Satel Iberia SenNet Data Logger and Electricity Meters

Act NowCVSS 8.8ICS-CERT ICSA-17-131-02May 11, 2017

Energy

Attack path

Attack VectorNetwork

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

SenNet Optimal DataLogger, Multitask Meter, and Solar Datalogger contain a command injection vulnerability (CWE-77) in the network management interface. An authenticated user can execute arbitrary system commands on the device by providing crafted input that is not properly validated. This affects all versions of these three product lines. The vulnerability is remotely exploitable with low skill level and affects energy measurement, data logging, and billing systems used in power distribution environments.

What this means

What could happen

An attacker with valid user credentials could run arbitrary commands on SenNet data loggers and electricity meters, potentially altering energy measurements, falsifying meter readings, or disrupting data collection and monitoring systems that support billing and grid operations.

Who's at risk

Energy utilities operating Satel Iberia SenNet data loggers and electricity meters, including renewable energy installations with solar data loggers. This affects facilities that depend on these devices for energy measurement, billing data collection, and grid monitoring.

How it could be exploited

An attacker with a valid user account credentials can authenticate to the SenNet data logger or meter over the network and execute arbitrary commands due to improper input validation (CWE-77 - Improper Neutralization). This allows the attacker to run system-level commands directly on the device.

Prerequisites

Valid user credentials (engineering or administrative account)
Network access to the SenNet data logger or meter management interface
Device accessible from attacker's network segment or remotely if internet-facing

Remotely exploitableLow complexity attackHigh EPSS score (45.6%)No patch availableRequires valid credentials but credentials may be weak or default

Exploitability

Likely to be exploited — EPSS score 45.6%

Metasploit module available — weaponized exploitView module ↗

Affected products (3)

3 EOL

ProductAffected VersionsFix Status

SenNet Optimal DataLogger: V5.37c-1.43c and prior≤ 5.37c-1.43cNo fix (EOL)

SenNet Multitask Meter: V5.21a-1.18b and prior≤ 5.21a-1.18bNo fix (EOL)

SenNet Solar Datalogger: V5.03-1.56a and prior≤ 5.03-1.56aNo fix (EOL)

Remediation & Mitigation

0/5

Do now

0/3

HARDENINGImplement network segmentation to restrict access to SenNet data loggers and meters; allow connections only from authorized engineering workstations and SCADA systems

HARDENINGEnable and enforce strong password policies for all user accounts on SenNet devices; rotate all default and weak credentials immediately

WORKAROUNDDeploy firewall rules to limit inbound network access to these devices; block or restrict access from untrusted networks

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

WORKAROUNDDisable remote management interfaces if not actively required; use out-of-band or serial access instead for administrative tasks

HARDENINGMonitor and log all authentication attempts and command execution on affected devices; alert on unusual user account activity

CVEs (1)

CVE-2017-6048

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/41cf812d-6b5e-4afb-bc66-b35919affd9a

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.