GE Multilin UR / URPlus / B95Plus Protection Relay Cryptographic Algorithm Weakness Information Disclosure (UR-2017-0001)

Medium Nessus Plugin ID 100462

Synopsis

The firmware installed on the remote GE Multilin UR, URPlus, or B95Plus protection relay device is affected by an information disclosure vulnerability.

Description

The firmware version installed on the remote GE Multilin UR, URPlus, or B95Plus protection relay device is affected by an information disclosure vulnerability due to cipher texts using non-random initialization vectors. An unauthenticated, remote attacker can exploit this, by conducting a dictionary attack, to disclose user passwords.

Solution

Upgrade the firmware on the GE Multilin device :

- UR : 5.83 / 5.92 / 6.02 or later
- URPlus : 1.86 / 1.92 or later
- B95Plus : 1.0.3 or later

See Also

https://ics-cert.us-cert.gov/advisories/ICSA-17-117-01A

http://www.nessus.org/u?f1207203

http://www.nessus.org/u?eacc84fc

Plugin Details

Severity: Medium

ID: 100462

File Name: scada_ge_multilin_protection_relay_UR-2017-0001.nbin

Version: $Revision: 1.10 $

Type: remote

Family: SCADA

Published: 2017/05/26

Modified: 2018/05/21

Dependencies: 100463

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSSv3

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Vulnerability Information

CPE: x-cpe:/h:ge:multilin_ur, x-cpe:/h:ge:multilin_urplus, x-cpe:/h:ge:multilin_b95plus, x-cpe:/h:ge:multilin_universal_relay

Patch Publication Date: 2017/04/27

Vulnerability Publication Date: 2017/04/27

Reference Information

CVE: CVE-2017-7905

BID: 98063

IAVA: 2017-A-0158

ICSA: 17-117-01A