OTPulse
FeedAboutContact

PowerLogic PM5300 Series

Plan Patch7.5SEVD-2024-317-01Nov 12, 2024
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

A vulnerability exists in PowerLogic PM5300 series power meters with Ethernet functionality that fails to properly handle network requests. An attacker can exploit this by sending malformed Ethernet packets that exhaust the device's network processing resources, causing it to become unresponsive. The vulnerability affects devices used for energy cost tracking and basic network management. Affected versions are PM5320 and PM5340 through version 2.3.8, and PM5341 through version 2.6.6.

What this means
What could happen
An attacker with network access to the power meter can send malicious requests that overwhelm the device's network processing, causing it to stop communicating and lose remote monitoring and control capabilities.
Who's at risk
Energy companies and utilities that rely on PowerLogic PM5320, PM5340, or PM5341 power meters for remote energy monitoring and management should prioritize this update. These meters are commonly deployed in electrical distribution systems where loss of communication affects billing data collection and real-time power analysis.
How it could be exploited
An attacker on the network sends specially crafted requests to the Ethernet interface of the power meter. The device fails to properly handle the requests, consuming resources until it can no longer process legitimate communication attempts, resulting in a denial of service.
Prerequisites
  • Network access to the Ethernet port of the affected power meter
  • No authentication required
remotely exploitableno authentication requiredlow complexitydenial of service impact
Exploitability
Low exploit probability (EPSS 0.3%)
Affected products (3)
3 with fix
ProductAffected VersionsFix Status
PowerLogic PM5320≤ 2.3.82.4.0
PowerLogic PM5340≤ 2.3.82.4.0
PowerLogic PM5341≤ 2.6.62.7.0
Remediation & Mitigation
0/3
Schedule — requires maintenance window
0/3

Patching may require device reboot — plan for process interruption

PowerLogic PM5320
HOTFIXUpdate PowerLogic PM5320 to firmware version 2.4.0 or later
PowerLogic PM5340
HOTFIXUpdate PowerLogic PM5340 to firmware version 2.4.0 or later
PowerLogic PM5341
HOTFIXUpdate PowerLogic PM5341 to firmware version 2.7.0 or later
View full Schneider Electric advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/6b2ea1a9-7036-4133-a9d3-0fac03ec9e2e
PowerLogic PM5300 Series | CVSS 7.5 - OTPulse