Schneider Electric PowerLogic PM8ECC Hard-coded Password Vulnerability

CVSS 9.1 CRITICAL

CVEs (1)

CVE-2016-5818

Schneider Electric recommends reducing the attack surface by turning off the web server. Turning off the web server will not allow the unintentional information to be disclosed. Schneider recommends users contact technical support at Schneider Electric for instructions to turn off the web server. A firmware upgrade to Version 2.651 may be required to enable this functionality.
Schneider Electric has developed a patch that fixes this vulnerability. The patch can be downloaded here: (http://www.schneider-electric.com/ww/en/download/document/PM8ECC%2Bv2_DOT_652)

Schneider Electric

Schneider Electric · PowerLogic PM8ECC <=2.651

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.