OTPulse
FeedAboutContact

PowerLogic P5

Monitor6.1SEVD-2024-163-02Jun 11, 2024
Attack VectorPhysical
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

A cryptographic weakness (CWE-327) in PowerLogic P5 medium-voltage protection relays allows an attacker with physical access to gain full control of the device without authentication. Exploitation could result in denial of service, device reboot, or modification of relay protection logic, leading to loss of electrical network protection. PowerLogic P5 firmware versions 01.500.104 and earlier are affected.

What this means
What could happen
An attacker with physical access to the relay could reboot the device, alter its control logic, or disable it entirely—causing loss of electrical protection on medium-voltage circuits and potential cascading outages or equipment damage.
Who's at risk
Electric utilities and industrial facilities using PowerLogic P5 medium-voltage protection relays in substations, switchyards, and distribution networks. Any organization that relies on these relays for electrical circuit protection should prioritize this fix.
How it could be exploited
An attacker with physical access to the PowerLogic P5 relay can exploit a cryptographic weakness (CWE-327) to gain full control of the device without authentication. Once in control, they can modify protection settings, trigger a reboot, or disable protective functions.
Prerequisites
  • Physical access to the PowerLogic P5 relay
  • No credentials or special configuration required
Affects safety-critical protection equipmentNo patch available for affected versions ≤01.500.104Loss of protective relay function could cascade to wider outagesPhysical access required but exploitable without authentication
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (1)
ProductAffected VersionsFix Status
PowerLogic P5≤ 01.500.104Wave 4.2.3 P5L30
Remediation & Mitigation
0/1
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate PowerLogic P5 firmware to Wave 4.2.3 P5L30 or later. Contact Schneider Electric Customer Care Center to obtain and apply the patched firmware.
View full Schneider Electric advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/177a086c-f939-4821-9d99-9787e970e480
PowerLogic P5 | CVSS 6.1 - OTPulse