← Back to home
ICSA-25-028-02  ·  Published 2025-01-28  ·  View on CISA ICS-CERT ↗

Schneider Electric Power Logic

CVSS 8.8 HIGH

Risk Summary

Successful exploitation of these vulnerabilities could allow an attacker to modify data or cause a denial-of-service condition on web interface functionality.

CVEs (2)

Remediations

  • Schneider Electric has identified the following specific workarounds and mitigations users can apply to reduce risk:
  • (CVE-2024-10497) Schneider Electric Power Logic HDPM6000 Version 0.62.7 only: Version v0.62.11 and newer of HDPM6000 includes a fix for these vulnerabilities and is available for download here. A device restart will occur as part of the firmware update process if conducted through the web user interface. If the upgrade is performed using the HDPM6000 Manager software, the device will need to be restarted manually to apply the update.
  • (CVE-2024-10497) Schneider Electric Power Logic HDPM6000 Version 0.62.7 only: If users choose not to apply the remediation provided above, they should immediately apply the following mitigations to reduce the risk of exploit: Ensure that the device is not accessible via the HTTPS protocol outside the local network segment by applying appropriate firewalls configuration and controls, and that access to the network segment is protected and controlled.
  • For more information, please see Schneider Electric's advisory.
  • (CVE-2024-10498) Schneider Electric Power Logic HDPM6000 Versions 0.62.7 and prior: Version v0.62.11 and newer of HDPM6000 includes a fix for these vulnerabilities and is available for download here. A device restart will occur as part of the firmware update process if conducted through the web user interface. If the upgrade is performed using the HDPM6000 Manager software, the device will need to be restarted manually to apply the update.
  • (CVE-2024-10498) Schneider Electric Power Logic HDPM6000 Versions 0.62.7 and prior: If users choose not to apply the remediation provided above, they should immediately apply the following mitigations to reduce the risk of exploit: Ensure that the device is not accessible via the Modbus protocol outside the local network segment by applying appropriate firewalls configuration and controls, and that access to the network segment is protected and controlled.

Affected Vendors

Schneider Electric

Affected Products (2)

Schneider Electric · Schneider Electric Power Logic v0.62.7
Schneider Electric · Schneider Electric Power Logic <=v0.62.7

Affected Sectors

Energy

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more