CVE-2017-5166 Binom3 CVE debrief

Who should care

OT/ICS asset owners, site operators, network administrators, and security teams responsible for BINOM3 electric power quality meters or any industrial device deployed on reachable network segments.

Technical summary

The NVD record identifies the vulnerable component as BINOM3 Universal Multifunctional Electric Power Quality Meter firmware and classifies the weakness as CWE-200 (information exposure). The CVSS vector is CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating network-reachable exploitation with no privileges or user interaction required and severe potential impact. The record also references an ICS-CERT advisory and a SecurityFocus BID entry.

Defensive priority

Critical. Treat as urgent if the device or its management interface is reachable from any network beyond a tightly controlled OT segment.

Recommended defensive actions

• Inventory BINOM3 meter deployments and verify which devices run the affected firmware.
• Restrict network access to the meter and its management interfaces to required OT hosts only.
• Remove any unnecessary remote exposure, including direct Internet access and broad VLAN reachability.
• Review the referenced ICS-CERT advisory and vendor guidance for any remediation or mitigation steps.
• Monitor for unauthorized configuration access, privilege changes, and unexpected device behavior.
• If isolation is feasible, place affected devices on a segmented network with strict allow-listing and logging.

Evidence notes

This debrief is based on the supplied NVD record and its cited references. The record states an information exposure flaw, identifies BINOM3 firmware as vulnerable, assigns CWE-200, and gives CVSS 3.0 9.8. The supplied corpus does not provide affected firmware versions or a vendor patch status.

Official resources