Security News > 2021 > March > Serious Vulnerabilities Found in Schneider Electric Power Meters
Industrial cybersecurity firm Claroty this week disclosed technical details for two potentially serious vulnerabilities affecting PowerLogic smart meters made by Schneider Electric.
PowerLogic is a line of revenue and power quality meters that are used not only by utilities, but also industrial companies, healthcare organizations, and data centers for monitoring electrical networks.
Researchers at Claroty discovered that some of the PowerLogic ION and PM series smart meters are affected by vulnerabilities that can be exploited remotely by an unauthenticated attacker by sending specially crafted TCP packets to the targeted device.
"These smart meters communicate using a proprietary ION protocol over TCP port 7700, and packets received by the device are parsed by a state machine function," Claroty explained in a blog post.
Some of the impacted power meters will not receive patches as they are no longer supported.
UPDATED: the penultimate paragraph initially mentioned risk to consumer and utilities, but the reference was removed due to PowerLogic meters being part of a B2B offer and not used by consumers.