Details of VAR-201702-0685

ID

VAR-201702-0685

CVE

CVE-2017-5167

TITLE

BINOM3 Electric Power Quality Meter Multiple Security Vulnerabilities

Trust: 0.9

sources: BID: 93028 // CNNVD: CNNVD-201609-547

DESCRIPTION

An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. Users do not have any option to change their own passwords. Cross-site scripting vulnerability 2. HTML injection vulnerability 3. Security bypass vulnerability 4. Information disclosure vulnerability. Attackers can use these vulnerabilities to execute arbitrary code in the context of the affected application, steal cookie-based authentication, obtain sensitive information, or bypass security restrictions to gain elevated permissions. Multiple information-disclosure vulnerabilities. 5. An attacker could exploit this vulnerability to gain access to the device

Trust: 3.78

sources: NVD: CVE-2017-5167 // JVNDB: JVNDB-2017-001595 // CNVD: CNVD-2017-01593 // CNVD: CNVD-2016-08235 // CNNVD: CNNVD-201609-547 // BID: 93028 // IVD: 28290389-d149-499c-8f7f-fa89e4e385ff // VULHUB: VHN-113370

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 1.4

sources: IVD: 28290389-d149-499c-8f7f-fa89e4e385ff // CNVD: CNVD-2017-01593 // CNVD: CNVD-2016-08235

AFFECTED PRODUCTS

vendor:	algorithm	model:	binom3 universal multifunctional electric power quality meter	scope:	-	version:	-	Trust: 1.6
vendor:	binom3	model:	universal multifunctional electric power quality meter	scope:	eq	version:	-	Trust: 1.6
vendor:	binom3	model:	electric power quality meter	scope:	-	version:	-	Trust: 1.2
vendor:	binom3	model:	electric power quality meter	scope:	eq	version:	0	Trust: 0.9
vendor:	universal multifunctional electric power quality meter	model:	-	scope:	eq	version:	-	Trust: 0.2

sources: IVD: 28290389-d149-499c-8f7f-fa89e4e385ff // CNVD: CNVD-2017-01593 // CNVD: CNVD-2016-08235 // BID: 93028 // JVNDB: JVNDB-2017-001595 // CNNVD: CNNVD-201702-244 // NVD: CVE-2017-5167

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-5167
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-5167
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2017-01593
value:	HIGH
Trust: 0.6
CNVD:	CNVD-2016-08235
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201702-244
value:	HIGH
Trust: 0.6
IVD:	28290389-d149-499c-8f7f-fa89e4e385ff
value:	HIGH
Trust: 0.2
VULHUB:	VHN-113370
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2017-5167
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-01593
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
CNVD:	CNVD-2016-08235
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	28290389-d149-499c-8f7f-fa89e4e385ff
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-113370
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-5167
baseSeverity:	HIGH
baseScore:	8.6
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	3.9
impactScore:	4.7
version:	3.0
Trust: 1.0
NVD:	CVE-2017-5167
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: IVD: 28290389-d149-499c-8f7f-fa89e4e385ff // CNVD: CNVD-2017-01593 // CNVD: CNVD-2016-08235 // VULHUB: VHN-113370 // JVNDB: JVNDB-2017-001595 // CNNVD: CNNVD-201702-244 // NVD: CVE-2017-5167

PROBLEMTYPE DATA

problemtype:

CWE-798

Trust: 1.9

sources: VULHUB: VHN-113370 // JVNDB: JVNDB-2017-001595 // NVD: CVE-2017-5167

THREAT TYPE

remote

Trust: 1.2

sources: CNNVD: CNNVD-201609-547 // CNNVD: CNNVD-201702-244

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201609-547

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-001595

PATCH

title:

BINOM3

url:

http://www.binom3.ru/index.php?lang=en

Trust: 0.8

sources: JVNDB: JVNDB-2017-001595

EXTERNAL IDS

db:	BID	id:	93028	Trust: 3.8
db:	NVD	id:	CVE-2017-5167	Trust: 3.6
db:	ICS CERT	id:	ICSA-17-031-01A	Trust: 2.5
db:	CNNVD	id:	CNNVD-201702-244	Trust: 0.9
db:	CNVD	id:	CNVD-2017-01593	Trust: 0.8
db:	JVNDB	id:	JVNDB-2017-001595	Trust: 0.8
db:	CNVD	id:	CNVD-2016-08235	Trust: 0.6
db:	CNNVD	id:	CNNVD-201609-547	Trust: 0.6
db:	ICS CERT ALERT	id:	ICS-ALERT-16-263-01	Trust: 0.3
db:	ICS CERT	id:	ICSA-17-031-01	Trust: 0.3
db:	IVD	id:	28290389-D149-499C-8F7F-FA89E4E385FF	Trust: 0.2
db:	VULHUB	id:	VHN-113370	Trust: 0.1

sources: IVD: 28290389-d149-499c-8f7f-fa89e4e385ff // CNVD: CNVD-2017-01593 // CNVD: CNVD-2016-08235 // VULHUB: VHN-113370 // BID: 93028 // JVNDB: JVNDB-2017-001595 // CNNVD: CNNVD-201609-547 // CNNVD: CNNVD-201702-244 // NVD: CVE-2017-5167

REFERENCES

url:	http://www.securityfocus.com/bid/93028	Trust: 3.5
url:	https://ics-cert.us-cert.gov/advisories/icsa-17-031-01a	Trust: 2.5
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-5167	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2017-5167	Trust: 0.8
url:	http://www.binom3.ru/	Trust: 0.3
url:	https://ics-cert.us-cert.gov/advisories/icsa-17-031-01	Trust: 0.3
url:	https://ics-cert.us-cert.gov/alerts/ics-alert-16-263-01	Trust: 0.3

sources: CNVD: CNVD-2017-01593 // CNVD: CNVD-2016-08235 // VULHUB: VHN-113370 // BID: 93028 // JVNDB: JVNDB-2017-001595 // CNNVD: CNNVD-201609-547 // CNNVD: CNNVD-201702-244 // NVD: CVE-2017-5167

CREDITS

Karn Ganeshen

Trust: 1.5

sources: BID: 93028 // CNNVD: CNNVD-201609-547 // CNNVD: CNNVD-201702-244

SOURCES

db:	IVD	id:	28290389-d149-499c-8f7f-fa89e4e385ff
db:	CNVD	id:	CNVD-2017-01593
db:	CNVD	id:	CNVD-2016-08235
db:	VULHUB	id:	VHN-113370
db:	BID	id:	93028
db:	JVNDB	id:	JVNDB-2017-001595
db:	CNNVD	id:	CNNVD-201609-547
db:	CNNVD	id:	CNNVD-201702-244
db:	NVD	id:	CVE-2017-5167

LAST UPDATE DATE

2025-04-20T23:25:07.103000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-01593	date:	2017-02-20T00:00:00
db:	CNVD	id:	CNVD-2016-08235	date:	2016-09-28T00:00:00
db:	VULHUB	id:	VHN-113370	date:	2017-06-28T00:00:00
db:	BID	id:	93028	date:	2017-02-02T00:08:00
db:	JVNDB	id:	JVNDB-2017-001595	date:	2017-03-07T00:00:00
db:	CNNVD	id:	CNNVD-201609-547	date:	2016-09-22T00:00:00
db:	CNNVD	id:	CNNVD-201702-244	date:	2017-02-09T00:00:00
db:	NVD	id:	CVE-2017-5167	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	IVD	id:	28290389-d149-499c-8f7f-fa89e4e385ff	date:	2017-02-20T00:00:00
db:	CNVD	id:	CNVD-2017-01593	date:	2017-02-20T00:00:00
db:	CNVD	id:	CNVD-2016-08235	date:	2016-09-28T00:00:00
db:	VULHUB	id:	VHN-113370	date:	2017-02-13T00:00:00
db:	BID	id:	93028	date:	2016-09-19T00:00:00
db:	JVNDB	id:	JVNDB-2017-001595	date:	2017-03-07T00:00:00
db:	CNNVD	id:	CNNVD-201609-547	date:	2016-09-22T00:00:00
db:	CNNVD	id:	CNNVD-201702-244	date:	2016-09-19T00:00:00
db:	NVD	id:	CVE-2017-5167	date:	2017-02-13T21:59:03.003