CVE-2017-5162 – CVE-2017-5162 is a critical authentication bypa... (How to Fix)

Q: What is the severity of CVE-2017-5162?

CVE-2017-5162 has a CVSS score of 9.8 (CRITICAL). CVE-2017-5162 is a critical authentication bypass vulnerability in BINOM3 Universal Multifunctional Electric Power Quality Meters that allows unauthenticated attackers to access and modify device configuration settings. This affects industrial control systems using these power meters without proper network segmentation. Attackers can remotely reconfigure critical power monitoring equipment without credentials.

📋 TL;DR

CVE-2017-5162 is a critical authentication bypass vulnerability in BINOM3 Universal Multifunctional Electric Power Quality Meters that allows unauthenticated attackers to access and modify device configuration settings. This affects industrial control systems using these power meters without proper network segmentation. Attackers can remotely reconfigure critical power monitoring equipment without credentials.

💻 Affected Systems

Products:

BINOM3 Universal Multifunctional Electric Power Quality Meter

Versions: All versions prior to firmware updates addressing CVE-2017-5162

Operating Systems: Embedded firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Affects devices with remote management interfaces enabled. Industrial control systems in power distribution, manufacturing, and critical infrastructure sectors.

📦 What is this software?

Universal Multifunctional Electric Power Quality Meter Firmware by Binom3

View all CVEs affecting Universal Multifunctional Electric Power Quality Meter Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of power monitoring infrastructure allowing attackers to manipulate power readings, disrupt electrical systems, or cause physical damage through misconfiguration of sensitive industrial equipment.

🟠

Likely Case

Unauthorized access to device configuration leading to altered power quality measurements, false alarms, or disruption of monitoring capabilities in industrial environments.

🟢

If Mitigated

Limited impact with proper network segmentation and access controls preventing external access to the vulnerable service.

🌐 Internet-Facing: HIGH - Devices exposed to internet are trivially exploitable without authentication.

🏢 Internal Only: HIGH - Even internally, lack of authentication allows any network user to access and modify configurations.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires network access to the device's management interface. No authentication needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Firmware updates from vendor

Vendor Advisory: https://ics-cert.us-cert.gov/advisories/ICSA-17-031-01A

Restart Required: Yes

Instructions:

1. Contact BINOM3 vendor for firmware updates. 2. Apply firmware patch following vendor instructions. 3. Restart device to activate new firmware. 4. Verify authentication is now required for remote access.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate BINOM3 meters on separate VLAN with strict firewall rules

Access Control Lists

all

Implement IP-based restrictions to limit access to management interface

🧯 If You Can't Patch

Physically disconnect from networks or use air-gapped configuration
Implement strict network monitoring and alerting for unauthorized access attempts

🔍 How to Verify

Check if Vulnerable:

Attempt to access device configuration interface without authentication via network scan on default ports

Check Version:

Check device firmware version through vendor-specific interface or serial console

Verify Fix Applied:

Verify authentication prompt appears when accessing management interface and unauthorized access is blocked

📡 Detection & Monitoring

Log Indicators:

Unauthenticated access attempts to management interface
Configuration changes without authentication logs

Network Indicators:

Unusual traffic to device management ports from unauthorized sources
Configuration protocol traffic without preceding authentication

SIEM Query:

source_ip=* AND dest_port=(management_port) AND NOT auth_success=true

📊 Metadata

CVE ID: CVE-2017-5162

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-306

Published: February 13, 2017

Last Updated: April 20, 2025

🔗 References

http://www.securityfocus.com/bid/93028 Third Party Advisory,US Government Resource
https://ics-cert.us-cert.gov/advisories/ICSA-17-031-01A Third Party Advisory,US Government Resource
http://www.securityfocus.com/bid/93028 Third Party Advisory,US Government Resource
https://ics-cert.us-cert.gov/advisories/ICSA-17-031-01A Third Party Advisory,US Government Resource

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2017-5162, you might also want to check these: