Security News > 2021 > March > CISA Warns of Security Flaws in GE Power Management Devices

CISA Warns of Security Flaws in GE Power Management Devices
2021-03-22 20:39

The U.S. Cybersecurity & Infrastructure Security Agency is warning of critical-severity security flaws in GE's Universal Relay family of power management devices.

GE's UR devices are the "Basis of simplified power management for the protection of critical assets," according to the company.

These are computing devices that allow users to control the amount of electrical power consumed by various device.

The UR devices allow the underlying devices to switch into various power modes.

According to an IBM security alert, an affected GE UR family could allow a remote attacker to bypass security restrictions, stemming from insecure default variable initialization in the UR Intelligent Electronic Device component.

SCADA-X, DOE's Cyber Testing for Resilient Industrial Control Systems program, Verve Industrial, and VuMetric reported these flaws to GE. However, after public disclosure of the flaws last week CISA is now urging end users to update their UR devices.


News URL

https://threatpost.com/cisa-security-flaws-ge-power-management/164961/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
GE 164 5 45 37 34 121