Schneider Electric PowerLogic ION7400 / PM8000 / ION8650 / ION8800 / ION9000 Power Meters

Plan Patch8.8ICS-CERT ICSA-23-229-03Aug 17, 2023

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

This vulnerability affects Schneider Electric PowerLogic power meters due to insufficient encryption of network communications (CWE-319). The ION protocol used by these devices does not encrypt traffic by default, allowing attackers who can intercept network communications to read sensitive operational data such as energy consumption, power quality metrics, and device configuration; modify transmitted data including falsifying meter readings; or disrupt power monitoring and control functions. Affected models include ION7400, PM8000, ION8650, ION8800, and ION9000 series power meters. A secure ION feature is available on some models but requires additional configuration and supporting software.

What this means

What could happen

An attacker could intercept unencrypted network traffic to these power meters, allowing them to read sensitive operational data, disrupt power monitoring and control functions, or inject false readings that affect billing and load management decisions.

Who's at risk

Electric utilities and transportation facilities that operate Schneider Electric PowerLogic power meters (ION7400, PM8000, ION8650, ION8800, ION9000) for energy monitoring and billing. These devices are critical for power quality monitoring, load profiling, and revenue metering in electrical distribution systems.

How it could be exploited

An attacker positioned on the same network as the power meter (or on a network path between the meter and its management system) can capture unencrypted ION protocol traffic. The attacker can then eavesdrop on communications to extract sensitive data or craft and inject forged messages without authentication to modify data or trigger denial of service.

Prerequisites

Network access to ION protocol communication path (port/protocol depends on device configuration)
No authentication required to read or modify unencrypted traffic
Device must be configured to use ION protocol without encryption or secure ION feature disabled

Remotely exploitableNo authentication requiredLow complexity attackNo encryption on ION protocol communicationsION8650, ION8800, and legacy ION products have no vendor fix available

Exploitability

Low exploit probability (EPSS 0.2%)

Affected products (6)

3 with fix3 EOL

ProductAffected VersionsFix Status

PowerLogic PM8000: < 4.0.0< 4.0.04.0.0

PowerLogic ION8650: *All versionsNo fix (EOL)

PowerLogic ION8800: *All versionsNo fix (EOL)

Legacy ION products: *All versionsNo fix (EOL)

PowerLogic ION9000: < 4.0.0< 4.0.04.0.0

PowerLogic ION7400: < 4.0.0< 4.0.04.0.0

Remediation & Mitigation

0/6

Do now

0/3

WORKAROUNDEnable secure ION feature if available and supported on your device model (requires additional configuration and software)

HARDENINGIsolate ION-protocol devices on a separate management network segment behind a firewall; do not expose to untrusted networks or the internet

HARDENINGRestrict network access to power meters to authorized management and monitoring systems only

Schedule — requires maintenance window

0/3

Patching may require device reboot — plan for process interruption

HOTFIXUpdate PowerLogic ION9000 to firmware version 4.0.0 or later

HOTFIXUpdate PowerLogic ION7400 to firmware version 4.0.0 or later

HOTFIXUpdate PowerLogic PM8000 to firmware version 4.0.0 or later

CVEs (1)

CVE-2022-46680

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/c03c9675-874d-4f36-98c7-895835e0449e