Accuenergy Acuvim II Series AXM-NET Module Vulnerabilities

Plan PatchCVSS 8.6ICS-CERT ICSA-16-105-02Jan 16, 2016

Energy

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

The Acuvim II NET and Acuvim IIR NET firmware versions 3.08 lack proper authentication mechanisms on Modbus TCP and HTTP interfaces. An unauthenticated attacker can access and read sensitive device configuration and power data, or send commands to modify meter settings including scaling factors, calibration, and relay outputs. This allows unauthorized viewing of energy consumption data and potential manipulation of power measurements transmitted to billing and SCADA systems. The vulnerability affects both the web management interface and the Modbus TCP protocol used for remote data collection.

What this means

What could happen

An attacker with network access to an Acuvim II NET module could read sensitive device data and configuration information, or modify device settings and potentially affect power monitoring and measurements in your electrical distribution network.

Who's at risk

This affects energy utilities and facilities that use Acuvim II or Acuvim IIR power meters with NET modules for remote monitoring and billing. These meters are installed on distribution feeders, substations, and large facility switchboards to measure voltage, current, power factor, and energy consumption.

How it could be exploited

An attacker on your network sends unauthenticated requests to the Acuvim II NET module on port 502 (Modbus TCP) or the web interface port. The module accepts the requests without requiring credentials due to missing authentication enforcement, allowing the attacker to read or modify device registers and configuration.

Prerequisites

Network access to the Acuvim II NET module (wired or wireless, depending on your network setup)
No credentials required for exploitation

remotely exploitableno authentication requiredlow complexityno patch available

Exploitability

Unlikely to be exploited — EPSS score 0.4%

Affected products (2)

2 EOL

ProductAffected VersionsFix Status

Acuvim II NET Firmware: 3.083.08No fix (EOL)

Acuvim IIR NET Firmware: 3.083.08No fix (EOL)

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDDeploy firewall rules to restrict inbound access to the Acuvim II NET module to only trusted source IP addresses (engineering workstations, SCADA servers)

Mitigations - no patch available

0/3

The following products have reached End of Life with no planned fix: Acuvim II NET Firmware: 3.08, Acuvim IIR NET Firmware: 3.08. Apply the following compensating controls:

HARDENINGImplement network segmentation: isolate Acuvim II NET modules on a separate VLAN accessible only to authorized energy management systems and engineering workstations

HARDENINGDisable or restrict access to unnecessary ports and services on the device if possible through device configuration menus

HARDENINGMonitor Modbus TCP traffic to and from the module for unauthorized queries or write operations

CVEs (2)

CVE-2016-2293 CVE-2016-2294

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/39d5b157-2585-47ef-9371-44c221431c33

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.