Security News > 2021 > March > Here's How Security Flaws in GE Relays Could Be Exploited in Real World Attacks
Advisories published this week by the U.S. Cybersecurity and Infrastructure Security Agency and GE Grid Solutions inform customers that more than a dozen UR protection and control relays are impacted by a series of vulnerabilities to which 10 different CVE identifiers have been assigned.
The vendor has released firmware updates that should patch the vulnerabilities.
Ron Brash, director of cyber security insights at ICS management and cybersecurity provider Verve Industrial Protection, told SecurityWeek that he has identified two or possibly three of the vulnerabilities - he says it's difficult to say exactly due to multiple disclosures and some likely overlap.
Learn more about vulnerabilities in industrial systems at SecurityWeek's ICS Cyber Security Conference and SecurityWeek's Security Summits virtual event series.
Contacted by SecurityWeek, GE said it's currently not aware of any attacks exploiting these vulnerabilities.
"GE was made aware of vulnerabilities related to GE's Grid Solutions' Universal Relay family products and immediately worked to assess any potential impact and remediate the reported vulnerabilities. GE's UR firmware Version 8.10 and greater resolve the identified vulnerabilities, and we encourage our customers to visit the Grid Solutions customer portal and/or the CISA Advisory for additional information and mitigation recommendations," said a GE spokesperson.