CVE-2017-5146
published 2017-02-13CVE-2017-5146: An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware Version A11_U05, and VMU-C PV prior to firmware Version A17. Sensitive information is…
PriorityP357high7.5CVSS 3.0
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
9.32%
94.8th percentile
An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware Version A11_U05, and VMU-C PV prior to firmware Version A17. Sensitive information is stored in clear-text.
Detection & IOCsextracted from sources · hover to see the quote
- →Unauthenticated HTTP access to the EWplant.db database file on Carlo Gavazzi VMU-C devices is a strong indicator of exploitation of the access control flaw (CVE-2017-5144) which also enables the CVE-2017-5146 cleartext information exposure. ↗
- →Monitor for unauthenticated retrieval of SMTP configuration from Carlo Gavazzi VMU-C devices; older firmware versions expose SMTP config (including cleartext passwords) without any authentication. ↗
- →Scan/brute-force activity against Carlo Gavazzi Energy Meter login portals may precede credential harvesting and cleartext SMTP password extraction. ↗
- ·CVE-2017-5146 (cleartext sensitive information) affects only VMU-C EM prior to firmware Version A11_U05 and VMU-C PV prior to firmware Version A17; patched versions are not vulnerable. ↗
- ·A valid, admin-privileged user is normally required to extract the SMTP password, but some older firmware versions expose it without any authentication, widening the attack surface for cleartext credential exposure. ↗
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Carlo Gavazzi VMU-C EM and VMU-C PV
cisa_ics·2017-01-19
Carlo Gavazzi VMU-C EM and VMU-C PV
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Carlo Gavazzi VMU-C EM and VMU-C PV
Last RevisedJanuary 19, 2017
Alert CodeICSA-17-012-03
## CVSS V3 10
ATTENTION: Remotely exploitable/low skill level to exploit.
Vendor: Carlo Gavazzi
Equipment: VMU-C EM, VMU-C PV
Vulnerabilities: Access Control Flaws, CSRF, Sensitive Information Stored In Clear Text
## AFFECTED PRODUCTS
Carlo Gavazzi reports that the vulnerabilities affect the following versions:
- VMU-C EM prior to firmware Version A11_U05, and
- VMU-C PV prior to firmware Version A17
## IMPACT
Successful exploitation of these vulnerabilities could allow the attacke
GHSA
GHSA-c93j-r7rc-86j9: An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware Version A11_U05, and VMU-C PV prior to firmware Version A17
ghsa_unreviewed·2022-05-17
CVE-2017-5146 [HIGH] CWE-200 GHSA-c93j-r7rc-86j9: An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware Version A11_U05, and VMU-C PV prior to firmware Version A17
An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware Version A11_U05, and VMU-C PV prior to firmware Version A17. Sensitive information is stored in clear-text.
No detection rules found.
No writeups or analysis indexed.
2017-02-13
Published