PowerLogic ION8650, PowerLogic ION8800

Monitor7.2SEVD-2023-318-01Nov 14, 2023

Attack VectorNetwork

Auth RequiredHigh

ComplexityLow

User InteractionNone needed

Summary

Multiple vulnerabilities exist in PowerLogic ION8650 and ION8800 revenue and power quality meters. An attacker with administrative privileges could upload malicious firmware (improper verification of downloads, CWE-494) or inject cross-site scripting code into web pages (CWE-79). Malicious firmware could alter device behavior or meter readings; injected web code could compromise users viewing those pages. These meters are used for utility electrical network monitoring and billing.

What this means

What could happen

An attacker with administrator access could install malicious firmware on the power/revenue meter, changing how it measures or reports electrical data, or inject malicious code into web pages viewed by utility staff to compromise their workstations.

Who's at risk

Electric utilities and municipal power authorities that operate Schneider Electric PowerLogic ION8650 or ION8800 revenue meters for billing and power quality monitoring. These meters are critical to accurate billing and network visibility—compromising them could affect billing accuracy or mask abnormal grid conditions.

How it could be exploited

An attacker with administrative credentials and network access to the meter's web interface could upload compromised firmware (CWE-494) or inject malicious HTML/JavaScript into the meter's web pages (CWE-79). When other users view those web pages, the injected code executes in their browser.

Prerequisites

Administrator credentials for the ION8650 or ION8800 device
Network access to the device's web interface (port 80/443 or management interface)
Ability to upload files or modify web content on the device

No patch availableRequires high privilege (administrator) but can severely impact billing and operationsLow EPSS score but affects critical metering infrastructure

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (2)

2 EOL

ProductAffected VersionsFix Status

PowerLogic ION8800 All VersionsAll versionsNo fix (EOL)

PowerLogic ION8650 All VersionsAll versionsNo fix (EOL)

Remediation & Mitigation

0/6

Do now

0/4

HARDENINGRestrict network access to the meters using firewalls—only allow connection from authorized utility management networks and engineering workstations

HARDENINGPlace meter installations behind firewalls and isolate them from business networks and the Internet

HARDENINGImplement physical access controls—lock meters in cabinets and restrict personnel who can access them

WORKAROUNDDisable programming or upload modes on the meters when not actively needed for maintenance

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HARDENINGUse strong, unique administrator credentials and consider disabling default administrative accounts

HARDENINGIf remote administration is required, require VPN access with multi-factor authentication

CVEs (2)

CVE-2023-5984 CVE-2023-5985

View full Schneider Electric advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/cf54ac2d-6aa6-4f92-8996-83a3824b6f15