The vulnerability of GE Vernova Intelligent Electronic Devices (IEDs) of the Universal Relay (UR) series, which stems from insufficient verification of data authenticity, allows intruders to circumvent existing security restrictions.

The vulnerability of GE Vernova Intelligent Electronic Devices IEDs from the UR series is related to insufficient verification of data authenticity. Exploiting this vulnerability can allow unauthorized actors to circumvent existing security restrictions remotely...

The vulnerability of the software for configuring and setting up Universal Relay (UR) devices from GE Vernova Enervista UR Setup lies in the authentication procedures’ deficiencies, which allow attackers to influence the integrity of the protected information.

The vulnerability of the software for configuring and setting up devices of the Universal Relay UR series from GE Vernova Enervista UR Setup is related to deficiencies in the authentication process. Exploiting this vulnerability could allow attackers to compromise the integrity of the protected...

The vulnerability of the software for configuring and setting up devices of the UR series from GE Vernova Enervista UR Setup lies in the use of rigidly encrypted credentials. This allows a malicious individual to influence the integrity of the protected information.

The vulnerability of the software for configuring and setting up devices of the Universal Relay UR series from GE Vernova Enervista UR Setup lies in the use of rigidly encrypted credentials. Exploiting this vulnerability could allow an attacker to influence the integrity of the protected...

The vulnerability of the software for configuring and setting up devices of the Universal Relay (UR) series, GE Vernova Enervista UR Setup, stems from the lack of authenticity verification for a critical function. This allows attackers to carry out “man-in-the-middle” type attacks.

The vulnerability of the software for configuring and setting up Universal Relay UR devices from GE Vernova Enervista UR Setup is related to the lack of authenticity verification for a critical function. Exploiting this vulnerability allows an attacker who operates remotely to carry out...

Critical Flaws Affecting GE's Universal Relay Pose Threat to Electric Utilities

The U.S. Cybersecurity and Infrastructure Security Agency CISA has warned of critical security shortcomings in GE's Universal Relay UR family of power management devices. "Successful exploitation of these vulnerabilities could allow an attacker to access sensitive information, reboot the UR, gain...

Critical Flaws Affecting GE's Universal Relay Pose Threat to Electric Utilities

The U.S. Cybersecurity and Infrastructure Security Agency CISA has warned of critical security shortcomings in GE's Universal Relay UR family of power management devices. "Successful exploitation of these vulnerabilities could allow an attacker to access sensitive information, reboot the UR, gain...

CVE-2017-7905

A Weak Cryptography for Passwords issue was discovered in General Electric GE Multilin SR 750 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 760 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 469 Motor Protection Relay, firmware versions prior to Versio...

CVE-2017-7905

The CVE covers a weakness in cryptographic handling of passwords in GE Multilin protection relays (SR series, UR/URPlus). A non-random initialization vector was used for ciphertext passwords, making them vulnerable to dictionary attacks. Password ciphertext could be obtained from the front LCD or...