CVE-2017-5165 in Universal Multifunctional Electric Power Quality Meter
Summary
by MITRE
An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. There is no CSRF Token generated per page and/or per (sensitive) function. Successful exploitation of this vulnerability can allow silent execution of unauthorized actions on the device such as configuration parameter changes, and saving modified configuration.
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 08/14/2020
The vulnerability identified as CVE-2017-5165 affects the BINOM3 Universal Multifunctional Electric Power Quality Meter, a device commonly deployed in industrial and commercial power monitoring environments. This critical security flaw stems from the absence of Cross-Site Request Forgery (CSRF) protection mechanisms within the device's web-based management interface. The device fails to implement proper CSRF token generation for each page load or sensitive function execution, creating a fundamental security gap that undermines the integrity of its administrative operations.
The technical implementation flaw resides in the web application layer of the power quality meter, where the device does not enforce CSRF token validation for administrative actions. This vulnerability maps directly to CWE-352, which defines Cross-Site Request Forgery as a weakness where a web application does not adequately validate that requests originate from legitimate sources. Without CSRF tokens, the device cannot distinguish between authorized user-initiated requests and maliciously crafted requests that could be executed silently in the background. An attacker could construct malicious web pages or exploit existing vulnerabilities to trigger unauthorized configuration changes, potentially leading to complete system compromise.
The operational impact of this vulnerability extends beyond simple configuration modifications, as it enables attackers to silently execute unauthorized administrative actions without user consent or awareness. When an authenticated user visits a malicious website or interacts with compromised content, the attacker's request could be automatically transmitted to the vulnerable device, resulting in configuration parameter changes that could disrupt power monitoring operations, alter critical settings, or potentially create security backdoors. The silent execution aspect means that legitimate users would have no indication that unauthorized changes have occurred, making this vulnerability particularly dangerous in environments where continuous power monitoring is critical.
This vulnerability aligns with several ATT&CK techniques including T1078 for Valid Accounts and T1566 for Phishing, as attackers could leverage social engineering to trick users into visiting malicious sites that exploit the CSRF weakness. The lack of CSRF protection also violates security best practices outlined in NIST SP 800-53 and ISO/IEC 27001, which emphasize the importance of implementing proper access controls and validation mechanisms for administrative functions. Organizations relying on such power quality meters face significant operational risks, including potential service disruptions, data integrity issues, and increased attack surface for more sophisticated exploits that could leverage this initial foothold to escalate privileges or access additional network resources. The vulnerability demonstrates a critical failure in the device's security architecture and underscores the importance of implementing comprehensive CSRF protection mechanisms in all web-based administrative interfaces, particularly in industrial control systems where operational technology security is paramount.
The mitigation strategy should involve implementing robust CSRF token mechanisms that generate unique tokens for each user session and sensitive operation, ensuring that all administrative functions require proper validation before execution. Device manufacturers should also consider implementing additional security measures such as request origin validation, time-based token expiration, and enhanced authentication mechanisms to prevent unauthorized access to critical configuration parameters.