BINOM3 Power Quality Meter Holes

Tuesday, September 20, 2016 @ 04:09 PM gHale


There are vulnerabilities affecting the BINOM3 Electric Power Quality Meter, a meter designed for autonomous operation in automated systems, according to a report with ICS-CERT.

The report, released by researcher Karn Ganeshen, found the vulnerabilities are remotely exploitable. This report released after the researcher coordinated with ICS-CERT. However, ICS-CERT unsuccessfully tried to notify the affected vendor of the report.

RELATED STORIES
Trane Fixes Tracer SC Issue
Yokogawa Clears STARDOM Hole
Rockwell Clears Parser Buffer Overflow
ABB Fixes Credential Mgt Vulnerability

ICS-CERT issued an alert to provide early notice of the report and identify baseline mitigations for reducing risks to these and other cybersecurity attacks.

The report included vulnerability details for the following vulnerabilities:
• Reflected and stored Cross-site Scripting
• Clear Text Passwords
• Sensitive information leakage in GET request
• Access Control Issues

The vulnerabilities could lead to Injection of arbitrary Java Script, Privileged access to device and Password authentication not enabled on Telnet Access.

BINOM3 Electric Power Quality Meter products see use in SCADA systems such as automated process control systems.

For details, see the BINOM3 web site.