CRITICAL🇬🇧 English

CVE-2017-7905

CVSS 9.8v3.0pub. 2017-06-30upd. 2026-05-13

A Weak Cryptography for Passwords issue was discovered in General Electric (GE) Multilin SR 750 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 760 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 469 Motor Protection Relay, firmware versions prior to Version 5.23; SR 489 Generator Protection Relay, firmware versions prior to Version 4.06; SR 745 Transformer Protection Relay, firmware versions prior to Version 5.23; SR 369 Motor Protection Relay, all firmware versions; Multilin Universal Relay, firmware Version 6.0 and prior versions; and Multilin URplus (D90, C90, B95), all versions. Ciphertext versions of user passwords were created with a non-random initialization vector leaving them susceptible to dictionary attacks. Ciphertext of user passwords can be obtained from the front LCD panel of affected products and through issued Modbus commands.

oryginał EN
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Ge Multilin Sr 369 Motor Protection Relay

    HW
    Ge
    wszystkie wersje
  • Ge Multilin Sr 369 Motor Protection Relay Firmware

    OS
    Ge
    wszystkie wersje
  • Ge Multilin Sr 469 Motor Protection Relay

    HW
    Ge
    wszystkie wersje
  • Ge Multilin Sr 469 Motor Protection Relay Firmware

    OS
    Ge
    ≤ 2.90
  • Ge Multilin Sr 489 Generator Protection Relay

    HW
    Ge
    wszystkie wersje
  • Ge Multilin Sr 489 Generator Protection Relay Firmware

    OS
    Ge
    ≤ 1.53
  • Ge Multilin Sr 745 Transformer Protection Relay

    HW
    Ge
    wszystkie wersje
  • Ge Multilin Sr 745 Transformer Protection Relay Firmware

    OS
    Ge
    ≤ 2.85
  • Ge Multilin Sr 750 Feeder Protection Relay

    HW
    Ge
    wszystkie wersje
  • Ge Multilin Sr 750 Feeder Protection Relay Firmware

    OS
    Ge
    ≤ 5.02
  • Ge Multilin Sr 760 Feeder Protection Relay

    HW
    Ge
    wszystkie wersje
  • Ge Multilin Sr 760 Feeder Protection Relay Firmware

    OS
    Ge
    ≤ 5.02
  • Ge Multilin Universal Relay

    HW
    Ge
    wszystkie wersje
  • Ge Multilin Universal Relay Firmware

    OS
    Ge
    ≤ 6.0
  • Ge Multilin Urplus B95

    HW
    Ge
    wszystkie wersje
  • Ge Multilin Urplus B95 Firmware

    OS
    Ge
    wszystkie wersje
  • Ge Multilin Urplus C90

    HW
    Ge
    wszystkie wersje
  • Ge Multilin Urplus C90 Firmware

    OS
    Ge
    wszystkie wersje
  • Ge Multilin Urplus D90

    HW
    Ge
    wszystkie wersje
  • Ge Multilin Urplus D90 Firmware

    OS
    Ge
    wszystkie wersje
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2023-5908CRITICAL9.1PL ✓ten sam vendor

Buffer overflow w KEPServerEX umożliwiający crash lub wyciek danych

CVE-2022-2848CRITICAL9.1ten sam vendor

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPS...

CVE-2022-2825CRITICAL9.8ten sam vendor

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPS...

CVE-2023-0754CRITICAL9.8ten sam vendor

The affected products are vulnerable to an integer overflow or wraparound, which could  allow an attacker to ...

CVE-2023-0755CRITICAL9.8ten sam vendor

The affected products are vulnerable to an improper validation of array index, which could allow an attacker ...