Sensormatic PowerManage (Update A)

Act Now10ICS-CERT ICSA-22-034-01Feb 3, 2022

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

PowerManage versions 4.0 through 4.8 contain an input validation flaw (CWE-20) that allows remote code execution without authentication. Successful exploitation gives an attacker complete control over the affected system, enabling manipulation of energy management, process setpoints, and facility operations. This vulnerability is actively exploited in the wild.

What this means

What could happen

An attacker could gain remote code execution on PowerManage servers, allowing them to manipulate energy management systems, alter critical setpoints, or disable monitoring and control capabilities across facility operations.

Who's at risk

Energy sector organizations using Sensormatic PowerManage for facility energy management and control, including utilities, data centers, hospitals, and industrial plants with centralized power monitoring and building automation systems.

How it could be exploited

An attacker with network access to a PowerManage instance (versions 4.0–4.8) can send a specially crafted request to the system without authentication to trigger remote code execution. The system is directly exposed if reachable from an untrusted network.

Prerequisites

Network access to the PowerManage system
No authentication credentials required
Target running PowerManage version 4.0 through 4.8

Remotely exploitableNo authentication requiredLow complexityActively exploited (KEV)EPSS score 94.4% (critical)Affects facility management and energy control systems

Exploitability

Actively exploited — confirmed by CISA KEV

Affected products (1)

ProductAffected VersionsFix Status

PowerManage:≥ 4.0 | ≤ 4.84.10

Remediation & Mitigation

0/4

Do now

0/4

HOTFIXUpgrade PowerManage to version 4.10 or later immediately

HARDENINGIsolate PowerManage systems from the Internet and restrict network access to trusted internal networks only

HARDENINGPlace PowerManage behind a firewall and implement network segmentation to isolate it from the business network

WORKAROUNDIf remote access is required, use a VPN with current security updates and restrict access to authorized personnel only

CVEs (1)

CVE-2021-44228

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/99611d76-11d6-4eaa-a4b9-d77e106e41eb