Security News > 2021 > March > Critical Flaws Affecting GE's Universal Relay Pose Threat to Electric Utilities

Critical Flaws Affecting GE's Universal Relay Pose Threat to Electric Utilities
2021-03-23 04:24

The U.S. Cybersecurity and Infrastructure Security Agency has warned of critical security shortcomings in GE's Universal Relay family of power management devices.

"Successful exploitation of these vulnerabilities could allow an attacker to access sensitive information, reboot the UR, gain privileged access, or cause a denial-of-service condition," the agency said in an advisory published on March 16.

GE's universal relays enable integrated monitoring and metering, high-speed communications, and offer simplified power management for the protection of critical assets.

The vulnerability is also rated 9.8 out of 10, making it a critical issue.

A second severe vulnerability relates to unused hard-coded credentials in the bootloader binary, which could be exploited by an attacker "With physical access to the UR can interrupt the boot sequence by rebooting the UR.".

Four other vulnerabilities involve two improper input validations and two flaws concerning exposure of sensitive information to unauthorized parties, thereby exposing the device to cross-site scripting attacks, permitting an attacker to access critical information without authentication, and even render the webserver unresponsive.


News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/jPOsIkgDITA/critical-flaws-affecting-ges-universal.html