By Eduard Kovacs on September 20, 2016
BINOM3, a multifunctional revenue energy meter and power quality analyzer from Russia-based Algoritm, is plagued by several serious vulnerabilities for which patches don’t appear to exist.
The flaws were discovered by security researcher Karn Ganeshen and reported to the vendor via ICS-CERT on May 25. Since the company has not responded to ICS-CERT’s notifications, the expert decided to make his findings public.
According to Ganeshen, the web management portal of BINOM3 devices is plagued by both reflected and persistent cross-site scripting (XSS) vulnerabilities that can be leveraged by authenticated and sometimes even unauthenticated attackers to execute arbitrary JavaScript code by getting the targeted user to click on a link or visit a certain webpage.
Full Article