CVE-2017-7905: Weak Encryption
First published: Fri Jun 30 2017(Updated: )
A Weak Cryptography for Passwords issue was discovered in General Electric (GE) Multilin SR 750 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 760 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 469 Motor Protection Relay, firmware versions prior to Version 5.23; SR 489 Generator Protection Relay, firmware versions prior to Version 4.06; SR 745 Transformer Protection Relay, firmware versions prior to Version 5.23; SR 369 Motor Protection Relay, all firmware versions; Multilin Universal Relay, firmware Version 6.0 and prior versions; and Multilin URplus (D90, C90, B95), all versions. Ciphertext versions of user passwords were created with a non-random initialization vector leaving them susceptible to dictionary attacks. Ciphertext of user passwords can be obtained from the front LCD panel of affected products and through issued Modbus commands.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ge Multilin Sr 750 Feeder Protection Relay Firmware | <=5.02 | |
| Ge Multilin Sr 750 Feeder Protection Relay | ||
| Ge Multilin Sr 760 Feeder Protection Relay Firmware | <=5.02 | |
| Ge Multilin Sr 760 Feeder Protection Relay | ||
| Ge Multilin Sr 469 Motor Protection Relay Firmware | <=2.90 | |
| Ge Multilin Sr 469 Motor Protection Relay | ||
| Ge Multilin Sr 489 Generator Protection Relay Firmware | <=1.53 | |
| Ge Multilin Sr 489 Generator Protection Relay | ||
| Ge Multilin Sr 745 Transformer Protection Relay Firmware | <=2.85 | |
| Ge Multilin Sr 745 Transformer Protection Relay | ||
| Ge Multilin Sr 369 Motor Protection Relay Firmware | ||
| Ge Multilin Sr 369 Motor Protection Relay | ||
| Ge Multilin Universal Relay Firmware | <=6.0 | |
| Ge Multilin Universal Relay | ||
| Ge Multilin Urplus D90 Firmware | ||
| Ge Multilin Urplus D90 | ||
| Ge Multilin Urplus C90 Firmware | ||
| Ge Multilin Urplus C90 | ||
| Ge Multilin Urplus B95 Firmware | ||
| Ge Multilin Urplus B95 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- agent/author
- agent/references
- agent/severity
- agent/weakness
- agent/type
- agent/description
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/remedy
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/ge
- canonical/ge multilin sr 750 feeder protection relay firmware
- version/ge multilin sr 750 feeder protection relay firmware/5.02
- canonical/ge multilin sr 750 feeder protection relay
- canonical/ge multilin sr 760 feeder protection relay firmware
- version/ge multilin sr 760 feeder protection relay firmware/5.02
- canonical/ge multilin sr 760 feeder protection relay
- canonical/ge multilin sr 469 motor protection relay firmware
- version/ge multilin sr 469 motor protection relay firmware/2.90
- canonical/ge multilin sr 469 motor protection relay
- canonical/ge multilin sr 489 generator protection relay firmware
- version/ge multilin sr 489 generator protection relay firmware/1.53
- canonical/ge multilin sr 489 generator protection relay
- canonical/ge multilin sr 745 transformer protection relay firmware
- version/ge multilin sr 745 transformer protection relay firmware/2.85
- canonical/ge multilin sr 745 transformer protection relay
- canonical/ge multilin sr 369 motor protection relay firmware
- canonical/ge multilin sr 369 motor protection relay
- canonical/ge multilin universal relay firmware
- version/ge multilin universal relay firmware/6.0
- canonical/ge multilin universal relay
- canonical/ge multilin urplus d90 firmware
- canonical/ge multilin urplus d90
- canonical/ge multilin urplus c90 firmware
- canonical/ge multilin urplus c90
- canonical/ge multilin urplus b95 firmware
- canonical/ge multilin urplus b95