Multiple Dangerous Vulnerabilities Found in GE Protection and Control Relays

The US Cyber ​​and Infrastructure Security Agency (CISA) and GE Grid Solutions have informed organizations using GE Universal Relay (UR) protection and control relays that a number of devices in this line contain multiple vulnerabilities .

Grid Solutions is a division of GE Renewable Energy that provides energy management solutions for the energy sector as well as industrial and infrastructure organizations.

The issues are related to incorrect message encryption, disclosure of potentially confidential information, cross-site scripting (XSS) attacks, denial of service (DoS) attacks, unauthorized downloading malicious firmware, inability to disable factory maintenance mode, and having encrypted credentials in the bootloader. More than half of the vulnerabilities have a high or critical severity rating. Exploitation of vulnerabilities requires direct or network access to the target system.

GE representatives say they are currently unaware of any attacks that exploit these vulnerabilities. Issues have been fixed in GE Firmware UR 8.10 and earlier.

Previous Post Next Post