OTPulse

Smartlink, PowerTag, and Wiser Series Gateways

Plan PatchCVSS 7.1SEVD-2020-287-03Oct 13, 2020
Schneider ElectricEnergy
Attack path
Attack VectorAdjacent
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

A vulnerability in Schneider Electric Smartlink, PowerTag, and Wiser series gateways stems from insufficient randomization of internal values used for device security (CWE-330). This allows an attacker on the local network to send unauthorized commands without authentication, potentially modifying settings or disrupting operations. Affected products include Acti9 Smartlink SI D, SI B, PowerTag Link/Link HD, Smartlink EL B, Wiser Link, and Wiser Energy. Four product lines cannot be patched and will remain vulnerable.

What this means
What could happen
An attacker on the local network could manipulate electrical distribution settings or stop monitoring on the affected gateway, disrupting visibility into or control of building/grid energy management.
Who's at risk
Energy and facility managers responsible for building automation and electrical distribution monitoring systems. Specifically organizations using Schneider Electric Acti9 Smartlink (SI B, SI D, EL B), PowerTag Link (standard or HD), and Wiser (Link, Energy) gateway products for monitoring and control of circuit breakers, power meters, and distribution boards.
How it could be exploited
An attacker would need network access to the gateway on the local network segment. By exploiting insufficient randomization of internal values, the attacker can bypass security controls to send unauthorized commands that modify device settings or halt operations without authentication.
Prerequisites
  • Local network access to the gateway device
  • No credentials required
  • Device must be reachable on the same network segment
No authentication requiredLocal network access onlyLow complexity attackNo fix available for Smartlink SI B/D and PowerTag Link productsAffects energy management visibility and control
Exploitability
Unlikely to be exploited — EPSS score 0.6%
Affected products (6)
3 with fix3 EOL
ProductAffected VersionsFix Status
Wiser Link all<1.5.01.5.0
Wiser Energy all<1.5.01.5.0
Acti9 Smartlink SI D all<002.004.002No fix (EOL)
Acti9 Smartlink SI B all<002.004.002No fix (EOL)
Acti9 PowerTag Link / Link HD all<001.008.007No fix (EOL)
Acti9 Smartlink EL B all<1.2.11.2.1
Remediation & Mitigation
0/5
Do now
0/2
HARDENINGIsolate affected Smartlink SI B/D and PowerTag Link products on a separate network segment—they cannot be patched and should be restricted to essential communication only
WORKAROUNDImplement firewall rules to restrict network access to affected gateways to authorized management interfaces only
Schedule — requires maintenance window
0/3

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Acti9 Smartlink SI B/D and PowerTag Link products to the latest firmware via EcoStruxure Power Commission installer v.7.0
HOTFIXUpdate Wiser Link and Wiser Energy to firmware version 1.5.0 using the eSetup app
HOTFIXUpdate Acti9 Smartlink EL B to firmware version 1.2.1 using the eSetup app
View full Schneider Electric advisory
API: /api/v1/advisories/9caa9f72-f2d1-4ffe-82e4-cbf8ff12cf93

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.