Login Sign Up

CVE-2017-5144

9.8 CRITICAL
Authentication Bypass

📋 TL;DR

This critical authentication bypass vulnerability in Carlo Gavazzi VMU-C energy monitoring devices allows attackers to access most application functions without credentials. Affected systems include VMU-C EM devices prior to firmware Version A11_U05 and VMU-C PV devices prior to firmware Version A17. This impacts industrial control systems using these devices for energy monitoring.

💻 Affected Systems

Products:
  • Carlo Gavazzi VMU-C EM
  • Carlo Gavazzi VMU-C PV
Versions: VMU-C EM: prior to firmware Version A11_U05, VMU-C PV: prior to firmware Version A17
Operating Systems: Embedded firmware
Default Config Vulnerable: ⚠️ Yes
Notes: These are industrial energy monitoring devices used in building automation and industrial control systems.

📦 What is this software?

Vmu C Em Firmware by Carlosgavazzi

View all CVEs affecting Vmu C Em Firmware →

Vmu C Pv Firmware by Carlosgavazzi

View all CVEs affecting Vmu C Pv Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of energy monitoring systems allowing unauthorized control, data manipulation, or disruption of industrial operations.

🟠

Likely Case

Unauthorized access to sensitive energy consumption data, configuration changes, or potential device manipulation.

🟢

If Mitigated

Limited impact if devices are isolated in protected networks with strict access controls.

🌐 Internet-Facing: HIGH - Direct internet exposure would allow immediate exploitation by any attacker.
🏢 Internal Only: HIGH - Even internally, any network access could lead to exploitation without authentication.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Authentication bypass vulnerabilities typically have low exploitation complexity once discovered.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: VMU-C EM: firmware Version A11_U05 or later, VMU-C PV: firmware Version A17 or later

Vendor Advisory: https://ics-cert.us-cert.gov/advisories/ICSA-17-012-03

Restart Required: Yes

Instructions:

1. Download latest firmware from Carlo Gavazzi support portal. 2. Backup current configuration. 3. Apply firmware update following vendor instructions. 4. Verify successful update and restore configuration if needed.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate affected devices in separate VLANs with strict firewall rules limiting access to authorized management systems only.

Access Control Lists

all

Implement network ACLs to restrict access to device management interfaces to specific IP addresses only.

🧯 If You Can't Patch

  • Segment network to isolate vulnerable devices from untrusted networks
  • Implement strict firewall rules allowing only necessary traffic to device management interfaces

🔍 How to Verify

Check if Vulnerable:

Check device firmware version via web interface or serial console. For VMU-C EM: version must be A11_U05 or higher. For VMU-C PV: version must be A17 or higher.

Check Version:

Access device web interface and navigate to System Information or use serial console to check firmware version.

Verify Fix Applied:

After firmware update, verify version shows patched version and test that authentication is required for all application functions.

📡 Detection & Monitoring

Log Indicators:

  • Unauthenticated access attempts to application functions
  • Configuration changes without authentication logs

Network Indicators:

  • HTTP requests to device management interface without authentication headers
  • Unusual traffic patterns to device ports

SIEM Query:

source_ip="device_ip" AND (http_status=200 OR http_method=POST) AND NOT (http_cookie CONTAINS "session" OR http_authorization EXISTS)

📊 Metadata

CVE ID: CVE-2017-5144
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Published: February 13, 2017
Last Updated: April 20, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON