What’s the Problem?
Monday April 10th, 2020 – As part of our focused service, APT helps customers resolve electrical meter cybersecurity vulnerabilities. Recently, Schneider Electric revealed specific vulnerabilities with their PM8000 series meters. So, what does this mean?
Unfortunately, these advanced meters are manufactured with a chipset software flaw, Wind River’s VxWorks TCP/IP Stack, with an exploit that targets the URGENT/11 vulnerabilities. As a result, hackers can take over the meter on your network to run their malicious code. Consequently, this has the potential for a wide-ranging impact across multiple IT and industrial applications.
Schneider Electric (the manufacturer) recommends customers have IT departments update their firmware as soon as possible. Subsequently, Schneider is providing updated firmware for these meters. However, upgrading the firmware is the customer’s responsibility.
Firmware Updates Best Practices
APT tested processes for upgrading the firmware on these PM8000 meters.
Here’s what we found…
- Firstly, you want to physically connect directly to EACH meter’s communication port.
- Secondly, ensure your team updates ALL the device firmware packages.
- Finally, understand that it takes TIME– The updates takes 2-4 hours per meter (depending on the connection and physical access).
What’s the Fix?
APT can help you identify your list of vulnerable meters and provide simple options for resolution:
- Upgrade one or a few meters per service visit and resolve this over a defined schedule.
- Train (as part of our service) one of the customer’s available technical resources to perform the firmware upgrades themselves.
- Handle all the meter firmware upgrades as part of an additional service.
If you have any PM8000 meters and are interested in hardening your electrical distribution system against these threats, contact APT and we’ll get started right away.
Andy Taylor, APT Chief Executive Officer