Details of VAR-201702-0684

ID

VAR-201702-0684

CVE

CVE-2017-5166

TITLE

BINOM3 Electric Power Quality Meter Multiple Security Vulnerabilities

Trust: 0.9

sources: BID: 93028 // CNNVD: CNNVD-201609-547

DESCRIPTION

An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. An INFORMATION EXPOSURE flaw can be used to gain privileged access to the device. Cross-site scripting vulnerability 2. HTML injection vulnerability 3. Security bypass vulnerability 4. Information disclosure vulnerability. Attackers can use these vulnerabilities to execute arbitrary code in the context of the affected application, steal cookie-based authentication, obtain sensitive information, or bypass security restrictions to gain elevated permissions. Multiple information-disclosure vulnerabilities. 5

Trust: 3.78

sources: NVD: CVE-2017-5166 // JVNDB: JVNDB-2017-001594 // CNVD: CNVD-2016-08235 // CNVD: CNVD-2017-01594 // CNNVD: CNNVD-201609-547 // BID: 93028 // IVD: 15863d55-53b2-4e7e-a4d7-9099e7dc5ea7 // VULHUB: VHN-113369

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 1.4

sources: IVD: 15863d55-53b2-4e7e-a4d7-9099e7dc5ea7 // CNVD: CNVD-2016-08235 // CNVD: CNVD-2017-01594

AFFECTED PRODUCTS

vendor:	algorithm	model:	binom3 universal multifunctional electric power quality meter	scope:	-	version:	-	Trust: 1.6
vendor:	binom3	model:	universal multifunctional electric power quality meter	scope:	eq	version:	-	Trust: 1.6
vendor:	binom3	model:	electric power quality meter	scope:	eq	version:	0	Trust: 0.9
vendor:	binom3	model:	electric power quality meter	scope:	-	version:	-	Trust: 0.6
vendor:	universal multifunctional electric power quality meter	model:	-	scope:	eq	version:	-	Trust: 0.2

sources: IVD: 15863d55-53b2-4e7e-a4d7-9099e7dc5ea7 // CNVD: CNVD-2016-08235 // CNVD: CNVD-2017-01594 // BID: 93028 // JVNDB: JVNDB-2017-001594 // CNNVD: CNNVD-201702-243 // NVD: CVE-2017-5166

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-5166
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2017-5166
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2016-08235
value:	HIGH
Trust: 0.6
CNVD:	CNVD-2017-01594
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201702-243
value:	MEDIUM
Trust: 0.6
IVD:	15863d55-53b2-4e7e-a4d7-9099e7dc5ea7
value:	MEDIUM
Trust: 0.2
VULHUB:	VHN-113369
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-5166
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2016-08235
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
CNVD:	CNVD-2017-01594
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	15863d55-53b2-4e7e-a4d7-9099e7dc5ea7
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-113369
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-5166
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: IVD: 15863d55-53b2-4e7e-a4d7-9099e7dc5ea7 // CNVD: CNVD-2016-08235 // CNVD: CNVD-2017-01594 // VULHUB: VHN-113369 // JVNDB: JVNDB-2017-001594 // CNNVD: CNNVD-201702-243 // NVD: CVE-2017-5166

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-113369 // JVNDB: JVNDB-2017-001594 // NVD: CVE-2017-5166

THREAT TYPE

remote

Trust: 1.2

sources: CNNVD: CNNVD-201609-547 // CNNVD: CNNVD-201702-243

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201609-547

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-001594

PATCH

title:

BINOM3

url:

http://www.binom3.ru/index.php?lang=en

Trust: 0.8

sources: JVNDB: JVNDB-2017-001594

EXTERNAL IDS

db:	BID	id:	93028	Trust: 3.8
db:	NVD	id:	CVE-2017-5166	Trust: 3.6
db:	ICS CERT	id:	ICSA-17-031-01A	Trust: 2.5
db:	CNNVD	id:	CNNVD-201702-243	Trust: 0.9
db:	CNVD	id:	CNVD-2017-01594	Trust: 0.8
db:	JVNDB	id:	JVNDB-2017-001594	Trust: 0.8
db:	CNVD	id:	CNVD-2016-08235	Trust: 0.6
db:	CNNVD	id:	CNNVD-201609-547	Trust: 0.6
db:	ICS CERT ALERT	id:	ICS-ALERT-16-263-01	Trust: 0.3
db:	ICS CERT	id:	ICSA-17-031-01	Trust: 0.3
db:	IVD	id:	15863D55-53B2-4E7E-A4D7-9099E7DC5EA7	Trust: 0.2
db:	VULHUB	id:	VHN-113369	Trust: 0.1

sources: IVD: 15863d55-53b2-4e7e-a4d7-9099e7dc5ea7 // CNVD: CNVD-2016-08235 // CNVD: CNVD-2017-01594 // VULHUB: VHN-113369 // BID: 93028 // JVNDB: JVNDB-2017-001594 // CNNVD: CNNVD-201609-547 // CNNVD: CNNVD-201702-243 // NVD: CVE-2017-5166

REFERENCES

url:	http://www.securityfocus.com/bid/93028	Trust: 3.5
url:	https://ics-cert.us-cert.gov/advisories/icsa-17-031-01a	Trust: 2.5
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-5166	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2017-5166	Trust: 0.8
url:	http://www.binom3.ru/	Trust: 0.3
url:	https://ics-cert.us-cert.gov/advisories/icsa-17-031-01	Trust: 0.3
url:	https://ics-cert.us-cert.gov/alerts/ics-alert-16-263-01	Trust: 0.3

sources: CNVD: CNVD-2016-08235 // CNVD: CNVD-2017-01594 // VULHUB: VHN-113369 // BID: 93028 // JVNDB: JVNDB-2017-001594 // CNNVD: CNNVD-201609-547 // CNNVD: CNNVD-201702-243 // NVD: CVE-2017-5166

CREDITS

Karn Ganeshen

Trust: 1.5

sources: BID: 93028 // CNNVD: CNNVD-201609-547 // CNNVD: CNNVD-201702-243

SOURCES

db:	IVD	id:	15863d55-53b2-4e7e-a4d7-9099e7dc5ea7
db:	CNVD	id:	CNVD-2016-08235
db:	CNVD	id:	CNVD-2017-01594
db:	VULHUB	id:	VHN-113369
db:	BID	id:	93028
db:	JVNDB	id:	JVNDB-2017-001594
db:	CNNVD	id:	CNNVD-201609-547
db:	CNNVD	id:	CNNVD-201702-243
db:	NVD	id:	CVE-2017-5166

LAST UPDATE DATE

2025-04-20T23:25:07.053000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2016-08235	date:	2016-09-28T00:00:00
db:	CNVD	id:	CNVD-2017-01594	date:	2017-02-20T00:00:00
db:	VULHUB	id:	VHN-113369	date:	2017-02-16T00:00:00
db:	BID	id:	93028	date:	2017-02-02T00:08:00
db:	JVNDB	id:	JVNDB-2017-001594	date:	2017-03-07T00:00:00
db:	CNNVD	id:	CNNVD-201609-547	date:	2016-09-22T00:00:00
db:	CNNVD	id:	CNNVD-201702-243	date:	2017-02-09T00:00:00
db:	NVD	id:	CVE-2017-5166	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	IVD	id:	15863d55-53b2-4e7e-a4d7-9099e7dc5ea7	date:	2017-02-20T00:00:00
db:	CNVD	id:	CNVD-2016-08235	date:	2016-09-28T00:00:00
db:	CNVD	id:	CNVD-2017-01594	date:	2017-02-20T00:00:00
db:	VULHUB	id:	VHN-113369	date:	2017-02-13T00:00:00
db:	BID	id:	93028	date:	2016-09-19T00:00:00
db:	JVNDB	id:	JVNDB-2017-001594	date:	2017-03-07T00:00:00
db:	CNNVD	id:	CNNVD-201609-547	date:	2016-09-22T00:00:00
db:	CNNVD	id:	CNNVD-201702-243	date:	2016-09-19T00:00:00
db:	NVD	id:	CVE-2017-5166	date:	2017-02-13T21:59:02.987