Sign-up

ID

VAR-201702-0697


CVE

CVE-2017-5145


TITLE

Carlo Gavazzi VMU-C EM and VMU-C PV Firmware cross-site request forgery vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-001714

DESCRIPTION

An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware Version A11_U05, and VMU-C PV prior to firmware Version A17. Successful exploitation of this CROSS-SITE REQUEST FORGERY (CSRF) vulnerability can allow execution of unauthorized actions on the device such as configuration parameter changes, and saving modified configuration. CarloGavazziAutomationVMU-CEM and VMU-CPV are control modules in the automation products of Italy's CarloGavazzi Automation. There is a cross-site request forgery vulnerability in CarloGavazziAutomationVMU-CEM and VMU-CPV. A remote attacker exploits a vulnerability to trick a user into parsing by constructing a malicious URL to perform malicious actions in the context of the target user. Exploiting these issues may allow a remote attacker to gain access to the sensitive information, or perform certain administrative actions and gain unauthorized access to the affected application. Other attacks are also possible. An attacker could exploit the vulnerability to perform unauthorized operations. *VMU-C Web-Server solution for photovoltaic applications* VMU-C EM is a data logger system for small to medium projects, VMUC-Y EM is a hardware data aggregator for medium to larger projects and Em2 Server is a software solution for large projects. They are designed to complement the extensive line of Carlo Gavazzi energy meters and current transformers. Weak Credentials Management* -> admin/admin -> Application does not enforce mandatory password change *2. Sensitive Information stored in clear-text* Accounts menu option a shows username and password a passwords shown in clear-text a SMTP server password a user and service passwords are stored in clear-text *3. Access Control flaws* 1. Access control is not enforced correctly 2. Certain application functions can be accessed without any authentication 3. Application stores the Energy / Plant data in a sqlite database - EWPlant.db. Anyone can dump plant database file - without any authentication *4. Reflected + Stored XSS - multiple URLs, parameters - *Not documented in ICS-CERT Advisory Successful exploitation of this vulnerability could allow an unauthenticated attacker to inject arbitrary JavaScript in a specially crafted URL request where the response containing user data is returned to the web browser without being made safe to display. *5. +++++

Trust: 2.88

sources: NVD: CVE-2017-5145 // JVNDB: JVNDB-2017-001714 // CNVD: CNVD-2017-00492 // BID: 95411 // IVD: 699fb07b-5711-4fcb-bc97-0358cd8754c0 // VULHUB: VHN-113348 // VULMON: CVE-2017-5145 // PACKETSTORM: 142045

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

category:['ICS']sub_category: -

Trust: 0.2

sources: IVD: 699fb07b-5711-4fcb-bc97-0358cd8754c0 // CNVD: CNVD-2017-00492

AFFECTED PRODUCTS

vendor:carlosgavazzimodel:vmu-c pvscope:eqversion: -

Trust: 1.6

vendor:carlosgavazzimodel:vmu-c emscope:eqversion: -

Trust: 1.6

vendor:carlo gavazzimodel:vmu-c emscope: - version: -

Trust: 0.8

vendor:carlo gavazzimodel:vmu-c emscope:ltversion:a11_u05

Trust: 0.8

vendor:carlo gavazzimodel:vmu-c pvscope: - version: -

Trust: 0.8

vendor:carlo gavazzimodel:vmu-c pvscope:ltversion:a17

Trust: 0.8

vendor:carlomodel:gavazzi vmu-c em <a11 u05scope: - version: -

Trust: 0.6

vendor:carlomodel:gavazzi vmu-c pv <a17scope: - version: -

Trust: 0.6

vendor:carlomodel:gavazzi vmu-c pvscope:eqversion:0

Trust: 0.3

vendor:carlomodel:gavazzi vmu-c emscope:eqversion:0

Trust: 0.3

vendor:carlomodel:gavazzi vmu-c pv a17scope:neversion: -

Trust: 0.3

vendor:carlomodel:gavazzi vmu-c em a11 u05scope:neversion: -

Trust: 0.3

vendor:vmu c emmodel: - scope:eqversion: -

Trust: 0.2

vendor:vmu c pvmodel: - scope:eqversion: -

Trust: 0.2

sources: IVD: 699fb07b-5711-4fcb-bc97-0358cd8754c0 // CNVD: CNVD-2017-00492 // BID: 95411 // JVNDB: JVNDB-2017-001714 // CNNVD: CNNVD-201701-324 // NVD: CVE-2017-5145

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-5145
value: CRITICAL

Trust: 1.0

NVD: CVE-2017-5145
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2017-00492
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201701-324
value: HIGH

Trust: 0.6

IVD: 699fb07b-5711-4fcb-bc97-0358cd8754c0
value: HIGH

Trust: 0.2

VULHUB: VHN-113348
value: HIGH

Trust: 0.1

VULMON: CVE-2017-5145
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-5145
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2017-00492
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 699fb07b-5711-4fcb-bc97-0358cd8754c0
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-113348
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-5145
baseSeverity: CRITICAL
baseScore: 10.0
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 6.0
version: 3.0

Trust: 1.8

sources: IVD: 699fb07b-5711-4fcb-bc97-0358cd8754c0 // CNVD: CNVD-2017-00492 // VULHUB: VHN-113348 // VULMON: CVE-2017-5145 // JVNDB: JVNDB-2017-001714 // CNNVD: CNNVD-201701-324 // NVD: CVE-2017-5145

PROBLEMTYPE DATA

problemtype:CWE-352

Trust: 1.9

sources: VULHUB: VHN-113348 // JVNDB: JVNDB-2017-001714 // NVD: CVE-2017-5145

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201701-324

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201701-324

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-001714

PATCH
title:Top Pageurl:http://www.productselection.net/
Trust: 0.8
title:CarloGavazziAutomationVMU-CEM and VMU-CPV have patches for cross-site request forgery vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/88076
Trust: 0.6
title:Carlo Gavazzi Automation VMU-C EM  and VMU-C PV Fixes for cross-site request forgery vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=66988
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-00492 // 
            
            
            
            JVNDB: JVNDB-2017-001714 // 
            
            
            
            CNNVD: CNNVD-201701-324

EXTERNAL IDS
db:NVDid:CVE-2017-5145
Trust: 3.8
db:ICS CERTid:ICSA-17-012-03
Trust: 3.6
db:BIDid:95411
Trust: 2.1
db:CNNVDid:CNNVD-201701-324
Trust: 0.9
db:CNVDid:CNVD-2017-00492
Trust: 0.8
db:JVNDBid:JVNDB-2017-001714
Trust: 0.8
db:IVDid:699FB07B-5711-4FCB-BC97-0358CD8754C0
Trust: 0.2
db:VULHUBid:VHN-113348
Trust: 0.1
db:VULMONid:CVE-2017-5145
Trust: 0.1
db:PACKETSTORMid:142045
Trust: 0.1
sources:
            
            
            IVD: 699fb07b-5711-4fcb-bc97-0358cd8754c0 // 
            
            
            
            CNVD: CNVD-2017-00492 // 
            
            
            
            VULHUB: VHN-113348 // 
            
            
            
            VULMON: CVE-2017-5145 // 
            
            
            
            BID: 95411 // 
            
            
            
            JVNDB: JVNDB-2017-001714 // 
            
            
            
            PACKETSTORM: 142045 // 
            
            
            
            CNNVD: CNNVD-201701-324 // 
            
            
            
            NVD: CVE-2017-5145

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-17-012-03
Trust: 3.7
url:http://www.securityfocus.com/bid/95411
Trust: 1.2
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-5145
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2017-5145
Trust: 0.8
url:http://www.securityfocus.com/bid/95411/info
Trust: 0.6
url:http://www.carlogavazzi.com/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/352.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-5145
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-5144
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-5146
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-00492 // 
            
            
            
            VULHUB: VHN-113348 // 
            
            
            
            VULMON: CVE-2017-5145 // 
            
            
            
            BID: 95411 // 
            
            
            
            JVNDB: JVNDB-2017-001714 // 
            
            
            
            PACKETSTORM: 142045 // 
            
            
            
            CNNVD: CNNVD-201701-324 // 
            
            
            
            NVD: CVE-2017-5145

CREDITS
Karn Ganeshen
Trust: 0.4
sources:
            
            
            BID: 95411 // 
            
            
            
            PACKETSTORM: 142045

SOURCES
db:IVDid:699fb07b-5711-4fcb-bc97-0358cd8754c0
db:CNVDid:CNVD-2017-00492
db:VULHUBid:VHN-113348
db:VULMONid:CVE-2017-5145
db:BIDid:95411
db:JVNDBid:JVNDB-2017-001714
db:PACKETSTORMid:142045
db:CNNVDid:CNNVD-201701-324
db:NVDid:CVE-2017-5145

LAST UPDATE DATE
2025-04-20T23:20:06.319000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-00492date:2017-01-17T00:00:00
db:VULHUBid:VHN-113348date:2017-02-24T00:00:00
db:VULMONid:CVE-2017-5145date:2017-02-24T00:00:00
db:BIDid:95411date:2017-01-23T04:05:00
db:JVNDBid:JVNDB-2017-001714date:2017-03-14T00:00:00
db:CNNVDid:CNNVD-201701-324date:2017-01-13T00:00:00
db:NVDid:CVE-2017-5145date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:IVDid:699fb07b-5711-4fcb-bc97-0358cd8754c0date:2017-01-17T00:00:00
db:CNVDid:CNVD-2017-00492date:2017-01-17T00:00:00
db:VULHUBid:VHN-113348date:2017-02-13T00:00:00
db:VULMONid:CVE-2017-5145date:2017-02-13T00:00:00
db:BIDid:95411date:2017-01-12T00:00:00
db:JVNDBid:JVNDB-2017-001714date:2017-03-14T00:00:00
db:PACKETSTORMid:142045date:2017-04-06T18:22:22
db:CNNVDid:CNNVD-201701-324date:2017-01-13T00:00:00
db:NVDid:CVE-2017-5145date:2017-02-13T21:59:02.550