Schneider Electric Patches PowerLogic Smart Meters at Risk to Cyberattacks

The flaws could reportedly affect consumers who have the meters installed in their homes but also utility companies that deploy them to monitor and bill customers. Specifically, the pre-authentication integer-overflow vulnerabilities could allow an attacker to remotely execute code or reboot the meter.

 

The PowerLogic ION7400 smart meter. Image used courtesy of Schneider Electric [PDF]

 

The vulnerabilities have reportedly been patched by Schneider Electric, who has also published related remediations.

 

Smart Meters in Industrial Settings

These devices are increasingly relevant in a growing variety of industrial scenarios, including gas and water applications, energy management, and more. Smart meters present several advantages compared to their legacy counterparts. For example, they allow for real-time billing, fault and load-side demand monitoring and management, theft/tamper detection, and more.

These functionalities enable companies to monitor energy usage, control demand usage by remote connect and disconnect, identify tampering, and raise alarms, help predictive maintenance, among other things.

They also empower customers to perform real-time usage analysis, understand power quality, and promptly act to prevent damages to the system by protecting connected loads in case of overvoltages or overloads.

Because of their numerous advantages, smart meters are growing in popularity, with recent data from MarketWatch estimating an exponential rise in their applications in the next five years.

 

Schneider Electric designs and implements cybersecurity services. Image used courtesy of Schneider Electric

 

However, smart meters are also complex devices whose circuits and operating systems require appropriate protection from a hardware and software perspective. The lack of adequate prevention measures can consequently open the door to vulnerabilities, such as the ones Claroty found in Schneider Electric’s PowerLogic smart meters. 

 

The PowerLogic Smart Vulnerabilities

While researching Schneider Electric’s ION/PM smart meter previous firmware, Claroty found two separate vulnerabilities, assigning them CVSS scores of 9.8 and 7.5. For context, CVSS, or Common Vulnerability Scoring System, refers to an open framework designed to assess the characteristics and severity of software vulnerabilities. According to CVSS, severities scores range from 0 to 10, where 10 represents the highest risk for a vulnerability risk to be exploited.

The first bug found by Claroty relates to what the firms defined as “Improper Restriction of Operations Within a Memory Buffer.” If exploited, this critical integer overflow vulnerability could allow an attacker to send a transmission control protocol (TCP) packet to the device to either cause it to reboot the meter or remotely run personalized code.

This bug affected the ION7400 (prior to V3.0.0), ION9000 (prior to V3.0.0), and PM8000 (prior to V3.0.0) models.

The second vulnerability, on the other hand, was assigned a lower CVSS score as it only allowed potential attackers to restart the meter but not run unauthorized code. The flaw affected several smart meter models, and you can read the complete list in Claroty's report.

 

The Schneider Electric Advisories

To inform the public that Schneider patched the two vulnerabilities in new firmware releases, the company published two advisories on March 9th.

In the first advisory, the electronics manufacturer addressed the flaw Claroty had assigned a CVSS score of 9.8. The document lists the models affected by the bug, then confirms that V3.0.0 of the PowerLogic ION7400, ION9000, and PM8000 firmware (released in July 2020) includes a fix for the vulnerability.

The second advisory follows a similar format, specifying various updates for the affected smart meter vulnerability scored CVSS 7.5. Some of the updates related to this second flaw were released shortly after the Claroty report.