A Weak Cryptography for Passwords issue was discovered in General Electric (GE) Multilin SR 750 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 760 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 469 Motor Protection Relay, firmware versions prior to Version 5.23; SR 489 Generator Protection Relay, firmware versions prior to Version 4.06; SR 745 Transformer Protection Relay, firmware versions prior to Version 5.23; SR 369 Motor Protection Relay, all firmware versions; Multilin Universal Relay, firmware Version 6.0 and prior versions; and Multilin URplus (D90, C90, B95), all versions. Ciphertext versions of user passwords were created with a non-random initialization vector leaving them susceptible to dictionary attacks. Ciphertext of user passwords can be obtained from the front LCD panel of affected products and through issued Modbus commands.
oryginał ENCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HGe Multilin Sr 369 Motor Protection Relay
HWGewszystkie wersjeGe Multilin Sr 369 Motor Protection Relay Firmware
OSGewszystkie wersjeGe Multilin Sr 469 Motor Protection Relay
HWGewszystkie wersjeGe Multilin Sr 469 Motor Protection Relay Firmware
OSGe≤ 2.90Ge Multilin Sr 489 Generator Protection Relay
HWGewszystkie wersjeGe Multilin Sr 489 Generator Protection Relay Firmware
OSGe≤ 1.53Ge Multilin Sr 745 Transformer Protection Relay
HWGewszystkie wersjeGe Multilin Sr 745 Transformer Protection Relay Firmware
OSGe≤ 2.85Ge Multilin Sr 750 Feeder Protection Relay
HWGewszystkie wersjeGe Multilin Sr 750 Feeder Protection Relay Firmware
OSGe≤ 5.02Ge Multilin Sr 760 Feeder Protection Relay
HWGewszystkie wersjeGe Multilin Sr 760 Feeder Protection Relay Firmware
OSGe≤ 5.02Ge Multilin Universal Relay
HWGewszystkie wersjeGe Multilin Universal Relay Firmware
OSGe≤ 6.0Ge Multilin Urplus B95
HWGewszystkie wersjeGe Multilin Urplus B95 Firmware
OSGewszystkie wersjeGe Multilin Urplus C90
HWGewszystkie wersjeGe Multilin Urplus C90 Firmware
OSGewszystkie wersjeGe Multilin Urplus D90
HWGewszystkie wersjeGe Multilin Urplus D90 Firmware
OSGewszystkie wersje
Powiązane podatności
Buffer overflow w KEPServerEX umożliwiający crash lub wyciek danych
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPS...
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPS...
The affected products are vulnerable to an integer overflow or wraparound, which could allow an attacker to ...
The affected products are vulnerable to an improper validation of array index, which could allow an attacker ...