Schneider Electric PowerLogic P5

Monitor6.1ICS-CERT ICSA-24-331-02Jun 11, 2024

Attack VectorPhysical

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Schneider Electric PowerLogic P5 medium voltage protection relays contain a cryptographic weakness (CWE-327) that allows an attacker with physical access to gain full control of the relay or cause it to reboot without authentication. The vulnerability affects PowerLogic P5 version 01.500.104 and prior. Successful exploitation could disable electrical network protection, resulting in loss of fault detection and isolation capabilities. The vulnerability is not remotely exploitable.

What this means

What could happen

An attacker with physical access to the PowerLogic P5 relay could gain full control of the device or cause it to reboot, potentially disabling electrical protection and leaving your distribution network vulnerable to faults or cascading failures.

Who's at risk

Energy sector utilities operating Schneider Electric PowerLogic P5 medium voltage protection relays in distribution substations or control centers should assess their exposure. This relay is critical to electrical network fault detection and isolation. The vulnerability only affects legacy versions (v01.500.104 and prior).

How it could be exploited

An attacker must physically access the relay. They can then exploit a cryptographic weakness (CWE-327) to manipulate the device firmware or memory, either rebooting it or executing arbitrary commands that alter or disable protective functions.

Prerequisites

Physical access to the PowerLogic P5 relay
No authentication required
Device must be operational but does not need to be in any specific mode

Physical access requiredNo authentication neededLow complexity exploitationAffects protection/safety systemsNo patch available for legacy versions

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (1)

ProductAffected VersionsFix Status

PowerLogic P5 v01.500.104 and prior≤ 01.500.104Wave 4.2.3 P5L30

Remediation & Mitigation

0/6

Do now

0/4

HARDENINGInstall physical controls to restrict unauthorized personnel access to the relay. Lock the cabinet housing the device and ensure it is never left in Program mode.

HARDENINGDo not connect programming software to any network other than the isolated control system network intended for the device.

WORKAROUNDScan all portable media (USB drives, CDs) before use on the isolated control network.

HARDENINGEnsure mobile devices connecting to the control or safety network have not previously connected to other networks, or implement proper sanitation procedures before connection.

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate PowerLogic P5 firmware to Wave 4.2.3 P5L30 or later. Contact Schneider Electric Customer Care Center to obtain and apply this firmware update during a scheduled maintenance window.

Long-term hardening

0/1

HARDENINGIsolate the control system network and remote devices behind firewalls, separate from the business network.

CVEs (1)

CVE-2024-5559

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/c27c3d78-29c5-46d6-a715-2da30c406c97