Security News > 2021 > March > Critical Security Hole Can Knock Smart Meters Offline
Critical security vulnerabilities in Schneider Electric smart meters could allow an attacker a path to remote code execution, or to reboot the meter causing a denial-of-service condition on the device.
Schneider Electric's PowerLogic ION/PM smart meter product line, like other smart meters, is used by consumers in their homes, but also by utility companies that deploy these meters in order to monitor and bill customers for their services.
According to Claroty, which originally found the flaws, they stem from the fact that the smart meters communicate using a proprietary ION protocol over TCP port 7700, and packets received by the device are parsed by a state machine function.
"We discovered a bug in the function that is responsible for advancing the parsing buffer, we named this function advance buffer," according to Claroty's analysis.
While researching the different firmware for the smart meters, researchers found that there are two different exploitation paths that arise from improper restriction of operations within a memory buffer, depending on the specific architecture.
The bug tracked as CVE-2021-22713 exists in a number of versions of the PowerLogic ION line of meters, but was assessed a CVSS score of 7.5 because successful exploitation of the versions does not enable remote code execution, and enables only an attacker to force the meter to reboot.
News URL
https://threatpost.com/critical-security-smart-meter-offline/164753/
Related news
- Food security: Accelerating national protections around critical infrastructure (source)
- GitHub Patches Critical Security Flaw in Enterprise Server Granting Admin Privileges (source)
- Cisco Fixes Two Critical Flaws in Smart Licensing Utility to Prevent Remote Attacks (source)
- Veeam Releases Security Updates to Fix 18 Flaws, Including 5 Critical Issues (source)
- Cisco's Smart Licensing Utility flaws suggest it's pretty dumb on security (source)
- Critical Security Flaw Found in LiteSpeed Cache Plugin for WordPress (source)
- 80% of Critical National Infrastructure Companies Experienced an Email Security Breach in Last Year (source)
- MFA bypass becomes a critical security issue as ransomware tactics advance (source)
- HPE patches three critical security holes in Aruba PAPI (source)
- Two simple give-me-control security bugs found in Optigo network switches used in critical manufacturing (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-03-11 | CVE-2021-22713 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Schneider-Electric products A CWE-119:Improper restriction of operations within the bounds of a memory buffer vulnerability exists in PowerLogic ION8650, ION8800, ION7650, ION7700/73xx, and ION83xx/84xx/85xx/8600 (see security notifcation for affected versions), which could cause the meter to reboot. | 7.8 |