id:	93028	date:	2016-09-19T00:00:00
db:	JVNDB	id:	JVNDB-2017-001593	date:	2017-03-07T00:00:00
db:	CNNVD	id:	CNNVD-201609-547	date:	2016-09-22T00:00:00
db:	CNNVD	id:	CNNVD-201702-242	date:	2016-09-19T00:00:00
db:	NVD	id:	CVE-2017-5165	date:	2017-02-13T21:59:02.957