CVE-2017-5162

CRITICAL

BINOM3 - Auth Bypass

Title source: llm

Description

An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. Lack of authentication for remote service gives access to application set up and configuration.

Exploits (1)

metasploit WORKING POC

rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/binom3_login_config_pass_dump.rb

View Code ZIP pw:eip

References (2)

[Third Party Advisory, US Government Resource] http://www.securityfocus.com/bid/93028

[Third Party Advisory, US Government Resource] https://ics-cert.us-cert.gov/advisories/ICSA-17-031-01A

Scores

CVSS v3 9.8

EPSS 0.6006

EPSS Percentile 98.3%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-306

Status published

Products (2)

binom3/universal_multifunctional_electric_power_quality_meter_firmware

n/a/BINOM3 Electric Power Quality Meter BINOM3 Electric Power Quality Meter

Published Feb 13, 2017

Tracked Since Feb 18, 2026