SCADA Vulnerabilities & Exposures (SVE)

CRITIFENCE® SCADA Vulnerabilities and Exposures Database (SVE)

[SVE-885434545] Schneider Electric PowerLogic PM8ECC Hard-coded Password Vulnerability

Date Type Platform Author EDB-ID CVE-ID OSVDB-ID Download App SIS Signature
2016-10-18SOFTWAREPowerLogic PM8ECC He Congwen N/ACVE-2016-5818N/AN/AN/A

Source

						
							
								
#
# Schneider Electric PowerLogic PM8ECC Hard-coded Password Vulnerability
#


### OVERVIEW

Independent researcher He Congwen has identified a hard-coded password vulnerability in Schneider Electric's PowerLogic PM8ECC device. Schneider Electric has produced a patch to mitigate this vulnerability.

This vulnerability could be exploited remotely.





### AFFECTED PRODUCTS

The following PowerLogic PM8ECC versions are affected:

PM8ECC Version 2.651 and older.





### IMPACT

An attacker who exploits this vulnerability would have access to configuration data on the device.

Impact to individual organizations depends on many factors that are unique to each organization. NCCIC/ICS-CERT recommends that organizations evaluate the impact of this vulnerability based on their operational environment, architecture, and product implementation.





### BACKGROUND

Schneider Electric's corporate headquarters is located in Paris, France, and it maintains offices in more than 100 countries worldwide.

The affected product, PowerLogic PM8ECC, is a communications add-on module for the Series 800 PowerMeter. According to Schneider Electric, PowerLogic PM8ECC is deployed in the Commercial Facilities sector. Schneider Electric estimates that this product is used worldwide.





### VULNERABILITY CHARACTERIZATION


# VULNERABILITY OVERVIEW

HARD-CODED PASSWORD

Undocumented hard-coded credentials allow access to the device.
CVE-2016-5818 has been assigned to this vulnerability. A CVSS v3 base score of 9.1 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).





### VULNERABILITY DETAILS


# EXPLOITABILITY

This vulnerability could be exploited remotely.


# EXISTENCE OF EXPLOIT

No known public exploits specifically target this vulnerability.


# DIFFICULTY

An attacker with a low skill would be able to exploit this vulnerability.




### MITIGATION

Schneider Electric recommends reducing the attack surface by turning off the web server. Turning off the web server will not allow the unintentional information to be disclosed. Schneider recommends users contact technical support at Schneider Electric for instructions to turn off the web server. A firmware upgrade to Version 2.651 may be required to enable this functionality.


Schneider Electric has developed a patch that fixes this vulnerability. The patch can be downloaded here:

http://www.schneider-electric.com/ww/en/download/document/PM8ECC%2Bv2_DOT_652