PatchSiren

PatchSiren cyber security CVE debrief

CVE-2017-5167 Binom3 CVE debrief

CVE-2017-5167 describes a password-management weakness in BINOM3 Universal Multifunctional Electric Power Quality Meter firmware: users do not have an option to change their own passwords. In the NVD record, this is scored as HIGH severity with network-adjacent impact potential and is mapped to CWE-798 (Use of Hard-coded Credentials). For operators, the main concern is that account control may depend on fixed or centrally managed credentials, which can weaken confidentiality and limit incident response if accounts are exposed. No known ransomware or KEV listing is included in the supplied corpus.

Vendor
Binom3
Product
CVE-2017-5167
CVSS
HIGH 8.6
CISA KEV
Not listed in stored evidence
Original CVE published
2017-02-13
Original CVE updated
2026-05-13
Advisory published
2017-02-13
Advisory updated
2026-05-13

Who should care

Operators, integrators, and security teams responsible for BINOM3 Universal Multifunctional Electric Power Quality Meter deployments, especially where devices are network-connected, remotely administered, or part of critical industrial/utility environments.

Technical summary

The NVD entry ties this issue to BINOM3 meter firmware and rates it CVSS v3.0 8.6 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L). The reported condition is that users cannot change their own passwords. NVD also classifies the weakness as CWE-798 and associates the vulnerable CPE with the firmware component rather than the hardware CPE. The practical risk is weakened credential control and reduced ability for users to manage account security.

Defensive priority

High for exposed or operationally important deployments; moderate where the device is isolated and tightly controlled.

Recommended defensive actions

  • Confirm whether your deployed BINOM3 meter firmware matches the vulnerable CPE identified by NVD.
  • Review the US-CERT/ICS-CERT advisory referenced by NVD for any vendor guidance or mitigations.
  • If a vendor update or replacement firmware exists, plan validation and deployment through normal change control.
  • Restrict network access to the device with segmentation, allowlisting, and administrative access controls.
  • Audit who can administer accounts and rotate credentials where centralized or privileged controls exist.
  • Monitor for unauthorized access attempts and review authentication logs where available.
  • If no patch is available, apply compensating controls and document residual risk.

Evidence notes

Primary evidence comes from the NVD CVE record and the referenced ICS-CERT advisory. The supplied NVD metadata states: product is BINOM3 Universal Multifunctional Electric Power Quality Meter firmware, users cannot change their own passwords, CVSS v3.0 vector is AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L, and weakness is CWE-798. The NVD CPE mapping marks the firmware as vulnerable and the hardware CPE as not vulnerable. The record references US-CERT advisory ICSA-17-031-01A and SecurityFocus BID 93028.

Official resources

CVE published 2017-02-13 and last modified 2026-05-13 in the supplied NVD metadata. This debrief uses the published CVE/NVD record and referenced advisory metadata only.