OTPulse
FeedAboutContact

Power Logic HDPM6000 High-Density Metering System

Plan Patch8.8SEVD-2025-014-08Jan 14, 2025
Attack VectorNetwork
Auth RequiredLow
ComplexityLow
User InteractionNone needed
Summary

Multiple vulnerabilities in Schneider Electric Power Logic HDPM6000 High-Density Metering System (v0.62.7 and earlier) allow a low-privileged user to escalate privileges and modify system configuration parameters, or allow an unauthenticated user to corrupt data or cause denial of service to the web interface through specially crafted Modbus protocol write operations. The HDPM6000 is a multi-circuit busway and panelboard power meter used for cost and network management in large and critical power applications. Fixed in firmware version 0.62.11 and newer.

What this means
What could happen
A low-privileged user could escalate access to gain higher-level privileges and modify metering system configuration, or an unauthenticated attacker could corrupt data or disable the web interface by sending specially crafted Modbus commands.
Who's at risk
Energy utilities operating Schneider Electric Power Logic HDPM6000 high-density metering systems for power monitoring and management in substations, distribution networks, and critical facilities should prioritize this update. Affected systems control cost tracking and network diagnostics in large-scale electrical infrastructure.
How it could be exploited
An attacker with low-privileged access to the HDPM6000 web interface could exploit an authorization flaw to escalate privileges. Alternatively, an unauthenticated attacker could send a specially crafted Modbus protocol write command to the device's Modbus port to corrupt data or crash the web service.
Prerequisites
  • Access to the HDPM6000 web interface (low-privilege user account) for privilege escalation
  • Network access to Modbus port (typically 502) for unauthenticated Modbus write attack
remotely exploitablelow complexityrequires low-privilege credentials for one attack pathaffects critical energy infrastructureModbus protocol commonly used in utility environments
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (2)
2 with fix
ProductAffected VersionsFix Status
Power Logic HDPM6000v0.62.7>=0.62.11
Power Logic HDPM6000≤ 0.62.7>=0.62.11
Remediation & Mitigation
0/4
Do now
0/1
WORKAROUNDRestrict network access to Modbus port (502) using firewall rules to allow only authorized engineering workstations and automated management systems
Schedule — requires maintenance window
0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate HDPM6000 firmware to version 0.62.11 or later
HOTFIXAfter firmware update via web interface, device will restart automatically; if using HDPM6000 Manager software, manually restart the device to apply the update
Long-term hardening
0/1
HARDENINGRestrict access to the HDPM6000 web interface to low-privilege accounts only where possible, and implement network segmentation to isolate the metering system
View full Schneider Electric advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/84ae0f34-9ef1-41e7-809e-1b8b92b32b11
Power Logic HDPM6000 High-Density Metering System | CVSS 8.8 - OTPulse