GE Multilin UR Family Inadequate Encryption Strength (CVE-2013-2566)

Prior to UR firmware Version 8.1x, UR supported various encryption and MAC algorithms for SSH communication, some of which are weak. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc...

GE UR family Exposure of Sensitive Information to an Unauthorized Actor (CVE-2021-27424)

GE UR firmware versions prior to version 8.1x shares MODBUS memory map as part of the communications guide. GE was made aware a Last-key pressed MODBUS register can be used to gain unauthorized information. This plugin only works with Tenable.ot. Please visit...

GE UR family Insecure Default Variable Initialization (CVE-2021-27426)

GE UR IED firmware versions prior to version 8.1x with Basic security variant does not allow the disabling of the Factory Mode, which is used for servicing the IED by a Factory user. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...

GE Multilin UR Family Inadequate Encryption Strength (CVE-2016-2183)

Prior to UR firmware Version 8.1x, UR supported various encryption and MAC algorithms for SSH communication, some of which are weak. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc...

GE UR family Improper Input Validation (CVE-2021-27420)

GE UR firmware versions prior to version 8.1x web server task does not properly handle receipt of unsupported HTTP verbs, resulting in the web server becoming temporarily unresponsive after receiving a series of unsupported HTTP requests. When unresponsive, the web server is inaccessible. By...

GE UR family Improper Input Validation (CVE-2021-27418)

GE UR firmware versions prior to version 8.1x supports web interface with read-only access. The device fails to properly validate user input, making it possible to perform cross-site scripting attacks, which may be used to send a malicious script. Also, UR Firmware web server does not perform HTM...

GE UR family Exposure of Sensitive Information to an Unauthorized Actor (CVE-2021-27422)

GE UR firmware versions prior to version 8.1x web server interface is supported on UR over HTTP protocol. It allows sensitive information exposure without authentication. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information...

GE UR family Unrestricted Upload of File with Dangerous Type (CVE-2021-27428)

GE UR IED firmware versions prior to version 8.1x supports upgrading firmware using UR Setup configuration tool Enervista UR Setup. This UR Setup tool validates the authenticity and integrity of firmware file before uploading the UR IED. An illegitimate user could upgrade firmware without...

Command injection

A Weak Cryptography for Passwords issue was discovered in General Electric GE Multilin SR 750 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 760 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 469 Motor Protection Relay, firmware versions prior to Versio...

CVE-2017-7905

A Weak Cryptography for Passwords issue was discovered in General Electric GE Multilin SR 750 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 760 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 469 Motor Protection Relay, firmware versions prior to Versio...

CVE-2017-7905

A Weak Cryptography for Passwords issue was discovered in General Electric GE Multilin SR 750 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 760 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 469 Motor Protection Relay, firmware versions prior to Versio...

CVE-2017-7905

The CVE covers a weakness in cryptographic handling of passwords in GE Multilin protection relays (SR series, UR/URPlus). A non-random initialization vector was used for ciphertext passwords, making them vulnerable to dictionary attacks. Password ciphertext could be obtained from the front LCD or...

GE Multilin UR / URPlus / B95Plus Relay Web Interface Detection

Binary data scadagemultilinprotectionrelaywebdetect.nbin...

GE Multilin UR / URPlus / B95Plus Protection Relay Cryptographic Algorithm Weakness Information Disclosure (UR-2017-0001)

Binary data scadagemultilinprotectionrelayUR-2017-0001.nbin...

GE Multilin SR Relay Unauthorized Access Vulnerability

The 750 Feeder/760 Feeder/469 Motor/489 Generator/745 Transformer/369 Motor are all a GE relay. An unauthorized access vulnerability exists in the GE Multilin SR relays, which could allow an attacker to gain unauthorized access to the GE MultilinSR series of relay products by brute-force cracking...

GE Multilin SR Protective Relays

CVSS v3 8.1 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: GE Equipment: Multilin SR Protective Relays Vulnerabilities: Weak Cryptography for Passwords AFFECTED PRODUCTS The following versions of Multilin SR protective relays are affected: 750 Feeder Protection Relay, firmwar...

GE Multilin SR, UR, and URplus Protective Relays (Update B)

CVSS v3 8.1 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: GE Equipment: Multilin SR, UR, and URplus Protective Relays Vulnerabilities: Weak Cryptography for Passwords UPDATED INFORMATION This updated advisory is a follow-up to the updated advisory titled ICSA-17-117-01A GE...

GE Multilin SR, UR, and URplus Protective Relays (Update A)

CVSS v3 8.1 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: GE Equipment: Multilin SR, UR, and URplus Protective Relays Vulnerabilities: Weak Cryptography for Passwords UPDATED INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-17-117-01 GE...

GE Multilin N60 Universal Relay Web Management UI Version Detection

Binary data 9493.prm...