Security News > 2021 > March > CISA Warns of Security Flaws in GE Power Management Devices
The U.S. Cybersecurity & Infrastructure Security Agency is warning of critical-severity security flaws in GE's Universal Relay family of power management devices.
GE's UR devices are the "Basis of simplified power management for the protection of critical assets," according to the company.
These are computing devices that allow users to control the amount of electrical power consumed by various device.
The UR devices allow the underlying devices to switch into various power modes.
According to an IBM security alert, an affected GE UR family could allow a remote attacker to bypass security restrictions, stemming from insecure default variable initialization in the UR Intelligent Electronic Device component.
SCADA-X, DOE's Cyber Testing for Resilient Industrial Control Systems program, Verve Industrial, and VuMetric reported these flaws to GE. However, after public disclosure of the flaws last week CISA is now urging end users to update their UR devices.
News URL
https://threatpost.com/cisa-security-flaws-ge-power-management/164961/