Security News > 2021 > June > Vulnerabilities Allow Hackers to Disrupt, Hijack Schneider PowerLogic Devices
Vulnerabilities discovered in some older Schneider Electric PowerLogic products can allow hackers to remotely take control of devices or disrupt them.
Schneider informed customers earlier this month that its PowerLogic EGX100 and EGX300 communication gateways are affected by six types of vulnerabilities that could be exploited to access devices, launch denial-of-service attacks, and for remote code execution.
The issues were discovered in EGX devices, but Schneider has determined that two of the flaws also impact PowerLogic PM55xx power metering devices due to them sharing web server code.
Baines told SecurityWeek that some of the vulnerabilities he discovered could be exploited over the internet - they can be exploited remotely without authentication - and there are a small number of devices that are exposed to the web.
"The more interesting, but more complicated are the vulnerabilities scored 9.8. These all allow an unauthenticated and remote attacker to run arbitrary code on the device. The vulnerabilities are stack based buffer overflows, so writing a full exploit would take effort. While it's possible that could happen, it's unlikely that it actually has or ever will. However, the ability to run code on the device is interesting because it would allow the adversary to alter communication between the connected serial device and the monitoring/control systems."
In the case of PowerLogic PM55xx products, Schneider has started releasing firmware updates that should address the two vulnerabilities affecting these devices.