Help
  • Get started
  • Ask the Community
  • How-To & Best Practices
  • Contact Support
Login / Register
Brand Logo
Help
  • Get started
  • Ask the Community
  • How-To & Best Practices
  • Contact Support
close
  • Community Home
  • Forums
    • By Topic
    • By Topic
      EcoStruxure Building
      • Field Devices Forum
      • SmartConnector Forum
      EcoStruxure Power & Grid
      • Gateways and Energy Servers
      • Metering & Power Quality
      • Protection & Control
      APC UPS, Critical Power, Cooling and Racks
      • APC UPS Data Center & Enterprise Solutions Forum
      • APC UPS for Home and Office Forum
      EcoStruxure IT
      • EcoStruxure IT forum
      • EcoStruxure IT™ Advisor CFD
      Remote Operations
      • EcoStruxure Geo SCADA Expert Forum
      • Remote Operations Forum
      Industrial Automation
      • Alliance System Integrators Forum
      • AVEVA Plant SCADA Forum
      • CPG Expert Forum DACH
      • EcoStruxure Automation Expert / IEC 61499 Forum
      • Fabrika ve Makina Otomasyonu Çözümleri
      • Harmony Control Customization Forum
      • Industrial Edge Computing Forum
      • Industry Automation and Control Forum
      • Korea Industrial Automation Forum
      • Machine Automation Forum
      • Modicon PAC Forum
      • PLC Club Indonesia
      Schneider Electric Wiser
      • Schneider Electric Wiser Forum
      Power Distribution IEC
      • Eldistribution & Fastighetsautomation
      • Elektrik Tasarım Dağıtım ve Uygulama Çözümleri
      • Paneelbouw & Energie Distributie
      • Power Distribution and Digital
      • Solutions for Motor Management
      • Specifiers Club ZA Forum
      • Електропроектанти България
      Power Distribution NEMA
      • Power Monitoring and Energy Automation NAM
      Power Distribution Software
      • EcoStruxure Power Design Forum
      • LayoutFAST User Group Forum
      Energy & Sustainability Services
      • Green Building Scoring and Certification Forum
      Light and Room Control
      • SpaceLogic C-Bus Forum
      Solutions for your Business
      • Solutions for your Business Forum
      Support
      • Ask the Community
  • Knowledge Center
    • Building Automation Knowledge Base
    • Remote Operations Devices Knowledge Base
    • Geo SCADA Knowledge Base
    • Industrial Automation How-to videos
    • Digital E-books
    • Success Stories Corner
    • EcoStruxure IT Help Center
  • Events & Webinars
    • All Events
    • Innovation Talks
    • Innovation Summit
    • Let's Exchange Series
    • Partner Success
    • Process Automation Talks
    • Technology Partners
  • Ideas
    • EcoStruxure Building
      • EcoStruxure Building Advisor Ideas
      Remote Operations
      • EcoStruxure Geo SCADA Expert Ideas
      • Remote Operations Devices Ideas
      Industrial Automation
      • Modicon Ideas & new features
  • Blogs
    • By Topic
    • By Topic
      EcoStruxure Power & Grid
      • Backstage Access Resources
      EcoStruxure IT
      • EcoStruxure IT™ Advisor CFD
      Remote Operations
      • Remote Operations Blog
      Industrial Automation
      • Industrie du Futur France
      • Industry 4.0 Blog
      Power Distribution NEMA
      • NEMA Power Foundations Blog
      Energy & Sustainability Services
      • Active Energy Management Blog
      Light and Room Control
      • KNX Blog
      Knowledge Center
      • Digital E-books
      • Geo SCADA Knowledge Base
      • Industrial Automation How-to videos
      • Remote Operations Devices Knowledge Base
      • Success Stories Corner
  • companyImpact

Important Announcement: Community Back to Full Functionality

Dear Members, we are thrilled to announce that our Community is back to full functionality and that posts publication is now enabled again! We appreciate your patience during the last weeks. Learn more about our Community Guidelines. Thank you, Schneider Electric Community Team.

PM8000 - Perceived security flaws and general security

Metering & Power Quality

Schneider Electric support forum about Power Meters (ION, PowerTag, PowerLogic) and Power Quality from design, implementation to troubleshooting and more.

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
  • Home
  • Communities
  • EcoStruxure Power & Grid
  • Metering & Power Quality
  • PM8000 - Perceived security flaws and general security
Options
  • Subscribe to RSS Feed
  • Mark Topic as New
  • Mark Topic as Read
  • Float this Topic for Current User
  • Bookmark
  • Subscribe
  • Mute
  • Printer Friendly Page
Invite a Co-worker
Send a co-worker an invite to the portal.Just enter their email address and we'll connect them to register. After joining, they will belong to the same company.
You have entered an invalid email address. Please re-enter the email address.
This co-worker has already been invited to the Exchange portal. Please invite another co-worker.
Please enter email address
Send Invite Cancel
Invitation Sent
Your invitation was sent.Thanks for sharing Exchange with your co-worker.
Send New Invite Close
Top Experts
User Count
Charles_Murison
Picard Charles_Murison Picard
299
Ramasamy_N
Commander Ramasamy_N Commander
75
DanL
Captain DanL Captain
72
Robert_Lee
Captain Robert_Lee Captain
67
View All

Invite a Colleague

Found this content useful? Share it with a Colleague!

Invite a Colleague Invite
Solved Go to Solution
Back to Metering & Power Quality
Solved
Rich_Lannaghan
Commander | EcoXpert Master Rich_Lannaghan Commander | EcoXpert Master
Commander | EcoXpert Master

Posted: ‎2018-10-15 05:43 AM

0 Likes
1
749
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

Link copied. Please paste this link to share this article on your social media post.

‎2018-10-15 05:43 AM

PM8000 - Perceived security flaws and general security

 

 We have a client who has done a vulnerability scan on the network where we have a few devices connected to their network (specification was for an integrated building network) the one device that's causing issues for us is the PM8000 and they are classing the below from their reports as flaws or vulerabilities,

 

Vulnerability in bold, suggested remidiation in italics

 

1. IP Forwarding Enabled - "On Linux, you can disable IP forwarding by doing :
echo 0 > /proc/sys/net/ipv4/ip_forward
On Windows, set the key 'IPEnableRouter' to 0 under
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters
On Mac OS X, you can disable IP forwarding by executing the command :
sysctl -w net.inet.ip.forwarding=0
For other systems, check with your vendor."

2. Modbus/TCP Coil Access - Restrict access to the Modbus port (TCP/502) to authorized Modbus clients

 

3. Modbus/TCP Discrete Input Access - Restrict access to the Modbus port (TCP/502) to authorized Modbus clients.

 

4. Modbus/TCP Device Identification - Restrict access to the Modbus port (TCP/502) to authorized Modbus clients.

 

4. Web Application Potentially Vulnerable to Clickjacking - "Return the X-Frame-Options or Content-Security-Policy (with the 'frame-ancestors' directive) HTTP header with the page's response.This prevents the page's content from being rendered by another site when using the frame or iframe HTML tags."

5. Web Server Transmits Cleartext Credentials - Make sure that every sensitive form transmits content over HTTPS.

We have had discussions with them and highlighetd the fact that we can't run the commands they are suggesting, i also cant see a way of filtering the TCP requests to specific IP's

 

The webserver is easy enough to sort as i can just shut it down on the meter but the others are proving more of an issue, I have suggested that all these should be fixed by them using their firewalls and routed network but that's falling on deaf ears, all i get is "speak to the manufacturer and request a fix"

 

Any ideas or suggestions for a way to try and solve these issues or is there some settings hidden in the PM8000 that we can indeed use to sort the above ?

 

 

Reply
  • All forum topics
  • Previous Topic
  • Next Topic

Accepted Solutions
Cliff_Schubert
Lieutenant JG Cliff_Schubert Lieutenant JG
Lieutenant JG

Posted: ‎2018-10-17 11:24 AM . Last Modified: ‎2022-10-18 10:03 PM

0 Likes
0
743
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

Link copied. Please paste this link to share this article on your social media post.

‎2018-10-17 11:24 AM

(*this comment and response was also posted in the EcoStruxure Power Monitoring Expert area - https://community.se.com/t5/EcoStruxure-Power-Monitoring/PM8000-Perceived-security-flaws-and-general...)

 

Hi Rich,

 

#1 IP forwarding is fixed in PM8000 firmware version 1.4.3
https://www.schneider-electric.com/en/download/document/PM8000_V001.004.003/

#2-4 - Modbus TCP can be configured to be disabled, read-only mode, and read-write mode. By default it is in read-only mode, set by the 'Allow Modbus Programming' option in the Security Options module.

Can you elaborate more on the end-users' concern with the available options?

#4 - Web page Clickjacking - noted and we are able to confirm the issue.

#5 - HTTPS support is part of the next PM8000 release, tentatively scheduled for early 2019. As you suggest, it can also be disabled if the user is not using that feature.

 

Thanks - Cliff

See Answer In Context

Reply
Reply 1
Cliff_Schubert
Lieutenant JG Cliff_Schubert Lieutenant JG
Lieutenant JG

Posted: ‎2018-10-17 11:24 AM . Last Modified: ‎2022-10-18 10:03 PM

0 Likes
0
744
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

Link copied. Please paste this link to share this article on your social media post.

‎2018-10-17 11:24 AM

(*this comment and response was also posted in the EcoStruxure Power Monitoring Expert area - https://community.se.com/t5/EcoStruxure-Power-Monitoring/PM8000-Perceived-security-flaws-and-general...)

 

Hi Rich,

 

#1 IP forwarding is fixed in PM8000 firmware version 1.4.3
https://www.schneider-electric.com/en/download/document/PM8000_V001.004.003/

#2-4 - Modbus TCP can be configured to be disabled, read-only mode, and read-write mode. By default it is in read-only mode, set by the 'Allow Modbus Programming' option in the Security Options module.

Can you elaborate more on the end-users' concern with the available options?

#4 - Web page Clickjacking - noted and we are able to confirm the issue.

#5 - HTTPS support is part of the next PM8000 release, tentatively scheduled for early 2019. As you suggest, it can also be disabled if the user is not using that feature.

 

Thanks - Cliff

Reply
Preview Exit Preview

never-displayed

You must be signed in to add attachments

never-displayed

Additional options
You do not have permission to remove this product association.
 
To The Top!

Forums

  • APC UPS Data Center Backup Solutions
  • EcoStruxure IT
  • EcoStruxure Geo SCADA Expert
  • Metering & Power Quality
  • Schneider Electric Wiser

Knowledge Center

Events & webinars

Ideas

Blogs

Get Started

  • Ask the Community
  • Community Guidelines
  • Community User Guide
  • How-To & Best Practice
  • Experts Leaderboard
  • Contact Support
Brand-Logo
Subscribing is a smart move!
You can subscribe to this forum after you log in or create your free account.
Forum-Icon

Create your free account or log in to subscribe to the forum - and gain access to more than 10,000+ support articles along with insights from experts and peers.

Register today for FREE

Register Now

Already have an account? Login

Terms & Conditions Privacy Notice Change your Cookie Settings © 2023 Schneider Electric, Inc