NCCIC/ICS-CERT is aware of a public report of a cross site request forgery (CSRF) vulnerability with proof-of-concept (PoC) exploit code affecting Schneider Electric’s ION Power Meter products. According to this report, exploitation of this vulnerability can allow unauthorized actions on the device, such as configuration parameter changes and saving modified configuration. This report was released while ICS-CERT was working with Schneider Electric to mitigate the vulnerability. Schneider Electric reports that the vulnerability affects the following products: ION 73xx, ION 75xx, ION 76xx, ION 8650, ION 8800, and PM5xxx. Schneider Electric has identified mitigations for this and other issues and will notify their customers. ICS-CERT is issuing this alert to provide early notice of the report and identify baseline mitigations for reducing risks to these and other cybersecurity attacks.
October 18, 2017
November 3, 2017
November 8, 2017
January 10, 2018
- Cybercrime weighs most heavily on financial service firms
- Confidential data stolen from Tesla after staff failed to secure server with password?
- How to delete Windows 10 diagnostic data collected by Microsoft
- Apple fixes ‘killer text bomb’ vulnerability with new update for iOS, macOS, watchOS, and tvOS
- Cryptojacking Scripts Could Soon Invade Your Word Documents