Janitza UMG Power Quality Measuring Products Vulnerabilities

Plan PatchCVSS 9.8ICS-CERT ICSA-15-265-03Jun 25, 2015

Energy

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Janitza UMG power quality meters contain multiple vulnerabilities affecting authentication, credential storage, and information disclosure. The devices include weaknesses in password management (CWE-521, CWE-259), weak random number generation (CWE-330), improper access controls, cross-site scripting (CWE-79), cross-site request forgery (CWE-352), and information leakage (CWE-200, CWE-215). These weaknesses allow unauthenticated network access to sensitive configuration and operational data, and may permit unauthorized modification of device settings.

What this means

What could happen

An attacker with network access to a Janitza UMG meter could read sensitive power quality data and device configuration, or modify device settings and measurement parameters without authentication, affecting the accuracy of power monitoring and control decisions at your facility.

Who's at risk

Electrical utilities and industrial facilities that use Janitza UMG 508, 509, 511, 604, or 605 power quality meters for monitoring and measurement in substations, distribution systems, or plant electrical networks are affected. These devices measure voltage, current, frequency, and power quality parameters used for equipment protection and operational decision-making.

How it could be exploited

An attacker on your network could send HTTP requests directly to the UMG device's web interface without credentials to retrieve or modify device configuration, measurement thresholds, and operational parameters. The device's weak authentication and lack of proper access controls allow direct manipulation of the web application.

Prerequisites

Network access to the UMG device's IP address and port (typically HTTP/HTTPS port)
No valid credentials required for exploitation

remotely exploitableno authentication requiredlow complexityno patch availableaffects power distribution/monitoring

Exploitability

Unlikely to be exploited — EPSS score 0.9%

Affected products (5)

5 EOL

ProductAffected VersionsFix Status

UMG 508: vers:all/*All versionsNo fix (EOL)

UMG 509: vers:all/*All versionsNo fix (EOL)

UMG 604: vers:all/*All versionsNo fix (EOL)

UMG 605: vers:all/*All versionsNo fix (EOL)

UMG 511: vers:all/*All versionsNo fix (EOL)

Remediation & Mitigation

0/4

Do now

0/1

HARDENINGRestrict network access to UMG devices using firewall rules—allow only authorized engineering workstations and SCADA/monitoring systems to reach the device's management interface

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HARDENINGMonitor UMG device traffic for unauthorized configuration changes or data access using network detection tools

WORKAROUNDDocument current device settings and establish change control procedures to detect unauthorized modifications

Mitigations - no patch available

0/1

The following products have reached End of Life with no planned fix: UMG 508: vers:all/*, UMG 509: vers:all/*, UMG 604: vers:all/*, UMG 605: vers:all/*, UMG 511: vers:all/*. Apply the following compensating controls:

HARDENINGIsolate UMG devices on a segmented network or VLAN separate from general IT networks and untrusted systems

CVEs (7)

CVE-2015-3972 CVE-2015-3973 CVE-2015-3968 CVE-2015-3971 CVE-2015-3970 CVE-2015-3967 CVE-2015-3969

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/c3da5a4f-0e94-491a-941d-b7bc3a9c1386

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.