critical
9.8
CWE
261 326 330 522
Advisory Published
Updated

CVE-2017-7905: Weak Encryption

First published: Fri Jun 30 2017(Updated: )

A Weak Cryptography for Passwords issue was discovered in General Electric (GE) Multilin SR 750 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 760 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 469 Motor Protection Relay, firmware versions prior to Version 5.23; SR 489 Generator Protection Relay, firmware versions prior to Version 4.06; SR 745 Transformer Protection Relay, firmware versions prior to Version 5.23; SR 369 Motor Protection Relay, all firmware versions; Multilin Universal Relay, firmware Version 6.0 and prior versions; and Multilin URplus (D90, C90, B95), all versions. Ciphertext versions of user passwords were created with a non-random initialization vector leaving them susceptible to dictionary attacks. Ciphertext of user passwords can be obtained from the front LCD panel of affected products and through issued Modbus commands.

Credit: ics-cert@hq.dhs.gov

Affected SoftwareAffected VersionHow to fix
Ge Multilin Sr 750 Feeder Protection Relay Firmware<=5.02
Ge Multilin SR 750 Feeder Protection Relay
GE Multilin SR 760 Feeder Protection Relay Firmware<=5.02
GE Multilin SR 760 Feeder Protection Relay Firmware
Ge Multilin Sr 469 Motor Protection Relay<=2.90
Ge Multilin SR 469 Motor Protection Relay Firmware
Ge Multilin SR 489 Generator Protection Relay<=1.53
Ge Multilin SR 489 Generator Protection Relay
GE Multilin SR 745 Transformer Protection Relay Firmware<=2.85
GE Multilin SR 745 Transformer Protection Relay Firmware
Ge Multilin Sr 369 Motor Protection Relay
Ge Multilin Sr 369 Motor Protection Relay Firmware
Ge Multilin Universal Relay Firmware<=6.0
GE Multilin Universal Relay
Ge Multilin Urplus D90
Ge Multilin Urplus D90 Firmware
Ge Multilin Urplus C90
Ge Multilin Urplus C90 Firmware
Ge Multilin Urplus B95 Firmware
Ge Multilin Urplus B95 Firmware

Remedy

https://ics-cert.us-cert.gov/advisories/ICSA-17-117-01A

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2017-7905?

    CVE-2017-7905 has a medium severity rating due to its weak cryptography for passwords in affected GE relay firmware.

  • How do I fix CVE-2017-7905?

    To fix CVE-2017-7905, users should upgrade to firmware version 7.47 or later for affected GE Multilin devices.

  • Which GE devices are affected by CVE-2017-7905?

    CVE-2017-7905 affects GE Multilin SR 750, SR 760, SR 469, SR 489, SR 745, and other specific protection relay firmware versions before specified updates.

  • What is the impact of CVE-2017-7905?

    The impact of CVE-2017-7905 includes potential unauthorized access to system components due to weak password encryption.

  • Is CVE-2017-7905 related to any known exploits?

    As of now, there are no public reports of exploits utilizing CVE-2017-7905, but the vulnerability poses a security risk that should be addressed.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203