CVE-2017-5166 – CVE-2017-5166 is an information exposure vulner... (How to Fix)

Q: What is the severity of CVE-2017-5166?

CVE-2017-5166 has a CVSS score of 9.8 (CRITICAL). CVE-2017-5166 is an information exposure vulnerability in BINOM3 Universal Multifunctional Electric Power Quality Meters that allows attackers to gain privileged access to the device. This affects industrial control systems using these power quality meters, potentially compromising critical infrastructure monitoring.

📋 TL;DR

CVE-2017-5166 is an information exposure vulnerability in BINOM3 Universal Multifunctional Electric Power Quality Meters that allows attackers to gain privileged access to the device. This affects industrial control systems using these power quality meters, potentially compromising critical infrastructure monitoring.

💻 Affected Systems

Products:

BINOM3 Universal Multifunctional Electric Power Quality Meter

Versions: All versions prior to firmware update addressing CVE-2017-5166

Operating Systems: Embedded firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Affects devices in default configuration; specific firmware versions not detailed in public advisories.

📦 What is this software?

Universal Multifunctional Electric Power Quality Meter Firmware by Binom3

View all CVEs affecting Universal Multifunctional Electric Power Quality Meter Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the power quality meter allowing manipulation of power monitoring data, disruption of industrial processes, and potential lateral movement to other industrial control systems.

🟠

Likely Case

Unauthorized access to sensitive power quality data and device configuration, potentially enabling further attacks on the industrial network.

🟢

If Mitigated

Limited impact with proper network segmentation and access controls preventing external access to the vulnerable devices.

🌐 Internet-Facing: HIGH - These devices are often connected to industrial networks that may have internet connectivity, and the vulnerability allows unauthenticated access.

🏢 Internal Only: HIGH - Even internally, the vulnerability allows privilege escalation and device compromise within industrial control networks.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability involves information exposure that leads to privilege escalation, suggesting relatively straightforward exploitation once the information leak is identified.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Firmware update addressing CVE-2017-5166 (specific version not specified in public advisories)

Vendor Advisory: https://ics-cert.us-cert.gov/advisories/ICSA-17-031-01A

Restart Required: Yes

Instructions:

1. Contact BINOM3 or device vendor for firmware update. 2. Backup device configuration. 3. Apply firmware update following vendor instructions. 4. Restart device. 5. Verify proper operation.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate BINOM3 meters on separate VLANs with strict firewall rules preventing external access.

Access Control Lists

all

Implement strict network ACLs allowing only authorized management systems to communicate with the meters.

🧯 If You Can't Patch

Implement strict network segmentation to isolate vulnerable devices from untrusted networks
Deploy intrusion detection systems to monitor for unauthorized access attempts to the meters

🔍 How to Verify

Check if Vulnerable:

Check device firmware version and compare against vendor's patched version list; monitor for unauthorized access attempts to device management interfaces.

Check Version:

Check through device web interface or serial console using vendor-specific commands (consult device manual)

Verify Fix Applied:

Verify firmware version matches vendor's patched version; test that information exposure vulnerability no longer exists by attempting to access privileged information without authentication.

📡 Detection & Monitoring

Log Indicators:

Unauthorized access attempts to device management interfaces
Unexpected configuration changes
Multiple failed authentication attempts

Network Indicators:

Unusual traffic patterns to/from power quality meters
Traffic from unexpected source IPs to meter management ports

SIEM Query:

source_ip IN [meter_ips] AND (port=80 OR port=443 OR port=23) AND (status_code=200 OR protocol=TCP) AND NOT source_ip IN [authorized_management_ips]

📊 Metadata

CVE ID: CVE-2017-5166

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-200

Published: February 13, 2017

Last Updated: April 20, 2025

🔗 References

http://www.securityfocus.com/bid/93028 Third Party Advisory,VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-17-031-01A Third Party Advisory,US Government Resource
http://www.securityfocus.com/bid/93028 Third Party Advisory,VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-17-031-01A Third Party Advisory,US Government Resource

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2017-5166, you might also want to check these: