OTPulse

Schneider Electric PowerLogic ION7400 / PM8000 / ION8650 / ION8800 / ION9000 Power Meters

Plan PatchCVSS 8.8ICS-CERT ICSA-23-229-03May 9, 2023
Schneider ElectricEnergyTransportation
Attack path
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionRequired
Summary

This vulnerability affects Schneider Electric PowerLogic power meters due to insufficient encryption of network communications (CWE-319). The ION protocol used by these devices does not encrypt traffic by default, allowing attackers who can intercept network communications to read sensitive operational data such as energy consumption, power quality metrics, and device configuration; modify transmitted data including falsifying meter readings; or disrupt power monitoring and control functions. Affected models include ION7400, PM8000, ION8650, ION8800, and ION9000 series power meters. A secure ION feature is available on some models but requires additional configuration and supporting software.

What this means
What could happen
An attacker could intercept unencrypted network traffic to these power meters, allowing them to read sensitive operational data, disrupt power monitoring and control functions, or inject false readings that affect billing and load management decisions.
Who's at risk
Electric utilities and transportation facilities that operate Schneider Electric PowerLogic power meters (ION7400, PM8000, ION8650, ION8800, ION9000) for energy monitoring and billing. These devices are critical for power quality monitoring, load profiling, and revenue metering in electrical distribution systems.
How it could be exploited
An attacker positioned on the same network as the power meter (or on a network path between the meter and its management system) can capture unencrypted ION protocol traffic. The attacker can then eavesdrop on communications to extract sensitive data or craft and inject forged messages without authentication to modify data or trigger denial of service.
Prerequisites
  • Network access to ION protocol communication path (port/protocol depends on device configuration)
  • No authentication required to read or modify unencrypted traffic
  • Device must be configured to use ION protocol without encryption or secure ION feature disabled
Remotely exploitableNo authentication requiredLow complexity attackNo encryption on ION protocol communicationsION8650, ION8800, and legacy ION products have no vendor fix available
Exploitability
Unlikely to be exploited — EPSS score 0.1%
Affected products (12)
6 with fix6 EOL
ProductAffected VersionsFix Status
PowerLogic ION9000<4.0.04.0.0
PowerLogic PM8000<4.0.04.0.0
PowerLogic ION7400<4.0.04.0.0
PowerLogic ION8650 All VersionsAll versionsNo fix (EOL)
PowerLogic ION8800 All VersionsAll versionsNo fix (EOL)
Legacy ION products All VersionsAll versionsNo fix (EOL)
PowerLogic PM8000: < 4.0.0< 4.0.04.0.0
PowerLogic ION8650: *All versionsNo fix (EOL)
Remediation & Mitigation
0/6
Do now
0/3
WORKAROUNDEnable secure ION feature if available and supported on your device model (requires additional configuration and software)
HARDENINGIsolate ION-protocol devices on a separate management network segment behind a firewall; do not expose to untrusted networks or the internet
HARDENINGRestrict network access to power meters to authorized management and monitoring systems only
Schedule — requires maintenance window
0/3

Patching may require device reboot — plan for process interruption

PowerLogic ION9000
HOTFIXUpdate PowerLogic ION9000 to firmware version 4.0.0 or later
PowerLogic ION7400
HOTFIXUpdate PowerLogic ION7400 to firmware version 4.0.0 or later
PowerLogic PM8000
HOTFIXUpdate PowerLogic PM8000 to firmware version 4.0.0 or later
View full CISA ICS-CERT advisory
API: /api/v1/advisories/c03c9675-874d-4f36-98c7-895835e0449e

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.