Schneider Electric PowerLogic PM55xx and PowerLogic PM8ECC

Plan Patch8.1ICS-CERT ICSA-24-331-01Jun 8, 2021

Attack VectorNetwork

Auth RequiredNone

ComplexityHigh

User InteractionNone needed

Summary

Schneider Electric PowerLogic PM55xx power metering devices and PM8ECC ethernet communication module contain privilege elevation vulnerabilities (CWE-640, CWE-287) that could result in loss of control of the affected device. The PM5560, PM5561, PM5562, PM5563, and PM8ECC products are affected. Attackers could exploit these vulnerabilities to gain elevated privileges and take control of the metering device.

What this means

What could happen

An attacker could gain elevated privileges on power metering devices, potentially altering energy consumption data, disabling alarms, or taking control of the meter's operations. This could affect billing accuracy and operational visibility into electrical distribution systems.

Who's at risk

Energy utilities and facilities with Schneider Electric PowerLogic PM55xx power metering devices (PM5560, PM5561, PM5562, PM5563) and PM8ECC ethernet communication modules should be concerned. These devices are used for electrical consumption monitoring and data collection in substations, distribution centers, and large facilities. Any organization relying on accurate power metering data for billing, load management, or operational monitoring is affected.

How it could be exploited

An attacker with network access to the device can exploit the privilege elevation vulnerability to gain elevated privileges without authentication. The vulnerability is reachable over HTTP, allowing remote exploitation from the network. Once exploited, the attacker gains control of the metering device.

Prerequisites

Network access to the PowerLogic device on the HTTP port (port 80)
Device must have HTTP web service enabled (default configuration)
No valid credentials required for exploitation

remotely exploitableno authentication requiredaffects power metering and energy visibilitysome products have no fix available

Exploitability

Low exploit probability (EPSS 0.3%)

Affected products (6)

5 with fix1 EOL

ProductAffected VersionsFix Status

PowerLogic PM5561<10.7.310.7.3

PowerLogic PM5563<2.7.82.8.3

PowerLogic PM5560<2.7.82.8.3

PowerLogic PM5562 v2.5.4 and prior≤ 2.5.4<4.3.5

PowerLogic PM5562<4.3.5<4.3.5

PowerLogic PM8ECC All VersionsAll versionsNo fix (EOL)

Remediation & Mitigation

0/6

Do now

0/1

WORKAROUNDBlock HTTP access to all affected PowerLogic devices at the firewall level or disable the HTTP web service on the device

Schedule — requires maintenance window

0/4

Patching may require device reboot — plan for process interruption

PowerLogic PM5560

HOTFIXUpdate PowerLogic PM5560 firmware to version 2.8.3 or later

PowerLogic PM5561

HOTFIXUpdate PowerLogic PM5561 firmware to version 10.7.3 or later

PowerLogic PM5562

HOTFIXUpdate PowerLogic PM5562 firmware to version 4.3.5 or later

PowerLogic PM5563

HOTFIXUpdate PowerLogic PM5563 firmware to version 2.8.3 or later

Mitigations - no patch available

0/1

PowerLogic PM8ECC All Versions has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGImplement network segmentation to restrict access to power metering devices to authorized management networks only

CVEs (2)

CVE-2021-22763 CVE-2021-22764

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/7d8dcfb2-8afa-490a-93b3-9662622f409b