Security News > 2021 > March > Critical Security Hole Can Knock Smart Meters Offline
Critical security vulnerabilities in Schneider Electric smart meters could allow an attacker a path to remote code execution, or to reboot the meter causing a denial-of-service condition on the device.
Schneider Electric's PowerLogic ION/PM smart meter product line, like other smart meters, is used by consumers in their homes, but also by utility companies that deploy these meters in order to monitor and bill customers for their services.
According to Claroty, which originally found the flaws, they stem from the fact that the smart meters communicate using a proprietary ION protocol over TCP port 7700, and packets received by the device are parsed by a state machine function.
"We discovered a bug in the function that is responsible for advancing the parsing buffer, we named this function advance buffer," according to Claroty's analysis.
While researching the different firmware for the smart meters, researchers found that there are two different exploitation paths that arise from improper restriction of operations within a memory buffer, depending on the specific architecture.
The bug tracked as CVE-2021-22713 exists in a number of versions of the PowerLogic ION line of meters, but was assessed a CVSS score of 7.5 because successful exploitation of the versions does not enable remote code execution, and enables only an attacker to force the meter to reboot.
News URL
https://threatpost.com/critical-security-smart-meter-offline/164753/
Related news
- Two simple give-me-control security bugs found in Optigo network switches used in critical manufacturing (source)
- CISA Warns of Critical Fortinet Flaw as Palo Alto and Cisco Issue Urgent Security Patches (source)
- HPE Issues Critical Security Patches for Aruba Access Point Vulnerabilities (source)
- Major security audit of critical FreeBSD components now available (source)
- iOS 18 added secret and smart security feature that reboots iThings after three days (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-11 | CVE-2021-22713 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Schneider-Electric products A CWE-119:Improper restriction of operations within the bounds of a memory buffer vulnerability exists in PowerLogic ION8650, ION8800, ION7650, ION7700/73xx, and ION83xx/84xx/85xx/8600 (see security notifcation for affected versions), which could cause the meter to reboot. | 7.5 |