CISA is warning of vulnerabilities in GE Power Management Devices
Latest in cybersecurity.
U.S. Cybersecurity & Infrastructure Security Agency (CISA) warns of flaws in GE Power Management Devices that could allow an attacker to conduct multiple malicious activities on vulnerable systems.
U.S. Cybersecurity & Infrastructure Security Agency (CISA) warns of vulnerabilities in GE Power Management Devices that could be exploited by an attacker to conduct multiple malicious activities on systems belonging to the Universal Relay (UR) family.
The flaws could be exploited to access sensitive information, reboot the device, trigger a denial-of-service condition, and gain privileged access.
The types of vulnerabilities affecting the devices are Inadequate Encryption Strength, Session Fixation, Exposure of Sensitive Information to an Unauthorized Actor, Improper Input Validation, Unrestricted Upload of File with Dangerous Type, Insecure Default Variable Initialization, Use of Hard-coded Credentials.
“Successful exploitation of these vulnerabilities could allow an attacker to access sensitive information, reboot the UR, gain privileged access, or cause a denial-of-service condition.” reads the alert published by CISA.
GE’s UR devices are used to control and protect the power consumption of various devices. Affected UR families are B30, B90, C30, C60, C70, C95, D30, D60, F35, F60, G30, G60, L30, L60, L90, M60, N60, T35, T60. The vendor released security updates for all these devices and urges customers to update their installs, it also released mitigations to address the flaws.
“GE strongly recommends users with impacted firmware versions update their UR devices to UR firmware Version 8.10, or greater to resolve these vulnerabilities. GE provides additional mitigations and information about these vulnerabilities in GE Publication Number: GES-2021-004 (login required).” continues the alert.
via Security Affairs https://ift.tt/2ISWpiN
March 23, 2021 at 06:10AM