Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Protection

Critical Flaw in GE Protection Relays Exposes Power Grid: Researchers

A critical vulnerability that affects some of GE’s protection relays poses a serious threat to the power grid, researchers have claimed. The vendor has started releasing patches for the security hole.

A critical vulnerability that affects some of GE’s protection relays poses a serious threat to the power grid, researchers have claimed. The vendor has started releasing patches for the security hole.

A team of researchers from New York University said they identified a severe flaw in some of GE’s Multilin SR protection relays, which are widely deployed in the energy sector. The experts will detail and demonstrate an exploit at the upcoming Black Hat conference in Las Vegas, but they have shared some information on their findings.

“Essentially, we completely broke the home brew encryption algorithm used by these protection and management devices to authenticate users and allow privileged operations,” the experts wrote in their abstract for the conference. “Knowledge of the passcode enables an attacker to completely pwn the device and disconnect sectors of the power grid at will, locking operators out to prolong the attack.”

In an advisory published on Thursday, ICS-CERT said the remotely exploitable vulnerability, tracked as CVE-2017-7905, is related to the use of non-random initialization vectors when encrypting passwords, which exposes them to dictionary attacks.

An attacker who can obtain the password — either from the front LCD panel or via Modbus commands — can hijack the affected device.

ICS-CERT reported that the flaw affects the 750 and 760 Feeder Protection Systems, 369 and 469 Motor Protection Relays, 745 Transformer Protection Relays, and 489 Generator Protection Relays.

GE has already released firmware updates that address the vulnerability for most of these devices, except for 369 Motor Protection Relays, for which patches are expected to become available in June.

The vendor has also advised users to follow physical and network security best practices to prevent exploitation of the flaw, including keeping the devices in a secure environment, removing passwords for decommissioned devices, implementing network segmentation, and monitoring the network for malicious activity.

Advertisement. Scroll to continue reading.

GE has released an advisory, but it’s only available to customers. The company told SecurityWeek that the affected products are “a limited family of legacy GE products that were developed in the 1990s before current industry expectations for security.” GE said it was not aware of any incidents where the security hole had been exploited.

While the recent disruptions to Ukraine’s energy supply have clearly demonstrated that attacks on the power grid are a reality, it’s not uncommon for cybersecurity researchers to exaggerate the impact of their findings. It remains to be seen exactly how easily this flaw can be exploited after more information is made available.

*Correction: Initial article had error on CVE ID: Corrected to CVE-2017-7905 

Related: GE Patches Critical Flaw in Industrial Switches

Related: GE Machine Monitoring System Plagued by Serious Flaw

Related: GE Brings Predix Industrial Platform to Microsoft Cloud

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...