OT Vulnerabilities Identified in Schneider Electric ION and PowerLogic
Take action: OT patching is a long and arduous process. The usual measure is isolation from the internet into a special closed network. Nevertheless, consider persuading management to plan updates of meters as they are rotated for service, or even onsite if possible.
Learn More
Schneider Electric has reported a patched critical vulnerability in it's Schneider Electric ION and PowerLogic product lines.
The vulnerability is tracked as CVE-2022-46680, impacts the power meters’ ION/TCP protocol implementation, which transmits a user ID and password in plaintext with every message, thus exposing them to an attacker that can passively intercept traffic.
Affected Product & Version Remediation
- PowerLogic ION9000 - Patch to Version 4.0.0 and newer of the PowerLogic ION9000 firmware
- PowerLogic ION7400 - Patch to Version 4.0.0 and newer of the PowerLogic ION7400 firmware
- PowerLogic PM8000 - Patch to Version 4.0.0 and newer of the PowerLogic PM8000 firmware
Mitigation
Customers should immediately apply the following mitigations to reduce the risk of exploit:
- Ensure devices that support ION protocol are not exposed to the Internet or other untrusted networks. Apply the best practices for network hardening documented in product user guide and the Schneider Electric Recommended Cybersecurity Best Practices
- To ensure you are informed of all updates, including details on affected products and remediation plans, subscribe to Schneider Electric’s security notification service.
Security researchers have observed between 2,000 and 4,000 exposed devices, emphasizing the importance of patching and securing these systems.
An attacker who obtains ION or PowerLogic credentials can authenticate to the ION/TCP engineering interface as well as SSH and HTTP interfaces to change energy monitor configuration settings and potentially modify firmware. Most Schneider Electric meters expose the Telnet protocol.
