Schneider Electric PowerLogic PM5560

Plan PatchCVSS 8.2ICS-CERT ICSA-18-240-03Aug 28, 2018

Schneider ElectricEnergy

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

The PowerLogic PM5560 contains a stored cross-site scripting (CWE-79) vulnerability in its web interface. User input is not properly sanitized before being displayed or executed, allowing an attacker to inject malicious code. Successful exploitation could lead to remote code execution, enabling an attacker to manipulate the device, alter power meter readings, change configuration settings, or disrupt energy monitoring operations. The vulnerability affects all PowerLogic PM5560 firmware versions prior to 2.5.4.

What this means

What could happen

An attacker could inject malicious code into the PM5560 web interface, potentially gaining remote code execution on the device. This could allow manipulation of power meter data, alteration of device settings, or denial of service to energy monitoring and control operations.

Who's at risk

Energy utilities operating Schneider Electric PowerLogic PM5560 power quality and power monitoring meters. This affects any organization using these meters for real-time energy monitoring, load profiling, or as part of SCADA/EMS systems that rely on accurate meter data for decision-making.

How it could be exploited

An attacker sends a crafted web request containing malicious input (e.g., JavaScript or command injection) to the PM5560 web interface. If a user visits a malicious link or the attacker can intercept/modify traffic, the injected code executes in the user's browser or on the device itself, depending on how user input is processed and stored.

Prerequisites

Network access to the PM5560 web interface (typically HTTP/HTTPS on port 80/443)
User interaction required: a user must click a malicious link or visit a compromised page hosting the injection payload
The PM5560 must be running firmware version earlier than 2.5.4

remotely exploitablelow complexityuser interaction requiredaffects monitoring/control data integrity

Exploitability

Unlikely to be exploited — EPSS score 0.3%

Affected products (1)

ProductAffected VersionsFix Status

PowerLogic PM5560: all< 2.5.42.5.4

Remediation & Mitigation

0/4

Do now

0/2

HARDENINGPlace the PM5560 behind a firewall and restrict access to authorized users only

WORKAROUNDIf remote access is required, use a VPN with current security patches to limit exposure

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade PowerLogic PM5560 firmware to version 2.5.4 or later

Long-term hardening

0/1

HARDENINGImplement network segmentation to isolate the PM5560 from the business network and the Internet

CVEs (1)

CVE-2018-7795

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/d6538d00-ea01-4bd4-a762-f349d7b2ef0d

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.