PatchSiren cyber security CVE debrief
CVE-2017-5162 Binom3 CVE debrief
CVE-2017-5162 describes a critical missing-authentication issue in BINOM3 Universal Multifunctional Electric Power Quality Meter firmware. According to NVD, a remote service can be reached without authentication and may expose application setup and configuration functions. Because the issue is network-reachable and requires no privileges or user interaction, it is rated CVSS 9.8 and should be treated as an urgent hardening and exposure-reduction issue for affected deployments.
- Vendor
- Binom3
- Product
- CVE-2017-5162
- CVSS
- CRITICAL 9.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2017-02-13
- Original CVE updated
- 2026-05-13
- Advisory published
- 2017-02-13
- Advisory updated
- 2026-05-13
Who should care
OT/ICS operators, electrical utility teams, integrators, and asset owners using BINOM3 Universal Multifunctional Electric Power Quality Meter firmware should care, especially where the device is reachable from untrusted networks or shared operational segments.
Technical summary
NVD identifies the vulnerability as CWE-306 (Missing Authentication for Critical Function) and lists the vulnerable CPE as BINOM3 Universal Multifunctional Electric Power Quality Meter firmware. The CVSS v3.0 vector is AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating a remotely exploitable issue with no privileges or interaction required and high potential impact to confidentiality, integrity, and availability. The published description states that lack of authentication for a remote service gives access to application setup and configuration.
Defensive priority
Immediate priority: isolate affected devices, restrict network reachability, and verify whether BINOM3 firmware in use is exposed to remote access paths.
Recommended defensive actions
- Identify all BINOM3 Universal Multifunctional Electric Power Quality Meter deployments and determine whether affected firmware is present.
- Restrict or block network access to the meter’s remote service from untrusted or non-essential segments.
- Place affected devices behind tightly controlled OT network boundaries and allow only required management paths.
- Review whether the remote service can be disabled or otherwise limited through vendor-supported configuration.
- Monitor for unauthorized changes to application setup or configuration on exposed devices.
- Consult the NVD record and referenced ICS-CERT/advisory links for any vendor or responder guidance associated with this issue.
Evidence notes
This debrief is based on the NVD CVE record and the supplied CVE description. NVD marks the issue as Modified on 2026-05-13 and assigns CVSS v3.0 9.8 with vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. The weakness is listed as CWE-306. The NVD record also associates the vulnerability with BINOM3 Universal Multifunctional Electric Power Quality Meter firmware via the vulnerable CPE entry.
Official resources
-
CVE-2017-5162 CVE record
CVE.org
-
CVE-2017-5162 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Third Party Advisory, US Government Resource
-
Mitigation or vendor reference
[email protected] - Third Party Advisory, US Government Resource
Publicly disclosed in the CVE record on 2017-02-13. The NVD record associated with this issue was last modified on 2026-05-13.