Lucene search

[email protected]CVE-2017-5165

HistoryFeb 13, 2017 - 9:59 p.m.

CVE-2017-5165

2017-02-1321:59:02

CWE-352

[email protected]

web.nvd.nist.gov

security

vulnerability

csrf

token

exploitation

unauthorized actions

configuration parameter changes

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H

8.1 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

29.2%

JSON

An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. There is no CSRF Token generated per page and/or per (sensitive) function. Successful exploitation of this vulnerability can allow silent execution of unauthorized actions on the device such as configuration parameter changes, and saving modified configuration.

Affected configurations

NVD

Node

binom3universal_multifunctional_electric_power_quality_meter_firmwareMatch-

AND

binom3universal_multifunctional_electric_power_quality_meterMatch-

CPENameOperatorVersion
binom3:universal_multifunctional_electric_power_quality_meter_firmwarebinom3 universal multifunctional electric power quality meter firmwareeq-

CPE	Name	Operator	Version
binom3:universal_multifunctional_electric_power_quality_meter_firmware	binom3 universal multifunctional electric power quality meter firmware	eq	-

CNA Affected

[
  {
    "product": "BINOM3 Electric Power Quality Meter",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "BINOM3 Electric Power Quality Meter"
      }
    ]
  }
]

References

www.securityfocus.com/bid/93028

ics-cert.us-cert.gov/advisories/ICSA-17-031-01A

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H

8.1 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

29.2%

JSON

Related for CVE-2017-5165

nvd1 prion1 cvelist1 ics2