cvelistv5 - cve-2017-7905

CVE-2017-7905 (GCVE-0-2017-7905)

Vulnerability from cvelistv5 – Published: 2017-06-30 02:35 – Updated: 2024-08-05 16:19

Summary

Severity ?

No CVSS data available.

CWE

CWE-261

Assigner

icscert

References

URL

	Vendor	Product	Version
	n/a	GE Multilin SR, UR, and URplus Protective Relays	Affected: GE Multilin SR, UR, and URplus Protective Relays

GHSA-J9FV-W27P-6G89

Vulnerability from github – Published: 2022-05-13 01:36 – Updated: 2022-05-13 01:36

Details

Severity ?

9.8 (Critical)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-7905"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-261",
      "CWE-326"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-06-30T03:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "A Weak Cryptography for Passwords issue was discovered in General Electric (GE) Multilin SR 750 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 760 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 469 Motor Protection Relay, firmware versions prior to Version 5.23; SR 489 Generator Protection Relay, firmware versions prior to Version 4.06; SR 745 Transformer Protection Relay, firmware versions prior to Version 5.23; SR 369 Motor Protection Relay, all firmware versions; Multilin Universal Relay, firmware Version 6.0 and prior versions; and Multilin URplus (D90, C90, B95), all versions. Ciphertext versions of user passwords were created with a non-random initialization vector leaving them susceptible to dictionary attacks. Ciphertext of user passwords can be obtained from the front LCD panel of affected products and through issued Modbus commands.",
  "id": "GHSA-j9fv-w27p-6g89",
  "modified": "2022-05-13T01:36:16Z",
  "published": "2022-05-13T01:36:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7905"
    },
    {
      "type": "WEB",
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-117-01A"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/98063"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

ICSA-17-117-01B

Vulnerability from csaf_cisa - Published: 2017-04-27 00:00 - Updated: 2017-07-25 00:00

Summary

GE Multilin SR, UR, and URplus Protective Relays (Update B)

Notes

CISA Disclaimer

This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov

Legal Notice

All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.

Risk evaluation

ATTENTION: Remotely exploitable/low skill level to exploit.

Critical infrastructure sectors

Chemical, Critical Manufacturing, Dams, Energy, Food and Agriculture, Government Facilities, Transportation Systems, Water and Wastewater Systems

Countries/areas deployed

Worldwide

Company headquarters location

Boston, Massachusetts

Recommended Practices

NCCIC/ICS-CERT recommends that users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:

Recommended Practices

ICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

Recommended Practices

ICS-CERT also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Recommended Practices

Additional mitigation guidance and recommended practices are publicly available in the ICS -CERT Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies, that is available for download from the ICS-CERT web site.

Recommended Practices

Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to ICS-CERT for tracking and correlation against other incidents.

Exploitability

No known public exploits specifically target this vulnerability.

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "organization": "GE",
        "summary": "reporting the vulnerability to ICS-CERT"
      },
      {
        "names": [
          "Anastasis Keliris",
          "Charalambos Konstantinou",
          "Marios Sazos",
          "Dr. Michail (Mihalis) Maniatakos"
        ],
        "organization": "New York University",
        "summary": "initially identifying the vulnerability"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://us-cert.cisa.gov/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
        "title": "CISA Disclaimer"
      },
      {
        "category": "legal_disclaimer",
        "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
        "title": "Legal Notice"
      },
      {
        "category": "summary",
        "text": "ATTENTION: Remotely exploitable/low skill level to exploit.",
        "title": "Risk evaluation"
      },
      {
        "category": "other",
        "text": "Chemical, Critical Manufacturing, Dams, Energy, Food and Agriculture, Government Facilities, Transportation Systems, Water and Wastewater Systems",
        "title": "Critical infrastructure sectors"
      },
      {
        "category": "other",
        "text": "Worldwide",
        "title": "Countries/areas deployed"
      },
      {
        "category": "other",
        "text": "Boston, Massachusetts",
        "title": "Company headquarters location"
      },
      {
        "category": "general",
        "text": "NCCIC/ICS-CERT recommends that users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "ICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "ICS-CERT also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Additional mitigation guidance and recommended practices are publicly available in the ICS -CERT Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies, that is available for download from the ICS-CERT web site.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to ICS-CERT for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      },
      {
        "category": "other",
        "text": "No known public exploits specifically target this vulnerability.",
        "title": "Exploitability"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-17-117-01B JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2017/icsa-17-117-01b.json"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-17-117-01B Web Version",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-17-117-01b"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-17-117-01b"
      }
    ],
    "title": "GE Multilin SR, UR, and URplus Protective Relays (Update B)",
    "tracking": {
      "current_release_date": "2017-07-25T00:00:00.000000Z",
      "generator": {
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.0.0"
        }
      },
      "id": "ICSA-17-117-01B",
      "initial_release_date": "2017-04-27T00:00:00.000000Z",
      "revision_history": [
        {
          "date": "2017-04-27T00:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "ICSA-17-117-01 GE Multilin SR Protective Relays"
        },
        {
          "date": "2017-05-18T00:00:00.000000Z",
          "legacy_version": "A",
          "number": "2",
          "summary": "ICSA-17-117-01A GE Multilin SR, UR, and URplus Protective Relays (Update A)"
        },
        {
          "date": "2017-07-25T00:00:00.000000Z",
          "legacy_version": "B",
          "number": "3",
          "summary": "ICSA-17-117-01B GE Multilin SR, UR, and URplus Protective Relays (Update B)"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "vers:all/*",
                "product": {
                  "name": "URplus (D90 C90 B95): all versions",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "URplus (D90 C90 B95)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c 1.27",
                "product": {
                  "name": "MX350 Relay firmware: versions prior to Version 1.27",
                  "product_id": "CSAFPID-0002"
                }
              }
            ],
            "category": "product_name",
            "name": "MX350 Relay firmware"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c 4.06",
                "product": {
                  "name": "489 Generator Protection Relay firmware: versions prior to Version 4.06",
                  "product_id": "CSAFPID-0003"
                }
              }
            ],
            "category": "product_name",
            "name": "489 Generator Protection Relay firmware"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "3.63",
                "product": {
                  "name": "369 Motor Protection Relay: Version 3.63",
                  "product_id": "CSAFPID-0004"
                }
              }
            ],
            "category": "product_name",
            "name": "369 Motor Protection Relay"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c 5.23",
                "product": {
                  "name": "469 Motor Protection Relay firmware: versions prior to Version 5.23",
                  "product_id": "CSAFPID-0005"
                }
              }
            ],
            "category": "product_name",
            "name": "469 Motor Protection Relay firmware"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "1.86",
                "product": {
                  "name": "URplus firmware: Version 1.86",
                  "product_id": "CSAFPID-0006"
                }
              }
            ],
            "category": "product_name",
            "name": "URplus firmware"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c 3.63",
                "product": {
                  "name": "369 Motor Protection Relay firmware: versions prior to Version 3.63",
                  "product_id": "CSAFPID-0007"
                }
              }
            ],
            "category": "product_name",
            "name": "369 Motor Protection Relay firmware"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c 03A02",
                "product": {
                  "name": "T1000 Switch firmware: versions prior to Version 03A02",
                  "product_id": "CSAFPID-0008"
                }
              }
            ],
            "category": "product_name",
            "name": "T1000 Switch firmware"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c 1.25",
                "product": {
                  "name": "MM200 Motor Management System firmware: versions prior to Version 1.25",
                  "product_id": "CSAFPID-0009"
                }
              }
            ],
            "category": "product_name",
            "name": "MM200 Motor Management System firmware"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "4.06",
                "product": {
                  "name": "489 Generator Protection Relay: Version 4.06",
                  "product_id": "CSAFPID-00010"
                }
              }
            ],
            "category": "product_name",
            "name": "489 Generator Protection Relay"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "7.47",
                "product": {
                  "name": "750 Feeder Protection Relay: Version 7.47",
                  "product_id": "CSAFPID-00011"
                }
              }
            ],
            "category": "product_name",
            "name": "750 Feeder Protection Relay"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003e= 6.02 | \u003c= 6.05",
                "product": {
                  "name": "Universal Relay firmware: Version 6.02 to 6.05",
                  "product_id": "CSAFPID-00012"
                }
              }
            ],
            "category": "product_name",
            "name": "Universal Relay firmware"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c 1.29",
                "product": {
                  "name": "RPTCS firmware: versions prior to Version 1.29",
                  "product_id": "CSAFPID-00013"
                }
              }
            ],
            "category": "product_name",
            "name": "RPTCS firmware"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "6.02 (excluding Version 5.83 Version 5.92 and all subsequent minor releases)",
                "product": {
                  "name": "Universal Relay firmware: Version 6.02 (excluding Version 5.83 Version 5.92 and all subsequent minor releases)",
                  "product_id": "CSAFPID-00014"
                }
              }
            ],
            "category": "product_name",
            "name": "Universal Relay firmware"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "5.83",
                "product": {
                  "name": "Universal Relay firmware: Version 5.83",
                  "product_id": "CSAFPID-00015"
                }
              }
            ],
            "category": "product_name",
            "name": "Universal Relay firmware"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c 7.47",
                "product": {
                  "name": "760 Feeder Protection Relay firmware: versions prior to Version 7.47",
                  "product_id": "CSAFPID-00016"
                }
              }
            ],
            "category": "product_name",
            "name": "760 Feeder Protection Relay firmware"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "7.47",
                "product": {
                  "name": "760 Feeder Protection Relay: Version 7.47",
                  "product_id": "CSAFPID-00017"
                }
              }
            ],
            "category": "product_name",
            "name": "760 Feeder Protection Relay"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "1.03",
                "product": {
                  "name": "B95Plus firmware: Version 1.03",
                  "product_id": "CSAFPID-00018"
                }
              }
            ],
            "category": "product_name",
            "name": "B95Plus firmware"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c 2.30",
                "product": {
                  "name": "339 Motor Protection Relay firmware: versions prior to Version 2.30",
                  "product_id": "CSAFPID-00019"
                }
              }
            ],
            "category": "product_name",
            "name": "339 Motor Protection Relay firmware"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c 2.30",
                "product": {
                  "name": "350 Feeder Protection Relay firmware: versions prior to Version 2.30",
                  "product_id": "CSAFPID-00020"
                }
              }
            ],
            "category": "product_name",
            "name": "350 Feeder Protection Relay firmware"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c 2.30",
                "product": {
                  "name": "345 Transformer Protection Relay firmware: versions prior to Version 2.30",
                  "product_id": "CSAFPID-00021"
                }
              }
            ],
            "category": "product_name",
            "name": "345 Transformer Protection Relay firmware"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "5.23",
                "product": {
                  "name": "469 Motor Protection Relay: Version 5.23",
                  "product_id": "CSAFPID-00022"
                }
              }
            ],
            "category": "product_name",
            "name": "469 Motor Protection Relay"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c 1.71",
                "product": {
                  "name": "MM300 Motor Management Relay firmware: versions prior to Version 1.71",
                  "product_id": "CSAFPID-00023"
                }
              }
            ],
            "category": "product_name",
            "name": "MM300 Motor Management Relay firmware"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "5.92",
                "product": {
                  "name": "Universal Relay firmware: Version 5.92",
                  "product_id": "CSAFPID-00024"
                }
              }
            ],
            "category": "product_name",
            "name": "Universal Relay firmware"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c 7.47",
                "product": {
                  "name": "750 Feeder Protection Relay firmware: versions prior to Version 7.47",
                  "product_id": "CSAFPID-00025"
                }
              }
            ],
            "category": "product_name",
            "name": "750 Feeder Protection Relay firmware"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c 5.23",
                "product": {
                  "name": "745 Transformer Protection Relay firmware: versions prior to Version 5.23",
                  "product_id": "CSAFPID-00026"
                }
              }
            ],
            "category": "product_name",
            "name": "745 Transformer Protection Relay firmware"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "5.23",
                "product": {
                  "name": "745 Transformer Protection Relay: Version 5.23",
                  "product_id": "CSAFPID-00027"
                }
              }
            ],
            "category": "product_name",
            "name": "745 Transformer Protection Relay"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "1.92",
                "product": {
                  "name": "URplus firmware: Version 1.92",
                  "product_id": "CSAFPID-00028"
                }
              }
            ],
            "category": "product_name",
            "name": "URplus firmware"
          }
        ],
        "category": "vendor",
        "name": "General Electric (GE)"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2017-7905",
      "cwe": {
        "id": "CWE-261",
        "name": "Weak Encoding for Password"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Cipher text versions of user passwords were created with a non-random initialization vector leaving them susceptible to dictionary attacks. Cipher text of user passwords can be obtained from the front LCD panel of affected products and through issued Modbus commands.CVE-2017-7905 has been assigned to this vulnerability. A CVSS v3 base score of 8.1 has been assigned; the CVSS vector string is (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004",
          "CSAFPID-0005",
          "CSAFPID-0006",
          "CSAFPID-0007",
          "CSAFPID-0008",
          "CSAFPID-0009",
          "CSAFPID-00010",
          "CSAFPID-00011",
          "CSAFPID-00012",
          "CSAFPID-00013",
          "CSAFPID-00014",
          "CSAFPID-00015",
          "CSAFPID-00016",
          "CSAFPID-00017",
          "CSAFPID-00018",
          "CSAFPID-00019",
          "CSAFPID-00020",
          "CSAFPID-00021",
          "CSAFPID-00022",
          "CSAFPID-00023",
          "CSAFPID-00024",
          "CSAFPID-00025",
          "CSAFPID-00026",
          "CSAFPID-00027",
          "CSAFPID-00028"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7905"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "GE\u0027s download link for 760 Feeder Protection Relay, Version 7.47 is as follows:",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012",
            "CSAFPID-00013",
            "CSAFPID-00014",
            "CSAFPID-00015",
            "CSAFPID-00016",
            "CSAFPID-00017",
            "CSAFPID-00018",
            "CSAFPID-00019",
            "CSAFPID-00020",
            "CSAFPID-00021",
            "CSAFPID-00022",
            "CSAFPID-00023",
            "CSAFPID-00024",
            "CSAFPID-00025",
            "CSAFPID-00026",
            "CSAFPID-00027",
            "CSAFPID-00028"
          ],
          "url": "http://www.gegridsolutions.com/app/downloadfile.aspx?prod=750\u0026type=7\u0026file=2"
        },
        {
          "category": "mitigation",
          "details": "GE\u0027s download link for 750 Feeder Protection Relay, Version 7.47 is as follows (login required):",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012",
            "CSAFPID-00013",
            "CSAFPID-00014",
            "CSAFPID-00015",
            "CSAFPID-00016",
            "CSAFPID-00017",
            "CSAFPID-00018",
            "CSAFPID-00019",
            "CSAFPID-00020",
            "CSAFPID-00021",
            "CSAFPID-00022",
            "CSAFPID-00023",
            "CSAFPID-00024",
            "CSAFPID-00025",
            "CSAFPID-00026",
            "CSAFPID-00027",
            "CSAFPID-00028"
          ],
          "url": "http://www.gegridsolutions.com/app/downloadfile.aspx?prod=750\u0026type=7\u0026file=2"
        },
        {
          "category": "mitigation",
          "details": "GE\u0027s download link for 745 Transformer Protection Relay, Version 5.23 is as follows (login required):",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012",
            "CSAFPID-00013",
            "CSAFPID-00014",
            "CSAFPID-00015",
            "CSAFPID-00016",
            "CSAFPID-00017",
            "CSAFPID-00018",
            "CSAFPID-00019",
            "CSAFPID-00020",
            "CSAFPID-00021",
            "CSAFPID-00022",
            "CSAFPID-00023",
            "CSAFPID-00024",
            "CSAFPID-00025",
            "CSAFPID-00026",
            "CSAFPID-00027",
            "CSAFPID-00028"
          ],
          "url": "http://www.gegridsolutions.com/app/downloadfile.aspx?prod=745\u0026type=7\u0026file=2"
        },
        {
          "category": "mitigation",
          "details": "GE\u0027s download link for 489 Generator Protection Relay, Version 4.06 is as follows (login required):",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012",
            "CSAFPID-00013",
            "CSAFPID-00014",
            "CSAFPID-00015",
            "CSAFPID-00016",
            "CSAFPID-00017",
            "CSAFPID-00018",
            "CSAFPID-00019",
            "CSAFPID-00020",
            "CSAFPID-00021",
            "CSAFPID-00022",
            "CSAFPID-00023",
            "CSAFPID-00024",
            "CSAFPID-00025",
            "CSAFPID-00026",
            "CSAFPID-00027",
            "CSAFPID-00028"
          ],
          "url": "http://www.gegridsolutions.com/app/downloadfile.aspx?prod=489\u0026type=7\u0026file=2"
        },
        {
          "category": "mitigation",
          "details": "GE\u0027s download link for 469 Motor Protection Relay, Version 5.23 is as follows (login required):",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012",
            "CSAFPID-00013",
            "CSAFPID-00014",
            "CSAFPID-00015",
            "CSAFPID-00016",
            "CSAFPID-00017",
            "CSAFPID-00018",
            "CSAFPID-00019",
            "CSAFPID-00020",
            "CSAFPID-00021",
            "CSAFPID-00022",
            "CSAFPID-00023",
            "CSAFPID-00024",
            "CSAFPID-00025",
            "CSAFPID-00026",
            "CSAFPID-00027",
            "CSAFPID-00028"
          ],
          "url": "http://www.gegridsolutions.com/app/downloadfile.aspx?prod=469\u0026type=7\u0026file=2"
        },
        {
          "category": "mitigation",
          "details": "GE\u0027s download link for 369 Motor Protection Relay, Version 3.63 is as follows (login required):",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012",
            "CSAFPID-00013",
            "CSAFPID-00014",
            "CSAFPID-00015",
            "CSAFPID-00016",
            "CSAFPID-00017",
            "CSAFPID-00018",
            "CSAFPID-00019",
            "CSAFPID-00020",
            "CSAFPID-00021",
            "CSAFPID-00022",
            "CSAFPID-00023",
            "CSAFPID-00024",
            "CSAFPID-00025",
            "CSAFPID-00026",
            "CSAFPID-00027",
            "CSAFPID-00028"
          ],
          "url": "http://www.gegridsolutions.com/app/downloadfile.aspx?prod=369\u0026type=7\u0026file=2"
        },
        {
          "category": "mitigation",
          "details": "GE security advisory, UR-2017-00001 Multilin UR/URPlus Family of Protective Relays, is available at the following location, with a valid account:",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012",
            "CSAFPID-00013",
            "CSAFPID-00014",
            "CSAFPID-00015",
            "CSAFPID-00016",
            "CSAFPID-00017",
            "CSAFPID-00018",
            "CSAFPID-00019",
            "CSAFPID-00020",
            "CSAFPID-00021",
            "CSAFPID-00022",
            "CSAFPID-00023",
            "CSAFPID-00024",
            "CSAFPID-00025",
            "CSAFPID-00026",
            "CSAFPID-00027",
            "CSAFPID-00028"
          ],
          "url": "http://www.gegridsolutions.com/app/ViewFiles.aspx?prod=t60\u0026type=21"
        },
        {
          "category": "mitigation",
          "details": "GE had identified additional legacy products that have the same vulnerability as the SR protective relays and in response, has released the following updated firmware versions:",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012",
            "CSAFPID-00013",
            "CSAFPID-00014",
            "CSAFPID-00015",
            "CSAFPID-00016",
            "CSAFPID-00017",
            "CSAFPID-00018",
            "CSAFPID-00019",
            "CSAFPID-00020",
            "CSAFPID-00021",
            "CSAFPID-00022",
            "CSAFPID-00023",
            "CSAFPID-00024",
            "CSAFPID-00025",
            "CSAFPID-00026",
            "CSAFPID-00027",
            "CSAFPID-00028"
          ]
        },
        {
          "category": "mitigation",
          "details": "GE\u0027s download link for the MM300 Motor Management Relay, firmware Version 1.71 is as follows (login required):",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012",
            "CSAFPID-00013",
            "CSAFPID-00014",
            "CSAFPID-00015",
            "CSAFPID-00016",
            "CSAFPID-00017",
            "CSAFPID-00018",
            "CSAFPID-00019",
            "CSAFPID-00020",
            "CSAFPID-00021",
            "CSAFPID-00022",
            "CSAFPID-00023",
            "CSAFPID-00024",
            "CSAFPID-00025",
            "CSAFPID-00026",
            "CSAFPID-00027",
            "CSAFPID-00028"
          ],
          "url": "http://www.gegridsolutions.com/Passport/Login.aspx?ReturnUrl=%2fapp%2fDownloadFile.aspx%3fprod%3dMM300%26type%3d7%26file%3d2"
        },
        {
          "category": "mitigation",
          "details": "GE\u0027s release notification is as follows:",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012",
            "CSAFPID-00013",
            "CSAFPID-00014",
            "CSAFPID-00015",
            "CSAFPID-00016",
            "CSAFPID-00017",
            "CSAFPID-00018",
            "CSAFPID-00019",
            "CSAFPID-00020",
            "CSAFPID-00021",
            "CSAFPID-00022",
            "CSAFPID-00023",
            "CSAFPID-00024",
            "CSAFPID-00025",
            "CSAFPID-00026",
            "CSAFPID-00027",
            "CSAFPID-00028"
          ],
          "url": "http://www.gegridsolutions.com/products/support/mm300/GER-4807.pdf"
        },
        {
          "category": "mitigation",
          "details": "GE\u0027s download link for the MM200 Motor Management System, firmware Version 1.25 is as follows (login required):",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012",
            "CSAFPID-00013",
            "CSAFPID-00014",
            "CSAFPID-00015",
            "CSAFPID-00016",
            "CSAFPID-00017",
            "CSAFPID-00018",
            "CSAFPID-00019",
            "CSAFPID-00020",
            "CSAFPID-00021",
            "CSAFPID-00022",
            "CSAFPID-00023",
            "CSAFPID-00024",
            "CSAFPID-00025",
            "CSAFPID-00026",
            "CSAFPID-00027",
            "CSAFPID-00028"
          ],
          "url": "http://www.gegridsolutions.com/Passport/Login.aspx?ReturnUrl=%2fapp%2fDownloadFile.aspx%3fprod%3dMm200%26type%3d7%26file%3d3"
        },
        {
          "category": "mitigation",
          "details": "GE\u0027s release notification is as follows:",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012",
            "CSAFPID-00013",
            "CSAFPID-00014",
            "CSAFPID-00015",
            "CSAFPID-00016",
            "CSAFPID-00017",
            "CSAFPID-00018",
            "CSAFPID-00019",
            "CSAFPID-00020",
            "CSAFPID-00021",
            "CSAFPID-00022",
            "CSAFPID-00023",
            "CSAFPID-00024",
            "CSAFPID-00025",
            "CSAFPID-00026",
            "CSAFPID-00027",
            "CSAFPID-00028"
          ],
          "url": "http://www.gegridsolutions.com/products/support/mm200/GER-4801.pdf"
        },
        {
          "category": "mitigation",
          "details": "MX350 Relay, firmware versions prior to Version 1.27,",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012",
            "CSAFPID-00013",
            "CSAFPID-00014",
            "CSAFPID-00015",
            "CSAFPID-00016",
            "CSAFPID-00017",
            "CSAFPID-00018",
            "CSAFPID-00019",
            "CSAFPID-00020",
            "CSAFPID-00021",
            "CSAFPID-00022",
            "CSAFPID-00023",
            "CSAFPID-00024",
            "CSAFPID-00025",
            "CSAFPID-00026",
            "CSAFPID-00027",
            "CSAFPID-00028"
          ]
        },
        {
          "category": "mitigation",
          "details": "For more information about the availability of this firmware version, contact GE\u0027s support:",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012",
            "CSAFPID-00013",
            "CSAFPID-00014",
            "CSAFPID-00015",
            "CSAFPID-00016",
            "CSAFPID-00017",
            "CSAFPID-00018",
            "CSAFPID-00019",
            "CSAFPID-00020",
            "CSAFPID-00021",
            "CSAFPID-00022",
            "CSAFPID-00023",
            "CSAFPID-00024",
            "CSAFPID-00025",
            "CSAFPID-00026",
            "CSAFPID-00027",
            "CSAFPID-00028"
          ],
          "url": "http://www.gegridsolutions.com/multilin/support.aspx"
        },
        {
          "category": "mitigation",
          "details": "RPTCS, firmware versions prior to Version 1.29,",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012",
            "CSAFPID-00013",
            "CSAFPID-00014",
            "CSAFPID-00015",
            "CSAFPID-00016",
            "CSAFPID-00017",
            "CSAFPID-00018",
            "CSAFPID-00019",
            "CSAFPID-00020",
            "CSAFPID-00021",
            "CSAFPID-00022",
            "CSAFPID-00023",
            "CSAFPID-00024",
            "CSAFPID-00025",
            "CSAFPID-00026",
            "CSAFPID-00027",
            "CSAFPID-00028"
          ]
        },
        {
          "category": "mitigation",
          "details": "For more information about the availability of this firmware version, contact GE\u0027s support:",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012",
            "CSAFPID-00013",
            "CSAFPID-00014",
            "CSAFPID-00015",
            "CSAFPID-00016",
            "CSAFPID-00017",
            "CSAFPID-00018",
            "CSAFPID-00019",
            "CSAFPID-00020",
            "CSAFPID-00021",
            "CSAFPID-00022",
            "CSAFPID-00023",
            "CSAFPID-00024",
            "CSAFPID-00025",
            "CSAFPID-00026",
            "CSAFPID-00027",
            "CSAFPID-00028"
          ],
          "url": "http://www.gegridsolutions.com/multilin/support.aspx"
        },
        {
          "category": "mitigation",
          "details": "GE\u0027s download link for the 350 Feeder Protection Relay, firmware Version 2.30 is as follows (login required):",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012",
            "CSAFPID-00013",
            "CSAFPID-00014",
            "CSAFPID-00015",
            "CSAFPID-00016",
            "CSAFPID-00017",
            "CSAFPID-00018",
            "CSAFPID-00019",
            "CSAFPID-00020",
            "CSAFPID-00021",
            "CSAFPID-00022",
            "CSAFPID-00023",
            "CSAFPID-00024",
            "CSAFPID-00025",
            "CSAFPID-00026",
            "CSAFPID-00027",
            "CSAFPID-00028"
          ],
          "url": "http://www.gegridsolutions.com/Passport/Login.aspx?ReturnUrl=%2fapp%2fDownloadFile.aspx%3fprod%3d350%26type%3d7%26file%3d3"
        },
        {
          "category": "mitigation",
          "details": "GE\u0027s release notification is as follows:",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012",
            "CSAFPID-00013",
            "CSAFPID-00014",
            "CSAFPID-00015",
            "CSAFPID-00016",
            "CSAFPID-00017",
            "CSAFPID-00018",
            "CSAFPID-00019",
            "CSAFPID-00020",
            "CSAFPID-00021",
            "CSAFPID-00022",
            "CSAFPID-00023",
            "CSAFPID-00024",
            "CSAFPID-00025",
            "CSAFPID-00026",
            "CSAFPID-00027",
            "CSAFPID-00028"
          ],
          "url": "http://www.gegridsolutions.com/products/support/3Series/GER-4791.pdf"
        },
        {
          "category": "mitigation",
          "details": "GE\u0027s download link for the 345 Transformer Protection Relay, firmware Version 2.30, is as follows (login required):",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012",
            "CSAFPID-00013",
            "CSAFPID-00014",
            "CSAFPID-00015",
            "CSAFPID-00016",
            "CSAFPID-00017",
            "CSAFPID-00018",
            "CSAFPID-00019",
            "CSAFPID-00020",
            "CSAFPID-00021",
            "CSAFPID-00022",
            "CSAFPID-00023",
            "CSAFPID-00024",
            "CSAFPID-00025",
            "CSAFPID-00026",
            "CSAFPID-00027",
            "CSAFPID-00028"
          ],
          "url": "http://www.gegridsolutions.com/Passport/Login.aspx?ReturnUrl=%2fapp%2fDownloadFile.aspx%3fprod%3d345%26type%3d7%26file%3d2"
        },
        {
          "category": "mitigation",
          "details": "GE\u0027s release notification is as follows:",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012",
            "CSAFPID-00013",
            "CSAFPID-00014",
            "CSAFPID-00015",
            "CSAFPID-00016",
            "CSAFPID-00017",
            "CSAFPID-00018",
            "CSAFPID-00019",
            "CSAFPID-00020",
            "CSAFPID-00021",
            "CSAFPID-00022",
            "CSAFPID-00023",
            "CSAFPID-00024",
            "CSAFPID-00025",
            "CSAFPID-00026",
            "CSAFPID-00027",
            "CSAFPID-00028"
          ],
          "url": "http://www.gegridsolutions.com/products/support/3Series/GER-4791.pdf"
        },
        {
          "category": "mitigation",
          "details": "GE\u0027s download link for the 339 Motor Protection Relay, firmware Version 2.30, is as follows (login required):",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012",
            "CSAFPID-00013",
            "CSAFPID-00014",
            "CSAFPID-00015",
            "CSAFPID-00016",
            "CSAFPID-00017",
            "CSAFPID-00018",
            "CSAFPID-00019",
            "CSAFPID-00020",
            "CSAFPID-00021",
            "CSAFPID-00022",
            "CSAFPID-00023",
            "CSAFPID-00024",
            "CSAFPID-00025",
            "CSAFPID-00026",
            "CSAFPID-00027",
            "CSAFPID-00028"
          ],
          "url": "http://www.gegridsolutions.com/Passport/Login.aspx?ReturnUrl=%2fapp%2fDownloadFile.aspx%3fprod%3d339%26type%3d7%26file%3d2"
        },
        {
          "category": "mitigation",
          "details": "GE\u0027s release notification is as follows:",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012",
            "CSAFPID-00013",
            "CSAFPID-00014",
            "CSAFPID-00015",
            "CSAFPID-00016",
            "CSAFPID-00017",
            "CSAFPID-00018",
            "CSAFPID-00019",
            "CSAFPID-00020",
            "CSAFPID-00021",
            "CSAFPID-00022",
            "CSAFPID-00023",
            "CSAFPID-00024",
            "CSAFPID-00025",
            "CSAFPID-00026",
            "CSAFPID-00027",
            "CSAFPID-00028"
          ],
          "url": "http://www.gegridsolutions.com/products/support/3Series/GER-4791.pdf"
        },
        {
          "category": "mitigation",
          "details": "GE\u0027s download link for the T1000 Switch, firmware Version 03A02 is as follows (login required):",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012",
            "CSAFPID-00013",
            "CSAFPID-00014",
            "CSAFPID-00015",
            "CSAFPID-00016",
            "CSAFPID-00017",
            "CSAFPID-00018",
            "CSAFPID-00019",
            "CSAFPID-00020",
            "CSAFPID-00021",
            "CSAFPID-00022",
            "CSAFPID-00023",
            "CSAFPID-00024",
            "CSAFPID-00025",
            "CSAFPID-00026",
            "CSAFPID-00027",
            "CSAFPID-00028"
          ],
          "url": "http://www.gegridsolutions.com/Passport/Login.aspx?ReturnUrl=%2fapp%2fDownloadFile.aspx%3fprod%3dS20-T1000%26type%3d7%26file%3d3"
        },
        {
          "category": "mitigation",
          "details": "GE UR firmware versions 7.xx are not affected. GE has released updates that remove the ability to obtain the password cipher text in the following firmware versions:",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012",
            "CSAFPID-00013",
            "CSAFPID-00014",
            "CSAFPID-00015",
            "CSAFPID-00016",
            "CSAFPID-00017",
            "CSAFPID-00018",
            "CSAFPID-00019",
            "CSAFPID-00020",
            "CSAFPID-00021",
            "CSAFPID-00022",
            "CSAFPID-00023",
            "CSAFPID-00024",
            "CSAFPID-00025",
            "CSAFPID-00026",
            "CSAFPID-00027",
            "CSAFPID-00028"
          ]
        },
        {
          "category": "mitigation",
          "details": "Universal Relay: firmware Version 5.83",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012",
            "CSAFPID-00013",
            "CSAFPID-00014",
            "CSAFPID-00015",
            "CSAFPID-00016",
            "CSAFPID-00017",
            "CSAFPID-00018",
            "CSAFPID-00019",
            "CSAFPID-00020",
            "CSAFPID-00021",
            "CSAFPID-00022",
            "CSAFPID-00023",
            "CSAFPID-00024",
            "CSAFPID-00025",
            "CSAFPID-00026",
            "CSAFPID-00027",
            "CSAFPID-00028"
          ]
        },
        {
          "category": "mitigation",
          "details": "Universal Relay: firmware Version 5.92",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012",
            "CSAFPID-00013",
            "CSAFPID-00014",
            "CSAFPID-00015",
            "CSAFPID-00016",
            "CSAFPID-00017",
            "CSAFPID-00018",
            "CSAFPID-00019",
            "CSAFPID-00020",
            "CSAFPID-00021",
            "CSAFPID-00022",
            "CSAFPID-00023",
            "CSAFPID-00024",
            "CSAFPID-00025",
            "CSAFPID-00026",
            "CSAFPID-00027",
            "CSAFPID-00028"
          ]
        },
        {
          "category": "mitigation",
          "details": "Universal Relay: firmware Version 6.02 to 6.05",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012",
            "CSAFPID-00013",
            "CSAFPID-00014",
            "CSAFPID-00015",
            "CSAFPID-00016",
            "CSAFPID-00017",
            "CSAFPID-00018",
            "CSAFPID-00019",
            "CSAFPID-00020",
            "CSAFPID-00021",
            "CSAFPID-00022",
            "CSAFPID-00023",
            "CSAFPID-00024",
            "CSAFPID-00025",
            "CSAFPID-00026",
            "CSAFPID-00027",
            "CSAFPID-00028"
          ]
        },
        {
          "category": "mitigation",
          "details": "The Universal Relay firmware is available at the following location:",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012",
            "CSAFPID-00013",
            "CSAFPID-00014",
            "CSAFPID-00015",
            "CSAFPID-00016",
            "CSAFPID-00017",
            "CSAFPID-00018",
            "CSAFPID-00019",
            "CSAFPID-00020",
            "CSAFPID-00021",
            "CSAFPID-00022",
            "CSAFPID-00023",
            "CSAFPID-00024",
            "CSAFPID-00025",
            "CSAFPID-00026",
            "CSAFPID-00027",
            "CSAFPID-00028"
          ],
          "url": "https://www.gegridsolutions.com/app/ViewFiles.aspx?prod=urfamily\u0026type=7"
        },
        {
          "category": "mitigation",
          "details": "GE reports that the URplus platform will have firmware updates released in July 2017 for the following product versions:",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012",
            "CSAFPID-00013",
            "CSAFPID-00014",
            "CSAFPID-00015",
            "CSAFPID-00016",
            "CSAFPID-00017",
            "CSAFPID-00018",
            "CSAFPID-00019",
            "CSAFPID-00020",
            "CSAFPID-00021",
            "CSAFPID-00022",
            "CSAFPID-00023",
            "CSAFPID-00024",
            "CSAFPID-00025",
            "CSAFPID-00026",
            "CSAFPID-00027",
            "CSAFPID-00028"
          ]
        },
        {
          "category": "mitigation",
          "details": "URplus: firmware Version 1.86",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012",
            "CSAFPID-00013",
            "CSAFPID-00014",
            "CSAFPID-00015",
            "CSAFPID-00016",
            "CSAFPID-00017",
            "CSAFPID-00018",
            "CSAFPID-00019",
            "CSAFPID-00020",
            "CSAFPID-00021",
            "CSAFPID-00022",
            "CSAFPID-00023",
            "CSAFPID-00024",
            "CSAFPID-00025",
            "CSAFPID-00026",
            "CSAFPID-00027",
            "CSAFPID-00028"
          ]
        },
        {
          "category": "mitigation",
          "details": "URplus: firmware Version 1.92",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012",
            "CSAFPID-00013",
            "CSAFPID-00014",
            "CSAFPID-00015",
            "CSAFPID-00016",
            "CSAFPID-00017",
            "CSAFPID-00018",
            "CSAFPID-00019",
            "CSAFPID-00020",
            "CSAFPID-00021",
            "CSAFPID-00022",
            "CSAFPID-00023",
            "CSAFPID-00024",
            "CSAFPID-00025",
            "CSAFPID-00026",
            "CSAFPID-00027",
            "CSAFPID-00028"
          ]
        },
        {
          "category": "mitigation",
          "details": "B95Plus: firmware Version 1.03",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012",
            "CSAFPID-00013",
            "CSAFPID-00014",
            "CSAFPID-00015",
            "CSAFPID-00016",
            "CSAFPID-00017",
            "CSAFPID-00018",
            "CSAFPID-00019",
            "CSAFPID-00020",
            "CSAFPID-00021",
            "CSAFPID-00022",
            "CSAFPID-00023",
            "CSAFPID-00024",
            "CSAFPID-00025",
            "CSAFPID-00026",
            "CSAFPID-00027",
            "CSAFPID-00028"
          ]
        },
        {
          "category": "mitigation",
          "details": "GE recommends that users apply updated firmware versions to affected products, as well as implement the following physical security and network security defensive measures:",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012",
            "CSAFPID-00013",
            "CSAFPID-00014",
            "CSAFPID-00015",
            "CSAFPID-00016",
            "CSAFPID-00017",
            "CSAFPID-00018",
            "CSAFPID-00019",
            "CSAFPID-00020",
            "CSAFPID-00021",
            "CSAFPID-00022",
            "CSAFPID-00023",
            "CSAFPID-00024",
            "CSAFPID-00025",
            "CSAFPID-00026",
            "CSAFPID-00027",
            "CSAFPID-00028"
          ]
        },
        {
          "category": "mitigation",
          "details": "Control access to affected products by keeping devices in a locked and secure environment,",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012",
            "CSAFPID-00013",
            "CSAFPID-00014",
            "CSAFPID-00015",
            "CSAFPID-00016",
            "CSAFPID-00017",
            "CSAFPID-00018",
            "CSAFPID-00019",
            "CSAFPID-00020",
            "CSAFPID-00021",
            "CSAFPID-00022",
            "CSAFPID-00023",
            "CSAFPID-00024",
            "CSAFPID-00025",
            "CSAFPID-00026",
            "CSAFPID-00027",
            "CSAFPID-00028"
          ]
        },
        {
          "category": "mitigation",
          "details": "Remove passwords when decommissioning devices,",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012",
            "CSAFPID-00013",
            "CSAFPID-00014",
            "CSAFPID-00015",
            "CSAFPID-00016",
            "CSAFPID-00017",
            "CSAFPID-00018",
            "CSAFPID-00019",
            "CSAFPID-00020",
            "CSAFPID-00021",
            "CSAFPID-00022",
            "CSAFPID-00023",
            "CSAFPID-00024",
            "CSAFPID-00025",
            "CSAFPID-00026",
            "CSAFPID-00027",
            "CSAFPID-00028"
          ]
        },
        {
          "category": "mitigation",
          "details": "Monitor and block malicious network activity, and",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012",
            "CSAFPID-00013",
            "CSAFPID-00014",
            "CSAFPID-00015",
            "CSAFPID-00016",
            "CSAFPID-00017",
            "CSAFPID-00018",
            "CSAFPID-00019",
            "CSAFPID-00020",
            "CSAFPID-00021",
            "CSAFPID-00022",
            "CSAFPID-00023",
            "CSAFPID-00024",
            "CSAFPID-00025",
            "CSAFPID-00026",
            "CSAFPID-00027",
            "CSAFPID-00028"
          ]
        },
        {
          "category": "mitigation",
          "details": "Implement appropriate network segmentation and place affected devices within the control system network, behind properly configured firewalls. Protection and Control system devices should not be directly connected to the Internet or business networks.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012",
            "CSAFPID-00013",
            "CSAFPID-00014",
            "CSAFPID-00015",
            "CSAFPID-00016",
            "CSAFPID-00017",
            "CSAFPID-00018",
            "CSAFPID-00019",
            "CSAFPID-00020",
            "CSAFPID-00021",
            "CSAFPID-00022",
            "CSAFPID-00023",
            "CSAFPID-00024",
            "CSAFPID-00025",
            "CSAFPID-00026",
            "CSAFPID-00027",
            "CSAFPID-00028"
          ]
        },
        {
          "category": "mitigation",
          "details": "GE security advisory, SR-2017-00001 Multilin SR Family of Protective Relays, is available at the following location, with a valid account:",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012",
            "CSAFPID-00013",
            "CSAFPID-00014",
            "CSAFPID-00015",
            "CSAFPID-00016",
            "CSAFPID-00017",
            "CSAFPID-00018",
            "CSAFPID-00019",
            "CSAFPID-00020",
            "CSAFPID-00021",
            "CSAFPID-00022",
            "CSAFPID-00023",
            "CSAFPID-00024",
            "CSAFPID-00025",
            "CSAFPID-00026",
            "CSAFPID-00027",
            "CSAFPID-00028"
          ],
          "url": "https://www.gegridsolutions.com/app/ViewFiles.aspx?prod=750\u0026type=21"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012",
            "CSAFPID-00013",
            "CSAFPID-00014",
            "CSAFPID-00015",
            "CSAFPID-00016",
            "CSAFPID-00017",
            "CSAFPID-00018",
            "CSAFPID-00019",
            "CSAFPID-00020",
            "CSAFPID-00021",
            "CSAFPID-00022",
            "CSAFPID-00023",
            "CSAFPID-00024",
            "CSAFPID-00025",
            "CSAFPID-00026",
            "CSAFPID-00027",
            "CSAFPID-00028"
          ]
        }
      ]
    }
  ]
}

GSD-2017-7905

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2017-7905

Aliases

CVE-2017-7905

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-7905",
    "description": "A Weak Cryptography for Passwords issue was discovered in General Electric (GE) Multilin SR 750 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 760 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 469 Motor Protection Relay, firmware versions prior to Version 5.23; SR 489 Generator Protection Relay, firmware versions prior to Version 4.06; SR 745 Transformer Protection Relay, firmware versions prior to Version 5.23; SR 369 Motor Protection Relay, all firmware versions; Multilin Universal Relay, firmware Version 6.0 and prior versions; and Multilin URplus (D90, C90, B95), all versions. Ciphertext versions of user passwords were created with a non-random initialization vector leaving them susceptible to dictionary attacks. Ciphertext of user passwords can be obtained from the front LCD panel of affected products and through issued Modbus commands.",
    "id": "GSD-2017-7905"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-7905"
      ],
      "details": "A Weak Cryptography for Passwords issue was discovered in General Electric (GE) Multilin SR 750 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 760 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 469 Motor Protection Relay, firmware versions prior to Version 5.23; SR 489 Generator Protection Relay, firmware versions prior to Version 4.06; SR 745 Transformer Protection Relay, firmware versions prior to Version 5.23; SR 369 Motor Protection Relay, all firmware versions; Multilin Universal Relay, firmware Version 6.0 and prior versions; and Multilin URplus (D90, C90, B95), all versions. Ciphertext versions of user passwords were created with a non-random initialization vector leaving them susceptible to dictionary attacks. Ciphertext of user passwords can be obtained from the front LCD panel of affected products and through issued Modbus commands.",
      "id": "GSD-2017-7905",
      "modified": "2023-12-13T01:21:06.844039Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "ics-cert@hq.dhs.gov",
        "ID": "CVE-2017-7905",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "GE Multilin SR, UR, and URplus Protective Relays",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "GE Multilin SR, UR, and URplus Protective Relays"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A Weak Cryptography for Passwords issue was discovered in General Electric (GE) Multilin SR 750 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 760 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 469 Motor Protection Relay, firmware versions prior to Version 5.23; SR 489 Generator Protection Relay, firmware versions prior to Version 4.06; SR 745 Transformer Protection Relay, firmware versions prior to Version 5.23; SR 369 Motor Protection Relay, all firmware versions; Multilin Universal Relay, firmware Version 6.0 and prior versions; and Multilin URplus (D90, C90, B95), all versions. Ciphertext versions of user passwords were created with a non-random initialization vector leaving them susceptible to dictionary attacks. Ciphertext of user passwords can be obtained from the front LCD panel of affected products and through issued Modbus commands."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-261"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "98063",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/98063"
          },
          {
            "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-117-01A",
            "refsource": "MISC",
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-117-01A"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:ge:multilin_sr_750_feeder_protection_relay_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "5.02",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:ge:multilin_sr_750_feeder_protection_relay:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:ge:multilin_sr_760_feeder_protection_relay_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "5.02",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:ge:multilin_sr_760_feeder_protection_relay:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:ge:multilin_sr_469_motor_protection_relay_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "2.90",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:ge:multilin_sr_469_motor_protection_relay:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:ge:multilin_sr_489_generator_protection_relay_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.53",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:ge:multilin_sr_489_generator_protection_relay:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:ge:multilin_sr_745_transformer_protection_relay_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "2.85",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:ge:multilin_sr_745_transformer_protection_relay:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:ge:multilin_sr_369_motor_protection_relay_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:ge:multilin_sr_369_motor_protection_relay:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:ge:multilin_universal_relay_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "6.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:ge:multilin_universal_relay:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:ge:multilin_urplus_d90_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:ge:multilin_urplus_d90:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:ge:multilin_urplus_c90_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:ge:multilin_urplus_c90:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:ge:multilin_urplus_b95_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:ge:multilin_urplus_b95:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2017-7905"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A Weak Cryptography for Passwords issue was discovered in General Electric (GE) Multilin SR 750 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 760 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 469 Motor Protection Relay, firmware versions prior to Version 5.23; SR 489 Generator Protection Relay, firmware versions prior to Version 4.06; SR 745 Transformer Protection Relay, firmware versions prior to Version 5.23; SR 369 Motor Protection Relay, all firmware versions; Multilin Universal Relay, firmware Version 6.0 and prior versions; and Multilin URplus (D90, C90, B95), all versions. Ciphertext versions of user passwords were created with a non-random initialization vector leaving them susceptible to dictionary attacks. Ciphertext of user passwords can be obtained from the front LCD panel of affected products and through issued Modbus commands."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-326"
                },
                {
                  "lang": "en",
                  "value": "CWE-330"
                },
                {
                  "lang": "en",
                  "value": "CWE-522"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-117-01A",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-117-01A"
            },
            {
              "name": "98063",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/98063"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": true,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2019-10-09T23:29Z",
      "publishedDate": "2017-06-30T03:29Z"
    }
  }
}

CNVD-2017-07261

Vulnerability from cnvd - Published: 2017-05-23

Title

多款GE产品弱密码漏洞

Description

GE 750 Feeder Protection Relay等都是美国通用电气（GE）公司的继电器产品。多款GE产品中存在安全漏洞，由于程序使用弱密码。攻击者可利用该漏洞获取系统的访问权限。

Severity

高

Patch Name

多款GE产品弱密码漏洞的补丁

Patch Description

GE 750 Feeder Protection Relay等都是美国通用电气（GE）公司的继电器产品。多款GE产品中存在安全漏洞，由于程序使用弱密码。攻击者可利用该漏洞获取系统的访问权限。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已经发布了升级补丁以修复此安全问题，详情请关注厂商主页： https://www.gegridsolutions.com/

Reference

http://www.securityfocus.com/bid/98063 https://ics-cert.us-cert.gov/advisories/ICSA-17-117-01A

Impacted products

Name
['GE 750 Feeder Protection Relay', 'GE 760 Feeder Protection Relay', 'GE 745 Transformer Protection Relay', 'GE 489 Generator Protection Relay', 'GE 469 Motor Protection Relay', 'GE 369 Motor Protection Relay']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "98063"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-7905",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7905"
    }
  },
  "description": "GE 750 Feeder Protection Relay\u7b49\u90fd\u662f\u7f8e\u56fd\u901a\u7528\u7535\u6c14\uff08GE\uff09\u516c\u53f8\u7684\u7ee7\u7535\u5668\u4ea7\u54c1\u3002\r\n\r\n\u591a\u6b3eGE\u4ea7\u54c1\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u7531\u4e8e\u7a0b\u5e8f\u4f7f\u7528\u5f31\u5bc6\u7801\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u7cfb\u7edf\u7684\u8bbf\u95ee\u6743\u9650\u3002",
  "discovererName": "Anastasis Keliris, Charalambos Konstantinou, Marios Sazos, and Dr. Michail (Mihalis) Maniatakos.",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8be6\u60c5\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\uff1a\r\nhttps://www.gegridsolutions.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-07261",
  "openTime": "2017-05-23",
  "patchDescription": "GE 750 Feeder Protection Relay\u7b49\u90fd\u662f\u7f8e\u56fd\u901a\u7528\u7535\u6c14\uff08GE\uff09\u516c\u53f8\u7684\u7ee7\u7535\u5668\u4ea7\u54c1\u3002\r\n\r\n\u591a\u6b3eGE\u4ea7\u54c1\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u7531\u4e8e\u7a0b\u5e8f\u4f7f\u7528\u5f31\u5bc6\u7801\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u7cfb\u7edf\u7684\u8bbf\u95ee\u6743\u9650\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u6b3eGE\u4ea7\u54c1\u5f31\u5bc6\u7801\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "GE 750 Feeder Protection Relay",
      "GE 760 Feeder Protection Relay",
      "GE 745 Transformer Protection Relay",
      "GE 489 Generator Protection Relay",
      "GE 469 Motor Protection Relay",
      "GE 369 Motor Protection Relay"
    ]
  },
  "referenceLink": "http://www.securityfocus.com/bid/98063\r\nhttps://ics-cert.us-cert.gov/advisories/ICSA-17-117-01A",
  "serverity": "\u9ad8",
  "submitTime": "2017-05-05",
  "title": "\u591a\u6b3eGE\u4ea7\u54c1\u5f31\u5bc6\u7801\u6f0f\u6d1e"
}

VAR-201706-0659

Vulnerability from variot - Updated: 2023-12-18 12:44

A Weak Cryptography for Passwords issue was discovered in General Electric (GE) Multilin SR 750 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 760 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 469 Motor Protection Relay, firmware versions prior to Version 5.23; SR 489 Generator Protection Relay, firmware versions prior to Version 4.06; SR 745 Transformer Protection Relay, firmware versions prior to Version 5.23; SR 369 Motor Protection Relay, all firmware versions; Multilin Universal Relay, firmware Version 6.0 and prior versions; and Multilin URplus (D90, C90, B95), all versions. Ciphertext versions of user passwords were created with a non-random initialization vector leaving them susceptible to dictionary attacks. Ciphertext of user passwords can be obtained from the front LCD panel of affected products and through issued Modbus commands. plural General Electric (GE) The product contains cryptographic vulnerabilities.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The GE Multilin SR Relay Protector has an unauthorized access vulnerability that allows an attacker to gain access to a user password from a front panel or Modbus command and gain unauthorized access to GE MultilinSR Series Relay Protector products. GE 750 Feeder Protection Relay and others are relay products of General Electric (GE) of the United States. Security vulnerabilities exist in several GE products due to weak passwords used by programs. An attacker could exploit this vulnerability to gain access to the system

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201706-0659",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "multilin urplus c90",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "ge",
        "version": null
      },
      {
        "model": "multilin sr 369 motor protection relay",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "ge",
        "version": null
      },
      {
        "model": "multilin urplus b95",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "ge",
        "version": null
      },
      {
        "model": "multilin urplus d90",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "ge",
        "version": null
      },
      {
        "model": "multilin sr 760 feeder protection relay",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "ge",
        "version": "5.02"
      },
      {
        "model": "multilin sr 750 feeder protection relay",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "ge",
        "version": "5.02"
      },
      {
        "model": "multilin sr 745 transformer protection relay",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "ge",
        "version": "2.85"
      },
      {
        "model": "multilin sr 469 motor protection relay",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "ge",
        "version": "2.90"
      },
      {
        "model": "multilin universal relay",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "ge",
        "version": "6.0"
      },
      {
        "model": "multilin sr 489 generator protection relay",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "ge",
        "version": "1.53"
      },
      {
        "model": "sr 369 motor protection relay",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "general electric",
        "version": null
      },
      {
        "model": "sr 469 motor protection relay",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "general electric",
        "version": "5.23"
      },
      {
        "model": "sr 489 generator protection relay",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "general electric",
        "version": "4.06"
      },
      {
        "model": "sr 745 transformer protection relay",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "general electric",
        "version": "5.23"
      },
      {
        "model": "sr 750 feeder protection relay",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "general electric",
        "version": "7.47"
      },
      {
        "model": "sr 760 feeder protection relay",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "general electric",
        "version": "7.47"
      },
      {
        "model": "universal relay",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "general electric",
        "version": "6.0"
      },
      {
        "model": "urplus b95",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "general electric",
        "version": null
      },
      {
        "model": "urplus c90",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "general electric",
        "version": null
      },
      {
        "model": "urplus d90",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "general electric",
        "version": null
      },
      {
        "model": "feeder protection relay",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ge",
        "version": "750\u003c7.47"
      },
      {
        "model": "feeder protection relay",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ge",
        "version": "760\u003c7.47"
      },
      {
        "model": "motor protection relay",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ge",
        "version": "469\u003c5.23"
      },
      {
        "model": "generator protection relay",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ge",
        "version": "489\u003c4.06"
      },
      {
        "model": "transformer protection relay",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ge",
        "version": "745\u003c5.23"
      },
      {
        "model": "feeder protection relay",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ge",
        "version": "750"
      },
      {
        "model": "feeder protection relay",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ge",
        "version": "760"
      },
      {
        "model": "transformer protection relay",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ge",
        "version": "745"
      },
      {
        "model": "generator protection relay",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ge",
        "version": "489"
      },
      {
        "model": "motor protection relay",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ge",
        "version": "469"
      },
      {
        "model": "motor protection relay",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ge",
        "version": "369"
      },
      {
        "model": "multilin sr 489 generator protection relay",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ge",
        "version": "1.53"
      },
      {
        "model": "multilin sr 750 feeder protection relay",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ge",
        "version": "5.02"
      },
      {
        "model": "multilin sr 745 transformer protection relay",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ge",
        "version": "2.85"
      },
      {
        "model": "multilin sr 469 motor protection relay",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ge",
        "version": "2.90"
      },
      {
        "model": "multilin universal relay",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ge",
        "version": "6.0"
      },
      {
        "model": "multilin sr 760 feeder protection relay",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ge",
        "version": "5.02"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.4,
        "vendor": "multilin sr 750 feeder protection relay",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.4,
        "vendor": "multilin urplus b95",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.4,
        "vendor": "multilin sr 760 feeder protection relay",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.4,
        "vendor": "multilin sr 469 motor protection relay",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.4,
        "vendor": "multilin sr 489 generator protection relay",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.4,
        "vendor": "multilin sr 745 transformer protection relay",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.4,
        "vendor": "multilin sr 369 motor protection relay",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.4,
        "vendor": "multilin universal relay",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.4,
        "vendor": "multilin urplus d90",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.4,
        "vendor": "multilin urplus c90",
        "version": null
      },
      {
        "model": "feeder protection relay",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ge",
        "version": "7600"
      },
      {
        "model": "feeder protection relay",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ge",
        "version": "7500"
      },
      {
        "model": "transformer protection relay",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ge",
        "version": "7450"
      },
      {
        "model": "generator protection relay",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ge",
        "version": "4890"
      },
      {
        "model": "motor protection relay",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ge",
        "version": "4690"
      },
      {
        "model": "motor protection relay",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ge",
        "version": "3690"
      },
      {
        "model": "feeder protection relay",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ge",
        "version": "7607.47"
      },
      {
        "model": "feeder protection relay",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ge",
        "version": "7507.47"
      },
      {
        "model": "transformer protection relay",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ge",
        "version": "7455.23"
      },
      {
        "model": "generator protection relay",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ge",
        "version": "4894.06"
      },
      {
        "model": "motor protection relay",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ge",
        "version": "4695.23"
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "5dd457b7-da91-43e9-bbcf-14025ad4cf1c"
      },
      {
        "db": "IVD",
        "id": "d9b1473e-6988-4096-86db-42efea36309a"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-05694"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-07261"
      },
      {
        "db": "BID",
        "id": "98063"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005682"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-7905"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201705-173"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:ge:multilin_sr_750_feeder_protection_relay_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "5.02",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:ge:multilin_sr_750_feeder_protection_relay:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:ge:multilin_sr_760_feeder_protection_relay_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "5.02",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:ge:multilin_sr_760_feeder_protection_relay:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:ge:multilin_sr_469_motor_protection_relay_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "2.90",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:ge:multilin_sr_469_motor_protection_relay:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:ge:multilin_sr_489_generator_protection_relay_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.53",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:ge:multilin_sr_489_generator_protection_relay:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:ge:multilin_sr_745_transformer_protection_relay_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "2.85",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:ge:multilin_sr_745_transformer_protection_relay:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:ge:multilin_sr_369_motor_protection_relay_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:ge:multilin_sr_369_motor_protection_relay:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:ge:multilin_universal_relay_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "6.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:ge:multilin_universal_relay:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:ge:multilin_urplus_d90_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:ge:multilin_urplus_d90:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:ge:multilin_urplus_c90_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:ge:multilin_urplus_c90:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:ge:multilin_urplus_b95_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:ge:multilin_urplus_b95:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-7905"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Charalambos Konstantinou,Anastasis Keliris, Marios Sazos, and Dr. Michail (Mihalis) Maniatakos.",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201705-173"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2017-7905",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": true,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.0,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2017-7905",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.6,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 4.9,
            "id": "CNVD-2017-05694",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.6,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 4.9,
            "id": "CNVD-2017-07261",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.6,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 4.9,
            "id": "5dd457b7-da91-43e9-bbcf-14025ad4cf1c",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.2,
            "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.6,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 4.9,
            "id": "d9b1473e-6988-4096-86db-42efea36309a",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.2,
            "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-116108",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 9.8,
            "baseSeverity": "Critical",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2017-7905",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2017-7905",
            "trust": 1.8,
            "value": "CRITICAL"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2017-05694",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2017-07261",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201705-173",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "IVD",
            "id": "5dd457b7-da91-43e9-bbcf-14025ad4cf1c",
            "trust": 0.2,
            "value": "CRITICAL"
          },
          {
            "author": "IVD",
            "id": "d9b1473e-6988-4096-86db-42efea36309a",
            "trust": 0.2,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-116108",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "5dd457b7-da91-43e9-bbcf-14025ad4cf1c"
      },
      {
        "db": "IVD",
        "id": "d9b1473e-6988-4096-86db-42efea36309a"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-05694"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-07261"
      },
      {
        "db": "VULHUB",
        "id": "VHN-116108"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005682"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-7905"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201705-173"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A Weak Cryptography for Passwords issue was discovered in General Electric (GE) Multilin SR 750 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 760 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 469 Motor Protection Relay, firmware versions prior to Version 5.23; SR 489 Generator Protection Relay, firmware versions prior to Version 4.06; SR 745 Transformer Protection Relay, firmware versions prior to Version 5.23; SR 369 Motor Protection Relay, all firmware versions; Multilin Universal Relay, firmware Version 6.0 and prior versions; and Multilin URplus (D90, C90, B95), all versions. Ciphertext versions of user passwords were created with a non-random initialization vector leaving them susceptible to dictionary attacks. Ciphertext of user passwords can be obtained from the front LCD panel of affected products and through issued Modbus commands. plural General Electric (GE) The product contains cryptographic vulnerabilities.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The GE Multilin SR Relay Protector has an unauthorized access vulnerability that allows an attacker to gain access to a user password from a front panel or Modbus command and gain unauthorized access to GE MultilinSR Series Relay Protector products. GE 750 Feeder Protection Relay and others are relay products of General Electric (GE) of the United States. Security vulnerabilities exist in several GE products due to weak passwords used by programs. An attacker could exploit this vulnerability to gain access to the system",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-7905"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005682"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-05694"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-07261"
      },
      {
        "db": "BID",
        "id": "98063"
      },
      {
        "db": "IVD",
        "id": "5dd457b7-da91-43e9-bbcf-14025ad4cf1c"
      },
      {
        "db": "IVD",
        "id": "d9b1473e-6988-4096-86db-42efea36309a"
      },
      {
        "db": "VULHUB",
        "id": "VHN-116108"
      }
    ],
    "trust": 3.42
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-7905",
        "trust": 4.4
      },
      {
        "db": "BID",
        "id": "98063",
        "trust": 2.6
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-17-117-01A",
        "trust": 2.3
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201705-173",
        "trust": 1.1
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-17-117-01",
        "trust": 0.9
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-05694",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-07261",
        "trust": 0.8
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-17-117-01B",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005682",
        "trust": 0.8
      },
      {
        "db": "IVD",
        "id": "5DD457B7-DA91-43E9-BBCF-14025AD4CF1C",
        "trust": 0.2
      },
      {
        "db": "IVD",
        "id": "D9B1473E-6988-4096-86DB-42EFEA36309A",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-116108",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "5dd457b7-da91-43e9-bbcf-14025ad4cf1c"
      },
      {
        "db": "IVD",
        "id": "d9b1473e-6988-4096-86db-42efea36309a"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-05694"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-07261"
      },
      {
        "db": "VULHUB",
        "id": "VHN-116108"
      },
      {
        "db": "BID",
        "id": "98063"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005682"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-7905"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201705-173"
      }
    ]
  },
  "id": "VAR-201706-0659",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "5dd457b7-da91-43e9-bbcf-14025ad4cf1c"
      },
      {
        "db": "IVD",
        "id": "d9b1473e-6988-4096-86db-42efea36309a"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-05694"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-07261"
      },
      {
        "db": "VULHUB",
        "id": "VHN-116108"
      }
    ],
    "trust": 2.5333333
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 1.6
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "5dd457b7-da91-43e9-bbcf-14025ad4cf1c"
      },
      {
        "db": "IVD",
        "id": "d9b1473e-6988-4096-86db-42efea36309a"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-05694"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-07261"
      }
    ]
  },
  "last_update_date": "2023-12-18T12:44:31.794000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "http://www.gegridsolutions.com/index.htm"
      },
      {
        "title": "GE Multilin SR Relay Protector Unauthorized Access Vulnerability Patch",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/92971"
      },
      {
        "title": "Patches for multiple GE product weak password vulnerabilities",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/94150"
      },
      {
        "title": "Multiple GE Product security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=69825"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-05694"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-07261"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005682"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201705-173"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-326",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-330",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-522",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-310",
        "trust": 0.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-116108"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005682"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-7905"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.3,
        "url": "http://www.securityfocus.com/bid/98063"
      },
      {
        "trust": 2.3,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-117-01a"
      },
      {
        "trust": 0.9,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-117-01"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7905"
      },
      {
        "trust": 0.8,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-117-01b"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7905"
      },
      {
        "trust": 0.3,
        "url": "https://www.gegridsolutions.com/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-05694"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-07261"
      },
      {
        "db": "VULHUB",
        "id": "VHN-116108"
      },
      {
        "db": "BID",
        "id": "98063"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005682"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-7905"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201705-173"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "IVD",
        "id": "5dd457b7-da91-43e9-bbcf-14025ad4cf1c"
      },
      {
        "db": "IVD",
        "id": "d9b1473e-6988-4096-86db-42efea36309a"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-05694"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-07261"
      },
      {
        "db": "VULHUB",
        "id": "VHN-116108"
      },
      {
        "db": "BID",
        "id": "98063"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005682"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-7905"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201705-173"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-05-01T00:00:00",
        "db": "IVD",
        "id": "5dd457b7-da91-43e9-bbcf-14025ad4cf1c"
      },
      {
        "date": "2017-05-23T00:00:00",
        "db": "IVD",
        "id": "d9b1473e-6988-4096-86db-42efea36309a"
      },
      {
        "date": "2017-05-01T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-05694"
      },
      {
        "date": "2017-05-23T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-07261"
      },
      {
        "date": "2017-06-30T00:00:00",
        "db": "VULHUB",
        "id": "VHN-116108"
      },
      {
        "date": "2017-04-27T00:00:00",
        "db": "BID",
        "id": "98063"
      },
      {
        "date": "2017-08-03T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-005682"
      },
      {
        "date": "2017-06-30T03:29:00.890000",
        "db": "NVD",
        "id": "CVE-2017-7905"
      },
      {
        "date": "2017-04-27T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201705-173"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-05-01T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-05694"
      },
      {
        "date": "2017-05-23T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-07261"
      },
      {
        "date": "2019-10-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-116108"
      },
      {
        "date": "2017-05-02T00:11:00",
        "db": "BID",
        "id": "98063"
      },
      {
        "date": "2017-08-03T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-005682"
      },
      {
        "date": "2019-10-09T23:29:55.797000",
        "db": "NVD",
        "id": "CVE-2017-7905"
      },
      {
        "date": "2019-10-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201705-173"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201705-173"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "GE Multilin SR Relay Protector Unauthorized Access Vulnerability",
    "sources": [
      {
        "db": "IVD",
        "id": "5dd457b7-da91-43e9-bbcf-14025ad4cf1c"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-05694"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "encryption problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201705-173"
      }
    ],
    "trust": 0.6
  }
}

FKIE_CVE-2017-7905

Vulnerability from fkie_nvd - Published: 2017-06-30 03:29 - Updated: 2025-04-20 01:37

Severity ?

9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
ics-cert@hq.dhs.gov	http://www.securityfocus.com/bid/98063	Third Party Advisory, VDB Entry
ics-cert@hq.dhs.gov	https://ics-cert.us-cert.gov/advisories/ICSA-17-117-01A	Patch, Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/98063	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://ics-cert.us-cert.gov/advisories/ICSA-17-117-01A	Patch, Third Party Advisory, US Government Resource

Impacted products

Vendor	Product	Version
ge	multilin_sr_750_feeder_protection_relay_firmware	*
ge	multilin_sr_750_feeder_protection_relay	-
ge	multilin_sr_760_feeder_protection_relay_firmware	*
ge	multilin_sr_760_feeder_protection_relay	-
ge	multilin_sr_469_motor_protection_relay_firmware	*
ge	multilin_sr_469_motor_protection_relay	-
ge	multilin_sr_489_generator_protection_relay_firmware	*
ge	multilin_sr_489_generator_protection_relay	-
ge	multilin_sr_745_transformer_protection_relay_firmware	*
ge	multilin_sr_745_transformer_protection_relay	-
ge	multilin_sr_369_motor_protection_relay_firmware	-
ge	multilin_sr_369_motor_protection_relay	-
ge	multilin_universal_relay_firmware	*
ge	multilin_universal_relay	-
ge	multilin_urplus_d90_firmware	-
ge	multilin_urplus_d90	-
ge	multilin_urplus_c90_firmware	-
ge	multilin_urplus_c90	-
ge	multilin_urplus_b95_firmware	-
ge	multilin_urplus_b95	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ge:multilin_sr_750_feeder_protection_relay_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9CDB455-F6F8-4976-95D2-88D21720DE88",
              "versionEndIncluding": "5.02",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ge:multilin_sr_750_feeder_protection_relay:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E636C33-148B-4C26-96B3-CA0D1575C26D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ge:multilin_sr_760_feeder_protection_relay_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDE8714B-96AC-4A85-ADCC-D00F54803596",
              "versionEndIncluding": "5.02",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ge:multilin_sr_760_feeder_protection_relay:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "22504FF2-C1B7-406C-B253-ED7982A624D5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ge:multilin_sr_469_motor_protection_relay_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9928DE28-CE5A-4AC2-A956-D128764720BA",
              "versionEndIncluding": "2.90",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ge:multilin_sr_469_motor_protection_relay:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D6A23088-B5C4-4B0A-9E92-12946555C8A0",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ge:multilin_sr_489_generator_protection_relay_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8766AA67-18A8-4440-BED6-E6BBDF3EF78D",
              "versionEndIncluding": "1.53",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ge:multilin_sr_489_generator_protection_relay:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E899C89E-89EE-4FC1-809D-E6DB04989B28",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ge:multilin_sr_745_transformer_protection_relay_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F032369D-581E-4FCA-85CA-B932CB1E821D",
              "versionEndIncluding": "2.85",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ge:multilin_sr_745_transformer_protection_relay:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA36A160-426F-4911-9CF3-28E496AEDDB7",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ge:multilin_sr_369_motor_protection_relay_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "32F15979-2C0D-4DD6-BA35-C5300EEF752D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ge:multilin_sr_369_motor_protection_relay:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1CA749D2-FCF4-4936-84AA-EF317BB6DEEB",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ge:multilin_universal_relay_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C329C25F-D48E-4B39-8FDB-88CE14E1D285",
              "versionEndIncluding": "6.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ge:multilin_universal_relay:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "84392E96-D1C4-438C-ABA9-DE1384623D5A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ge:multilin_urplus_d90_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "36F9ACC9-EDE7-42E8-AF34-057EA862147D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ge:multilin_urplus_d90:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C697E8E-28F2-43F9-9B7D-0BF939B2F220",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ge:multilin_urplus_c90_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DBEF4ACF-7851-4EA2-B6E8-D60DB0BC660B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ge:multilin_urplus_c90:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E16FE6EA-BB44-4B73-BFA5-30E1ADF5D522",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ge:multilin_urplus_b95_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "11D188B6-4ADD-4FA6-9FF4-35B813911398",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ge:multilin_urplus_b95:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "93C57507-A23D-4DF7-9D9B-3531F2235132",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A Weak Cryptography for Passwords issue was discovered in General Electric (GE) Multilin SR 750 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 760 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 469 Motor Protection Relay, firmware versions prior to Version 5.23; SR 489 Generator Protection Relay, firmware versions prior to Version 4.06; SR 745 Transformer Protection Relay, firmware versions prior to Version 5.23; SR 369 Motor Protection Relay, all firmware versions; Multilin Universal Relay, firmware Version 6.0 and prior versions; and Multilin URplus (D90, C90, B95), all versions. Ciphertext versions of user passwords were created with a non-random initialization vector leaving them susceptible to dictionary attacks. Ciphertext of user passwords can be obtained from the front LCD panel of affected products and through issued Modbus commands."
    },
    {
      "lang": "es",
      "value": "Se ha descubierto un problema de criptograf\u00eda d\u00e9bil para contrase\u00f1as en General Electric (GE) Multilin SR 750 Feeder Protection Relay con versiones de firmware anteriores a la versi\u00f3n 7.47."
    }
  ],
  "id": "CVE-2017-7905",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-06-30T03:29:00.890",
  "references": [
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/98063"
    },
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Patch",
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-117-01A"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/98063"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-117-01A"
    }
  ],
  "sourceIdentifier": "ics-cert@hq.dhs.gov",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-261"
        }
      ],
      "source": "ics-cert@hq.dhs.gov",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-326"
        },
        {
          "lang": "en",
          "value": "CWE-330"
        },
        {
          "lang": "en",
          "value": "CWE-522"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-7905 (GCVE-0-2017-7905)

GHSA-J9FV-W27P-6G89

ICSA-17-117-01B

GSD-2017-7905

CNVD-2017-07261

VAR-201706-0659

FKIE_CVE-2017-7905

Tags

Sightings

Nomenclature