← Back to home
ICSA-24-331-01  ·  Published 2024-11-12  ·  View on CISA ICS-CERT ↗

Schneider Electric PowerLogic PM55xx and PowerLogic PM8ECC

CVSS 8.1 HIGH

CVEs (2)

Remediations

  • Version 2.8.3 of the PowerLogic PM5560, 5563, 5580 firmware includes fixes for these vulnerabilities. The version update files are available for download here: https://www.se.com/ww/en/product-range/61281-powerlogicpm5000-power-meters/?parent-subcategoryid=4125&filter=business-2-building-automation-and-control - software-and-firmware If customers choose not to apply the remediation provided above, they should immediately apply the following mitigation to reduce the risk of exploit: Customers should consider blocking HTTP access to the device at the firewall level or disable the HTTP web service to reduce the risk of exposure.
  • Version 10.7.3 of the PowerLogic PM5561 firmware includes fixes for these vulnerabilities. The version update files are available for download here: https://www.se.com/ww/en/product-range/61281-powerlogicpm5000-power-meters/?parent-subcategoryid=4125&filter=business-2-building-automation-andcontrol#software-and-firmware If customers choose not to apply the remediation provided above, they should immediately apply the following mitigation to reduce the risk of exploit: Customers should consider blocking HTTP access to the device at the firewall level or disable the HTTP web service to reduce the risk of exposure.
  • Version 4.3.5 of the PowerLogic PM5562 firmware includes fixes for these vulnerabilities. The version update files are available for download here: https://www.se.com/ww/en/product-range/61281-powerlogicpm5000/12146169702-basic-multifunction-metering/?selectednode-id=12146169702&N=brand=se%26countrycode=UK%26language-code=en%26node-id=12146169702 - software-and-firmware If customers choose not to apply the remediation provided above, they should immediately apply the following mitigation to reduce the risk of exploit: Customers should consider blocking HTTP access to the device at the firewall level or disable the HTTP web service to reduce the risk of exposure.
  • PowerLogic PM8ECC has reached end of service and is no longer supported. Customers should immediately apply the following mitigation to reduce the risk of exploit: Customers should consider blocking HTTP access to the device at the firewall level once commissioning is complete to reduce the risk of exposure. Additionally, Customers should ensure the General security Recommendations listed below are in place.

Affected Vendors

Schneider Electric

Affected Products (10)

Schneider Electric · PowerLogic PM5560 <2.7.8
Schneider Electric · PowerLogic PM5561 <10.7.3
Schneider Electric · PowerLogic PM5562 <=2.5.4
Schneider Electric · PowerLogic PM5563 <2.7.8
Schneider Electric · PowerLogic PM8ECC vers:all/*
Schneider Electric · PowerLogic PM5560 2.8.3
Schneider Electric · PowerLogic 5563 2.8.3
Schneider Electric · PowerLogic PM5561 10.7.3
Schneider Electric · PowerLogic PM5562 4.3.5
Schneider Electric · PowerLogic PM5562 <4.3.5

Affected Sectors

Energy

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more