26 matches found
EUVD-2017-14275
Malware in sbrugna...
EUVD-2017-14273
Malware in sbrugna...
The vulnerability of the microprogrammed software of the BINOM3 Universal Multifunctional Electric Power Quality Meter lies in the lack of authentication, which allows attackers to gain access to the device’s settings.
The vulnerability of the microprogrammed software of the BINOM3 Universal Multifunctional Electric Power Quality Meter is related to the lack of authentication. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain access to the device and perform arbitrary settin...
CVE-2017-5167
An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. Users do not have any option to change their own passwords...
CVE-2017-5165
An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. There is no CSRF Token generated per page and/or per sensitive function. Successful exploitation of this vulnerability can allow silent execution of unauthorized actions on the device such as configuration...
CVE-2017-5166
An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. An INFORMATION EXPOSURE flaw can be used to gain privileged access to the device...
CVE-2017-5162
An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. Lack of authentication for remote service gives access to application set up and configuration...
Cross site request forgery (csrf)
An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. There is no CSRF Token generated per page and/or per sensitive function. Successful exploitation of this vulnerability can allow silent execution of unauthorized actions on the device such as configuration...
Design/Logic Flaw
An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. Users do not have any option to change their own passwords...
CVE-2017-5162
An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. Lack of authentication for remote service gives access to application set up and configuration...
CVE-2017-5164
An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. Input sent from a malicious client is not properly verified by the server. An attacker can execute arbitrary script code in another user's browser session CROSS-SITE SCRIPTING...
CVE-2017-5165
An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. There is no CSRF Token generated per page and/or per sensitive function. Successful exploitation of this vulnerability can allow silent execution of unauthorized actions on the device such as configuration...
CVE-2017-5164
CVE-2017-5164 affects BINOM3 Electric Power Quality Meter (Universal multifunctional model). The vulnerability is Cross-Site Scripting caused by input from a malicious client not being properly verified by the server, allowing script execution in another user’s browser session. The CVE is describ...
CVE-2017-5167
The CVE-2017-5167 issue affects BINOM3 Universal Multifunctional Electric Power Quality Meter due to a hard-coded password/Vulnerability: Users cannot change their passwords. Public advisories (ICS-CERT update and CVE entries) describe the impact as unauthorized access to the device, potential se...
CVE-2017-5166
CVE-2017-5166 affects the BINOM3 Universal multifunctional Electric Power Quality Meter. The vulnerability is an information exposure (CWE-200) flaw that can be used to gain privileged access to the device. From the connected records, the issue is described with high impact: confidential, integri...
CVE-2017-5166
An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. An INFORMATION EXPOSURE flaw can be used to gain privileged access to the device...
CVE-2017-5162
The CVE-2017-5162 entry affects BINOM3 Universal Multifunctional Electric Power Quality Meter. Root cause is improper access control: lack of authentication for a remote service allows access to device setup and configuration. Documented impact includes unauthorized access to configuration data a...
BINOM3 Electric Power Quality Meter Hard-Coded Vulnerability
BINOM3 Electric Power Quality Meter is an electrical power quality monitor for SCADA systems from the Russian company BINOM3. A hard-coded vulnerability exists in BINOM3 Electric Power Quality Meter, where users do not have permission to change their passwords...
BINOM3 Electric Power Quality Meter Cross-Site Scripting Vulnerability
BINOM3 Electric Power Quality Meter is an electrical power quality monitor for SCADA systems from the Russian company BINOM3. A cross-site scripting vulnerability exists in BINOM3 Electric Power Quality Meter that could allow an attacker to execute arbitrary script code cross-site scripting withi...
BINOM3 Electric Power Quality Meter (Update A)
CVSS v3 10 ATTENTION: Remotely exploitable/low skill level to exploit Vendor: BINOM3 Equipment: Electric Power Quality Meter Vulnerabilities: Cross-site scripting, access control issues, cross-site request forgery CSRF, sensitive information stored in clear-text, and weak credentials management...