Skip Ribbon Commands
Skip to main content
Computer Emergency Response Team of Mauritius (CERT-MU)

VN-2017-11


Vulnerabilities in Carlo Gavazzi Energy Monitoring Products
Severity Rating: High
System Affected:  
 

·         VMU-C EM prior to firmware version A11_U05, and VMU-C PV prior to firmware version A17

 

Multiple vulnerabilities have been identified in Carlo Gavazzi Energy Monitoring Products and can allow a remote attacker to gain access to the sensitive information, perform certain administrative actions and gain unauthorized access to the affected application.

The vulnerabilities reported are as follows

·         Unauthorized  Access vulnerability

·         Cross-site request forgery vulnerability

·         Information-disclosure vulnerability

On successful exploitation of these vulnerabilities an attacker would be able to execute configuration parameter changes and saving modified configuration.
 
Source:
Solution
Users are advised to apply updates.
More information is available on:
AusCert
 
 
Vendor Information
Carlo Gavazzi

http://www.carlogavazzi.com/

 
CVE Information

CVE-2017-5144
CVE-2017-5145
CVE-2017-5146

 
References
Security Week

http://www.securityweek.com/flaws-found-carlo-gavazzi-energy-monitoring-products?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Securityweek+%28SecurityWeek+RSS+Feed%29

Security Focus

http://www.securityfocus.com/bid/95411/info

 
 
Contact Information
 
Postal address
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street
Port Louis