V
Scaner-VS
HomeCatalogSourcesCWECAPECATT&CKMitigationsProductsVendorsDocs
CVE-2017-7905
CVE
Critical

A Weak Cryptography for Passwords issue was discovered in General Electric (GE) Multilin SR 750 Feeder Protection Relay, firmware versions …

CVSS
9.8
Critical
EPSS
0.01
p66
Published
2017-01-01
Updated
2017-01-01
Description

A Weak Cryptography for Passwords issue was discovered in General Electric (GE) Multilin SR 750 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 760 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 469 Motor Protection Relay, firmware versions prior to Version 5.23; SR 489 Generator Protection Relay, firmware versions prior to Version 4.06; SR 745 Transformer Protection Relay, firmware versions prior to Version 5.23; SR 369 Motor Protection Relay, all firmware versions; Multilin Universal Relay, firmware Version 6.0 and prior versions; and Multilin URplus (D90, C90, B95), all versions. Ciphertext versions of user passwords were created with a non-random initialization vector leaving them susceptible to dictionary attacks. Ciphertext of user passwords can be obtained from the front LCD panel of affected products and through issued Modbus commands.

Tags · CWE
Pre-auth
CWE-261
CAPEC-55
Affected products
Multilin_sr_369_motor_protection_relay_firmwareMultilin_sr_469_motor_protection_relay_firmwareMultilin_sr_489_generator_protection_relay_firmwareMultilin_sr_745_transformer_protection_relay_firmwareMultilin_sr_750_feeder_protection_relay_firmwareMultilin_sr_760_feeder_protection_relay_firmwareMultilin_universal_relay_firmwareMultilin_urplus_b95_firmwareMultilin_urplus_c90_firmwareMultilin_urplus_d90_firmware
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Timeline
2017-01-01
Published
2017-01-01
Updated
CVSS 3.1 breakdown
Attack Vector
AV: N
Network (N)
Attack Complexity
AC: L
Low (L)
Privileges Required
PR: N
None (N)
User Interaction
UI: N
None (N)
Scope
S: U
Unchanged (U)
Confidentiality Impact
C: H
High (H)
Integrity Impact
I: H
High (H)
Availability Impact
A: H
High (H)
Exploit indicators
EPSS
0.013 · p66
Known exploited (KEV)
No
MITRE ATT&CK
Inferred via CAPEC
└ via CAPEC-55 · CWE-261
Known exploits — Сканер-ВС
No Сканер-ВС checks registered for this vulnerability yet.
Affected products
ProductVendorStatus
multilin_sr_369_motor_protection_relay_firmware*Tracked
multilin_sr_469_motor_protection_relay_firmware*Tracked
multilin_sr_489_generator_protection_relay_firmware*Tracked
multilin_sr_745_transformer_protection_relay_firmware*Tracked
multilin_sr_750_feeder_protection_relay_firmware*Tracked
multilin_sr_760_feeder_protection_relay_firmware*Tracked
multilin_universal_relay_firmware*Tracked
multilin_urplus_b95_firmware*Tracked
multilin_urplus_c90_firmware*Tracked
multilin_urplus_d90_firmware*Tracked
Source databases
CVE