V
Scaner-VS
ENRU
HomeCatalogSourcesCWECAPECATT&CKMitigationsProductsVendorsDocs
Back to catalog
CVE-2017-7905
CVE
Critical

A Weak Cryptography for Passwords issue was discovered in General Electric (GE) Multilin SR 750 Feeder Protection Relay, firmware versions …

CVSS
9.8
Critical
EPSS
0.01
p66
Published
2017-01-01
Updated
2017-01-01
Description

A Weak Cryptography for Passwords issue was discovered in General Electric (GE) Multilin SR 750 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 760 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 469 Motor Protection Relay, firmware versions prior to Version 5.23; SR 489 Generator Protection Relay, firmware versions prior to Version 4.06; SR 745 Transformer Protection Relay, firmware versions prior to Version 5.23; SR 369 Motor Protection Relay, all firmware versions; Multilin Universal Relay, firmware Version 6.0 and prior versions; and Multilin URplus (D90, C90, B95), all versions. Ciphertext versions of user passwords were created with a non-random initialization vector leaving them susceptible to dictionary attacks. Ciphertext of user passwords can be obtained from the front LCD panel of affected products and through issued Modbus commands.

Tags · CWE
Pre-auth
CWE-261
CAPEC-55
Affected products
Multilin_sr_369_motor_protection_relay_firmwareMultilin_sr_469_motor_protection_relay_firmwareMultilin_sr_489_generator_protection_relay_firmwareMultilin_sr_745_transformer_protection_relay_firmwareMultilin_sr_750_feeder_protection_relay_firmwareMultilin_sr_760_feeder_protection_relay_firmwareMultilin_universal_relay_firmwareMultilin_urplus_b95_firmwareMultilin_urplus_c90_firmwareMultilin_urplus_d90_firmware
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Timeline
2017-01-01
Published
2017-01-01
Updated
CVSS 3.1 breakdown
Attack Vector
AV: N
Network (N)
Attack Complexity
AC: L
Low (L)
Privileges Required
PR: N
None (N)
User Interaction
UI: N
None (N)
Scope
S: U
Unchanged (U)
Confidentiality Impact
C: H
High (H)
Integrity Impact
I: H
High (H)
Availability Impact
A: H
High (H)
Exploit indicators
EPSS
0.013 · p66
Known exploited (KEV)
No
MITRE ATT&CK
Inferred via CAPEC
└ via CAPEC-55 · CWE-261
Known exploits — Сканер-ВС
No Сканер-ВС checks registered for this vulnerability yet.
Affected products
Ge
Multilin Sr 369 Motor Protection RelayMultilin Sr 369 Motor Protection Relay FirmwareMultilin Sr 469 Motor Protection RelayMultilin Sr 469 Motor Protection Relay FirmwareMultilin Sr 489 Generator Protection RelayMultilin Sr 489 Generator Protection Relay FirmwareMultilin Sr 745 Transformer Protection RelayMultilin Sr 745 Transformer Protection Relay FirmwareMultilin Sr 750 Feeder Protection RelayMultilin Sr 750 Feeder Protection Relay Firmware+10
ProductVendorStatus
multilin_sr_369_motor_protection_relay_firmware*Tracked
multilin_sr_469_motor_protection_relay_firmware*Tracked
multilin_sr_489_generator_protection_relay_firmware*Tracked
multilin_sr_745_transformer_protection_relay_firmware*Tracked
multilin_sr_750_feeder_protection_relay_firmware*Tracked
multilin_sr_760_feeder_protection_relay_firmware*Tracked
multilin_universal_relay_firmware*Tracked
multilin_urplus_b95_firmware*Tracked
multilin_urplus_c90_firmware*Tracked
multilin_urplus_d90_firmware*Tracked
Source databases
CVE