Schneider Electric s PowerLogic ION/PM smart meter product line is used by consumers in their homes and utility companies. Two vulnerabilities were disclosed this week, present in numerous versions of the products. They stem from the fact that the smart meters communicate using a proprietary ION protocol over TCP port 7700, and packets received by the device are parsed by a state machine function. The bug tracked as CVE-2021-22714 rates 9.8 out of 10 on the CVSS vulnerability-severity scale.
Source: https://threatpost.com/critical-security-smart-meter-offline/164753/