CVE-2020-25197: GE Reason RT43X Clocks Code Injection
First published: Fri Mar 18 2022(Updated: )
A code injection vulnerability exists in one of the webpages in GE Reason RT430, RT431 & RT434 GNSS clocks in firmware versions prior to version 08A06 that could allow an authenticated remote attacker to execute arbitrary code on the system.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ge Rt430 Firmware | <08a06 | |
| Ge Rt430 | ||
| Ge Rt431 Firmware | <08a06 | |
| Ge Rt431 | ||
| Ge Rt434 Firmware | <08a06 | |
| Ge Rt434 | ||
| GE RT430, RT431 & RT434: All firmware versions prior to Version 08A06 |
Remedy
GE strongly recommends users of Reason RT43X products update their units to firmware Version 08A06 or greater to resolve these issues. The firmware update addresses both vulnerabilities as described in the Reason RT43X 08A06 Release Notes. Please see GE publication GES-2020-006 (login required) for more details on these issues.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-25197?
CVE-2020-25197 is a code injection vulnerability that exists in one of the webpages in GE Reason RT430, RT431 & RT434 GNSS clocks in firmware versions prior to version 08A06.
What is the severity of CVE-2020-25197?
CVE-2020-25197 has a severity rating of 8.8 (critical).
How can an attacker exploit CVE-2020-25197?
An authenticated remote attacker can exploit CVE-2020-25197 to execute arbitrary code on the system.
Which software versions are affected by CVE-2020-25197?
Firmware versions prior to 08A06 of GE Reason RT430, RT431 & RT434 GNSS clocks are affected by CVE-2020-25197.
Where can I find more information about CVE-2020-25197?
You can find more information about CVE-2020-25197 at the following references: [Reference 1](https://www.cisa.gov/uscert/ics/advisories/icsa-21-005-03), [Reference 2](https://www.gegridsolutions.com/app/DownloadFile.aspx?prod=RT430&type=21&file=5).
- collector/nvd-index
- agent/type
- agent/author
- agent/weakness
- agent/references
- agent/description
- collector/ics-cert-advisory
- source/ICS
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/severity
- agent/last-modified-date
- agent/title
- agent/tags
- agent/first-publish-date
- agent/event
- vendor/ge
- canonical/ge rt430 firmware
- canonical/ge rt430
- canonical/ge rt431 firmware
- canonical/ge rt431
- canonical/ge rt434 firmware
- canonical/ge rt434
- canonical/ge rt430, rt431 & rt434: all firmware versions prior to version 08a06