Smartlink, PowerTag, and Wiser Series Gateways

Plan Patch7.1SEVD-2020-287-03Oct 13, 2020

Attack VectorAdjacent

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

A vulnerability in Schneider Electric Smartlink, PowerTag, and Wiser series gateways stems from insufficient randomization of internal values used for device security (CWE-330). This allows an attacker on the local network to send unauthorized commands without authentication, potentially modifying settings or disrupting operations. Affected products include Acti9 Smartlink SI D, SI B, PowerTag Link/Link HD, Smartlink EL B, Wiser Link, and Wiser Energy. Four product lines cannot be patched and will remain vulnerable.

What this means

What could happen

An attacker on the local network could manipulate electrical distribution settings or stop monitoring on the affected gateway, disrupting visibility into or control of building/grid energy management.

Who's at risk

Energy and facility managers responsible for building automation and electrical distribution monitoring systems. Specifically organizations using Schneider Electric Acti9 Smartlink (SI B, SI D, EL B), PowerTag Link (standard or HD), and Wiser (Link, Energy) gateway products for monitoring and control of circuit breakers, power meters, and distribution boards.

How it could be exploited

An attacker would need network access to the gateway on the local network segment. By exploiting insufficient randomization of internal values, the attacker can bypass security controls to send unauthorized commands that modify device settings or halt operations without authentication.

Prerequisites

Local network access to the gateway device
No credentials required
Device must be reachable on the same network segment

No authentication requiredLocal network access onlyLow complexity attackNo fix available for Smartlink SI B/D and PowerTag Link productsAffects energy management visibility and control

Exploitability

Low exploit probability (EPSS 0.6%)

Affected products (6)

3 with fix3 EOL

ProductAffected VersionsFix Status

Wiser Link all<1.5.01.5.0

Wiser Energy all<1.5.01.5.0

Acti9 Smartlink SI D all<002.004.002No fix (EOL)

Acti9 Smartlink SI B all<002.004.002No fix (EOL)

Acti9 PowerTag Link / Link HD all<001.008.007No fix (EOL)

Acti9 Smartlink EL B all<1.2.11.2.1

Remediation & Mitigation

0/5

Do now

0/2

HARDENINGIsolate affected Smartlink SI B/D and PowerTag Link products on a separate network segment—they cannot be patched and should be restricted to essential communication only

WORKAROUNDImplement firewall rules to restrict network access to affected gateways to authorized management interfaces only

Schedule — requires maintenance window

0/3

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Acti9 Smartlink SI B/D and PowerTag Link products to the latest firmware via EcoStruxure Power Commission installer v.7.0

HOTFIXUpdate Wiser Link and Wiser Energy to firmware version 1.5.0 using the eSetup app

HOTFIXUpdate Acti9 Smartlink EL B to firmware version 1.2.1 using the eSetup app

CVEs (1)

CVE-2020-7548

View full Schneider Electric advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/9caa9f72-f2d1-4ffe-82e4-cbf8ff12cf93