A Weak Cryptography for Passwords issue exists in General Electric (GE) Multilin SR 750 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 760 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 469 Motor Protection Relay, firmware versions prior to Version 5.23; SR 489 Generator Protection Relay, firmware versions prior to Version 4.06; SR 745 Transformer Protection Relay, firmware versions prior to Version 5.23; SR 369 Motor Protection Relay, all firmware versions; Multilin Universal Relay, firmware Version 6.0 and prior versions; and Multilin URplus (D90, C90, B95), all versions. Ciphertext versions of user passwords were created with a non-random initialization vector leaving them susceptible to dictionary attacks. Ciphertext of user passwords can be obtained from the front LCD panel of affected products and through issued Modbus commands.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
ge multilin_sr_750_feeder_protection_relay_firmware |
||
ge multilin_sr_760_feeder_protection_relay_firmware |
||
ge multilin_sr_469_motor_protection_relay_firmware |
||
ge multilin_sr_489_generator_protection_relay_firmware |
||
ge multilin_sr_745_transformer_protection_relay_firmware |
||
ge multilin_sr_369_motor_protection_relay_firmware - |
||
ge multilin_universal_relay_firmware |
||
ge multilin_urplus_d90_firmware - |
||
ge multilin_urplus_c90_firmware - |
||
ge multilin_urplus_b95_firmware - |
Vulmon