Schneider Fixes Password Vulnerability

Tuesday, October 18, 2016 @ 02:10 PM gHale

Schneider Electric created a patch to mitigate a hard-coded password vulnerability in its PowerLogic PM8ECC device, according to a report with ICS-CERT.

This vulnerability, discovered by independent researcher He Congwen, is remotely exploitable.

OSIsoft Mitigates PI Web API Hole
Rockwell Fixes DoS, Memory Issues
Moxa Clears ioLogik Vulnerabilities
Fatek Automation Vulnerabilities

PowerLogic PM8ECC Version 2.651 and older suffer from the vulnerability. An attacker who exploits this vulnerability would have access to configuration data on the device.

Schneider Electric’s corporate headquarters is in Paris, France, and it maintains offices in more than 100 countries worldwide.

The affected product, PowerLogic PM8ECC, is a communications add-on module for the Series 800 PowerMeter. PowerLogic PM8ECC sees action in the commercial facilities sector. Schneider Electric said this product sees use on a global basis.

In terms of the vulnerability an undocumented hard-coded credentials allow access to the device.
CVE-2016-5818 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 9.1.

No known public exploits specifically target this vulnerability. However, an attacker with a low skill would be able to exploit this vulnerability.

Schneider Electric recommends reducing the attack surface by turning off the web server. Turning off the web server will not allow the unintentional information to end up disclosed. Schneider recommends users contact technical support for instructions to turn off the web server. A firmware upgrade to Version 2.651 may end up required to enable this functionality.

Click here to download the patch that fixes this vulnerability.