PM8000 Meter Vulnerability

PM8k Meters with cybersecurity vulnerability

Monday April 10th, 2020 – As part of our focused service, APT is helping customers resolve a cybersecurity vulnerability with Schneider Electric PM8000 series meters.

What’s the problem? – These advanced meters unfortunately are manufactured with a chipset software flaw (Wind River’s VxWorks TCP/IP Stack with an exploit that targets the URGENT/11 vulnerabilities) that can result in hackers taking over the meter on your network to run their malicious code. This has the potential for wide-ranging impact across multiple IT and industrial applications. The manufacturer (Schneider Electric) recommends customer IT organizations update the firmware as soon as possible. Schneider has provided updated firmware for these meters, but leaves upgrading the firmware to the customer.

APT tested processes for upgrading the firmware on these PM8000 meters and found the best practice is to physically connect directly to each meter’s communication port and update all the device firmware packages directly.  This work takes 2-4 hours per meter depending on connection and physical access.

PM8000 Meter Firmware Update

So how do you fix it? – APT can help you identify your list of vulnerable meters and provide simple options for resolution:

  1. APT can upgrade one or a few meters per service visit and resolve this over a defined schedule.
  2. APT can train (as part of our service) one of the customer’s available technical resources to perform the firmware upgrades themselves.
  3. APT can handle all the meter firmware upgrades as part of an additional service.

If you have any PM8000 meters and are interested in hardening your electrical distribution system against these threats, contact APT and we’ll get started right away.