These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2017-5146 is a high-severity information-disclosure issue in Carlo Gavazzi VMU-C EM and VMU-C PV firmware. Versions prior to VMU-C EM A11_U05 and VMU-C PV A17 store sensitive information in clear text, which can expose confidential data if the device or its stored data is accessed.
CVE-2017-5145 is a critical cross-site request forgery (CSRF) vulnerability affecting Carlo Gavazzi VMU-C EM firmware prior to Version A11_U05 and VMU-C PV firmware prior to Version A17. A successful attack can cause unauthorized actions on the device, including configuration parameter changes and saving modified configuration. Because the issue is network-reachable and requires no privileges, it is a hig [truncated]
CVE-2017-5144 is a critical access-control flaw in Carlo Gavazzi VMU-C EM and VMU-C PV firmware. Affected versions before EM firmware A11_U05 and PV firmware A17 allow access to most application functions without authentication, so any exposed device should be treated as high risk.