CVE-2017-7905
Published Jun 30, 2017
Last updated 5 years ago
Overview
- Description
- A Weak Cryptography for Passwords issue was discovered in General Electric (GE) Multilin SR 750 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 760 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 469 Motor Protection Relay, firmware versions prior to Version 5.23; SR 489 Generator Protection Relay, firmware versions prior to Version 4.06; SR 745 Transformer Protection Relay, firmware versions prior to Version 5.23; SR 369 Motor Protection Relay, all firmware versions; Multilin Universal Relay, firmware Version 6.0 and prior versions; and Multilin URplus (D90, C90, B95), all versions. Ciphertext versions of user passwords were created with a non-random initialization vector leaving them susceptible to dictionary attacks. Ciphertext of user passwords can be obtained from the front LCD panel of affected products and through issued Modbus commands.
- Source
- ics-cert@hq.dhs.gov
- NVD status
- Modified
Risk scores
CVSS 3.0
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:N/A:N
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ge:multilin_sr_750_feeder_protection_relay_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F9CDB455-F6F8-4976-95D2-88D21720DE88",
"versionEndIncluding": "5.02"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ge:multilin_sr_750_feeder_protection_relay:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "6E636C33-148B-4C26-96B3-CA0D1575C26D"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ge:multilin_sr_760_feeder_protection_relay_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FDE8714B-96AC-4A85-ADCC-D00F54803596",
"versionEndIncluding": "5.02"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ge:multilin_sr_760_feeder_protection_relay:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "22504FF2-C1B7-406C-B253-ED7982A624D5"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ge:multilin_sr_469_motor_protection_relay_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9928DE28-CE5A-4AC2-A956-D128764720BA",
"versionEndIncluding": "2.90"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ge:multilin_sr_469_motor_protection_relay:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "D6A23088-B5C4-4B0A-9E92-12946555C8A0"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ge:multilin_sr_489_generator_protection_relay_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8766AA67-18A8-4440-BED6-E6BBDF3EF78D",
"versionEndIncluding": "1.53"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ge:multilin_sr_489_generator_protection_relay:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "E899C89E-89EE-4FC1-809D-E6DB04989B28"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ge:multilin_sr_745_transformer_protection_relay_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F032369D-581E-4FCA-85CA-B932CB1E821D",
"versionEndIncluding": "2.85"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ge:multilin_sr_745_transformer_protection_relay:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "DA36A160-426F-4911-9CF3-28E496AEDDB7"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ge:multilin_sr_369_motor_protection_relay_firmware:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "32F15979-2C0D-4DD6-BA35-C5300EEF752D"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ge:multilin_sr_369_motor_protection_relay:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "1CA749D2-FCF4-4936-84AA-EF317BB6DEEB"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ge:multilin_universal_relay_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C329C25F-D48E-4B39-8FDB-88CE14E1D285",
"versionEndIncluding": "6.0"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ge:multilin_universal_relay:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "84392E96-D1C4-438C-ABA9-DE1384623D5A"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ge:multilin_urplus_d90_firmware:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "36F9ACC9-EDE7-42E8-AF34-057EA862147D"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ge:multilin_urplus_d90:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "3C697E8E-28F2-43F9-9B7D-0BF939B2F220"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ge:multilin_urplus_c90_firmware:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DBEF4ACF-7851-4EA2-B6E8-D60DB0BC660B"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ge:multilin_urplus_c90:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "E16FE6EA-BB44-4B73-BFA5-30E1ADF5D522"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ge:multilin_urplus_b95_firmware:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "11D188B6-4ADD-4FA6-9FF4-35B813911398"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ge:multilin_urplus_b95:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "93C57507-A23D-4DF7-9D9B-3531F2235132"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]