CVE-2017-5162

An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. Lack of authentication for remote service gives access to application set up and configuration.

CVSS v3 9.8 CRITICAL
CVSS v2.0 10.0 HIGH

9.8^/10

CVSS v3 : CRITICAL

Vector : AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.securityfocus.com/bid/93028	Third Party Advisory US Government Resource
https://ics-cert.us-cert.gov/advisories/ICSA-17-031-01A	Third Party Advisory US Government Resource

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:binom3:universal_multifunctional_electric_power_quality_meter_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:binom3:universal_multifunctional_electric_power_quality_meter:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2017-02-13 21:59

Updated : 2023-12-10 12:01

NVD link : CVE-2017-5162

Mitre link : CVE-2017-5162

CVE.ORG link : CVE-2017-5162

JSON object : View

Products Affected

binom3

universal_multifunctional_electric_power_quality_meter
universal_multifunctional_electric_power_quality_meter_firmware

CWE

CWE-306

Missing Authentication for Critical Function

{"id": "CVE-2017-5162", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": true, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2017-02-13T21:59:02.860", "references": [{"url": "http://www.securityfocus.com/bid/93028", "tags": ["Third Party Advisory", "US Government Resource"], "source": "ics-cert@hq.dhs.gov"}, {"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-031-01A", "tags": ["Third Party Advisory", "US Government Resource"], "source": "ics-cert@hq.dhs.gov"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-306"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. Lack of authentication for remote service gives access to application set up and configuration."}, {"lang": "es", "value": "Ha sido descubierto un problema en BINOM3 Universal Multifunctional Electric Power Quality Meter. La falta de autenticaci\u00f3n para el servicio remoto da acceso a la configuraci\u00f3n de la aplicaci\u00f3n."}], "lastModified": "2017-02-16T16:09:56.490", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:binom3:universal_multifunctional_electric_power_quality_meter_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AD3D22CB-94D8-4066-8D92-6B3EE21A1C19"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:binom3:universal_multifunctional_electric_power_quality_meter:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "43E83CFB-E822-4C19-A8FE-9A4F88A9E545"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}