Sign-up

ID

VAR-201706-0659


CVE

CVE-2017-7905


TITLE

GE Multilin SR Relay Protector Unauthorized Access Vulnerability

Trust: 0.8

sources: IVD: 5dd457b7-da91-43e9-bbcf-14025ad4cf1c // CNVD: CNVD-2017-05694

DESCRIPTION

A Weak Cryptography for Passwords issue was discovered in General Electric (GE) Multilin SR 750 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 760 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 469 Motor Protection Relay, firmware versions prior to Version 5.23; SR 489 Generator Protection Relay, firmware versions prior to Version 4.06; SR 745 Transformer Protection Relay, firmware versions prior to Version 5.23; SR 369 Motor Protection Relay, all firmware versions; Multilin Universal Relay, firmware Version 6.0 and prior versions; and Multilin URplus (D90, C90, B95), all versions. Ciphertext versions of user passwords were created with a non-random initialization vector leaving them susceptible to dictionary attacks. Ciphertext of user passwords can be obtained from the front LCD panel of affected products and through issued Modbus commands. plural General Electric (GE) The product contains cryptographic vulnerabilities.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The GE Multilin SR Relay Protector has an unauthorized access vulnerability that allows an attacker to gain access to a user password from a front panel or Modbus command and gain unauthorized access to GE MultilinSR Series Relay Protector products. GE 750 Feeder Protection Relay and others are relay products of General Electric (GE) of the United States. Security vulnerabilities exist in several GE products due to weak passwords used by programs. An attacker could exploit this vulnerability to gain access to the system

Trust: 3.42

sources: NVD: CVE-2017-7905 // JVNDB: JVNDB-2017-005682 // CNVD: CNVD-2017-05694 // CNVD: CNVD-2017-07261 // BID: 98063 // IVD: 5dd457b7-da91-43e9-bbcf-14025ad4cf1c // IVD: d9b1473e-6988-4096-86db-42efea36309a // VULHUB: VHN-116108

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 1.6

sources: IVD: 5dd457b7-da91-43e9-bbcf-14025ad4cf1c // IVD: d9b1473e-6988-4096-86db-42efea36309a // CNVD: CNVD-2017-05694 // CNVD: CNVD-2017-07261

AFFECTED PRODUCTS

vendor:gemodel:multilin urplus b95scope:eqversion: -

Trust: 1.6

vendor:gemodel:multilin sr 369 motor protection relayscope:eqversion: -

Trust: 1.6

vendor:gemodel:multilin urplus d90scope:eqversion: -

Trust: 1.6

vendor:gemodel:multilin urplus c90scope:eqversion: -

Trust: 1.6

vendor:gemodel:multilin sr 760 feeder protection relayscope:lteversion:5.02

Trust: 1.0

vendor:gemodel:multilin sr 745 transformer protection relayscope:lteversion:2.85

Trust: 1.0

vendor:gemodel:multilin sr 750 feeder protection relayscope:lteversion:5.02

Trust: 1.0

vendor:gemodel:multilin sr 489 generator protection relayscope:lteversion:1.53

Trust: 1.0

vendor:gemodel:multilin universal relayscope:lteversion:6.0

Trust: 1.0

vendor:gemodel:multilin sr 469 motor protection relayscope:lteversion:2.90

Trust: 1.0

vendor:general electricmodel:sr 369 motor protection relayscope:eqversion: -

Trust: 0.8

vendor:general electricmodel:sr 469 motor protection relayscope:ltversion:5.23

Trust: 0.8

vendor:general electricmodel:sr 489 generator protection relayscope:ltversion:4.06

Trust: 0.8

vendor:general electricmodel:sr 745 transformer protection relayscope:ltversion:5.23

Trust: 0.8

vendor:general electricmodel:sr 750 feeder protection relayscope:ltversion:7.47

Trust: 0.8

vendor:general electricmodel:sr 760 feeder protection relayscope:ltversion:7.47

Trust: 0.8

vendor:general electricmodel:universal relayscope:lteversion:6.0

Trust: 0.8

vendor:general electricmodel:urplus b95scope:eqversion: -

Trust: 0.8

vendor:general electricmodel:urplus c90scope:eqversion: -

Trust: 0.8

vendor:general electricmodel:urplus d90scope:eqversion: -

Trust: 0.8

vendor:gemodel:feeder protection relayscope:eqversion:750<7.47

Trust: 0.6

vendor:gemodel:feeder protection relayscope:eqversion:760<7.47

Trust: 0.6

vendor:gemodel:motor protection relayscope:eqversion:469<5.23

Trust: 0.6

vendor:gemodel:generator protection relayscope:eqversion:489<4.06

Trust: 0.6

vendor:gemodel:transformer protection relayscope:eqversion:745<5.23

Trust: 0.6

vendor:gemodel:feeder protection relayscope:eqversion:750

Trust: 0.6

vendor:gemodel:feeder protection relayscope:eqversion:760

Trust: 0.6

vendor:gemodel:transformer protection relayscope:eqversion:745

Trust: 0.6

vendor:gemodel:generator protection relayscope:eqversion:489

Trust: 0.6

vendor:gemodel:motor protection relayscope:eqversion:469

Trust: 0.6

vendor:gemodel:motor protection relayscope:eqversion:369

Trust: 0.6

vendor:gemodel:multilin sr 489 generator protection relayscope:eqversion:1.53

Trust: 0.6

vendor:gemodel:multilin sr 750 feeder protection relayscope:eqversion:5.02

Trust: 0.6

vendor:gemodel:multilin sr 745 transformer protection relayscope:eqversion:2.85

Trust: 0.6

vendor:gemodel:multilin sr 469 motor protection relayscope:eqversion:2.90

Trust: 0.6

vendor:gemodel:multilin universal relayscope:eqversion:6.0

Trust: 0.6

vendor:gemodel:multilin sr 760 feeder protection relayscope:eqversion:5.02

Trust: 0.6

vendor:multilin sr 750 feeder protection relaymodel: - scope:eqversion:*

Trust: 0.4

vendor:multilin urplus b95model: - scope:eqversion: -

Trust: 0.4

vendor:multilin sr 760 feeder protection relaymodel: - scope:eqversion:*

Trust: 0.4

vendor:multilin sr 469 motor protection relaymodel: - scope:eqversion:*

Trust: 0.4

vendor:multilin sr 489 generator protection relaymodel: - scope:eqversion:*

Trust: 0.4

vendor:multilin sr 745 transformer protection relaymodel: - scope:eqversion:*

Trust: 0.4

vendor:multilin sr 369 motor protection relaymodel: - scope:eqversion: -

Trust: 0.4

vendor:multilin universal relaymodel: - scope:eqversion:*

Trust: 0.4

vendor:multilin urplus d90model: - scope:eqversion: -

Trust: 0.4

vendor:multilin urplus c90model: - scope:eqversion: -

Trust: 0.4

vendor:gemodel:feeder protection relayscope:eqversion:7600

Trust: 0.3

vendor:gemodel:feeder protection relayscope:eqversion:7500

Trust: 0.3

vendor:gemodel:transformer protection relayscope:eqversion:7450

Trust: 0.3

vendor:gemodel:generator protection relayscope:eqversion:4890

Trust: 0.3

vendor:gemodel:motor protection relayscope:eqversion:4690

Trust: 0.3

vendor:gemodel:motor protection relayscope:eqversion:3690

Trust: 0.3

vendor:gemodel:feeder protection relayscope:neversion:7607.47

Trust: 0.3

vendor:gemodel:feeder protection relayscope:neversion:7507.47

Trust: 0.3

vendor:gemodel:transformer protection relayscope:neversion:7455.23

Trust: 0.3

vendor:gemodel:generator protection relayscope:neversion:4894.06

Trust: 0.3

vendor:gemodel:motor protection relayscope:neversion:4695.23

Trust: 0.3

sources: IVD: 5dd457b7-da91-43e9-bbcf-14025ad4cf1c // IVD: d9b1473e-6988-4096-86db-42efea36309a // CNVD: CNVD-2017-05694 // CNVD: CNVD-2017-07261 // BID: 98063 // JVNDB: JVNDB-2017-005682 // CNNVD: CNNVD-201705-173 // NVD: CVE-2017-7905

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-7905
value: CRITICAL

Trust: 1.0

NVD: CVE-2017-7905
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2017-05694
value: HIGH

Trust: 0.6

CNVD: CNVD-2017-07261
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201705-173
value: CRITICAL

Trust: 0.6

IVD: 5dd457b7-da91-43e9-bbcf-14025ad4cf1c
value: CRITICAL

Trust: 0.2

IVD: d9b1473e-6988-4096-86db-42efea36309a
value: CRITICAL

Trust: 0.2

VULHUB: VHN-116108
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-7905
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-05694
severity: HIGH
baseScore: 7.6
vectorString: AV:N/AC:H/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 4.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

CNVD: CNVD-2017-07261
severity: HIGH
baseScore: 7.6
vectorString: AV:N/AC:H/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 4.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 5dd457b7-da91-43e9-bbcf-14025ad4cf1c
severity: HIGH
baseScore: 7.6
vectorString: AV:N/AC:H/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 4.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: d9b1473e-6988-4096-86db-42efea36309a
severity: HIGH
baseScore: 7.6
vectorString: AV:N/AC:H/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 4.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-116108
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-7905
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: IVD: 5dd457b7-da91-43e9-bbcf-14025ad4cf1c // IVD: d9b1473e-6988-4096-86db-42efea36309a // CNVD: CNVD-2017-05694 // CNVD: CNVD-2017-07261 // VULHUB: VHN-116108 // JVNDB: JVNDB-2017-005682 // CNNVD: CNNVD-201705-173 // NVD: CVE-2017-7905

PROBLEMTYPE DATA

problemtype:CWE-326

Trust: 1.1

problemtype:CWE-330

Trust: 1.1

problemtype:CWE-522

Trust: 1.1

problemtype:CWE-261

Trust: 1.0

problemtype:CWE-310

Trust: 0.9

sources: VULHUB: VHN-116108 // JVNDB: JVNDB-2017-005682 // NVD: CVE-2017-7905

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201705-173

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201705-173

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-005682

PATCH
title:Top Pageurl:http://www.gegridsolutions.com/index.htm
Trust: 0.8
title:GE Multilin SR Relay Protector Unauthorized Access Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/92971
Trust: 0.6
title:Patches for multiple GE product weak password vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/94150
Trust: 0.6
title:Multiple GE Product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=69825
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-05694 // 
            
            
            
            CNVD: CNVD-2017-07261 // 
            
            
            
            JVNDB: JVNDB-2017-005682 // 
            
            
            
            CNNVD: CNNVD-201705-173

EXTERNAL IDS
db:NVDid:CVE-2017-7905
Trust: 4.4
db:BIDid:98063
Trust: 2.6
db:ICS CERTid:ICSA-17-117-01A
Trust: 2.3
db:CNNVDid:CNNVD-201705-173
Trust: 1.1
db:ICS CERTid:ICSA-17-117-01
Trust: 0.9
db:CNVDid:CNVD-2017-05694
Trust: 0.8
db:CNVDid:CNVD-2017-07261
Trust: 0.8
db:ICS CERTid:ICSA-17-117-01B
Trust: 0.8
db:JVNDBid:JVNDB-2017-005682
Trust: 0.8
db:IVDid:5DD457B7-DA91-43E9-BBCF-14025AD4CF1C
Trust: 0.2
db:IVDid:D9B1473E-6988-4096-86DB-42EFEA36309A
Trust: 0.2
db:VULHUBid:VHN-116108
Trust: 0.1
sources:
            
            
            IVD: 5dd457b7-da91-43e9-bbcf-14025ad4cf1c // 
            
            
            
            IVD: d9b1473e-6988-4096-86db-42efea36309a // 
            
            
            
            CNVD: CNVD-2017-05694 // 
            
            
            
            CNVD: CNVD-2017-07261 // 
            
            
            
            VULHUB: VHN-116108 // 
            
            
            
            BID: 98063 // 
            
            
            
            JVNDB: JVNDB-2017-005682 // 
            
            
            
            CNNVD: CNNVD-201705-173 // 
            
            
            
            NVD: CVE-2017-7905

REFERENCES
url:http://www.securityfocus.com/bid/98063
Trust: 2.3
url:https://ics-cert.us-cert.gov/advisories/icsa-17-117-01a
Trust: 2.3
url:https://ics-cert.us-cert.gov/advisories/icsa-17-117-01
Trust: 0.9
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7905
Trust: 0.8
url:https://ics-cert.us-cert.gov/advisories/icsa-17-117-01b
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-7905
Trust: 0.8
url:https://www.gegridsolutions.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2017-05694 // 
            
            
            
            CNVD: CNVD-2017-07261 // 
            
            
            
            VULHUB: VHN-116108 // 
            
            
            
            BID: 98063 // 
            
            
            
            JVNDB: JVNDB-2017-005682 // 
            
            
            
            CNNVD: CNNVD-201705-173 // 
            
            
            
            NVD: CVE-2017-7905

CREDITS
Charalambos Konstantinou,Anastasis Keliris, Marios Sazos, and Dr. Michail (Mihalis) Maniatakos.
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201705-173

SOURCES
db:IVDid:5dd457b7-da91-43e9-bbcf-14025ad4cf1c
db:IVDid:d9b1473e-6988-4096-86db-42efea36309a
db:CNVDid:CNVD-2017-05694
db:CNVDid:CNVD-2017-07261
db:VULHUBid:VHN-116108
db:BIDid:98063
db:JVNDBid:JVNDB-2017-005682
db:CNNVDid:CNNVD-201705-173
db:NVDid:CVE-2017-7905

LAST UPDATE DATE
2025-04-20T23:42:12.599000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-05694date:2017-05-01T00:00:00
db:CNVDid:CNVD-2017-07261date:2017-05-23T00:00:00
db:VULHUBid:VHN-116108date:2019-10-09T00:00:00
db:BIDid:98063date:2017-05-02T00:11:00
db:JVNDBid:JVNDB-2017-005682date:2017-08-03T00:00:00
db:CNNVDid:CNNVD-201705-173date:2019-10-17T00:00:00
db:NVDid:CVE-2017-7905date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:IVDid:5dd457b7-da91-43e9-bbcf-14025ad4cf1cdate:2017-05-01T00:00:00
db:IVDid:d9b1473e-6988-4096-86db-42efea36309adate:2017-05-23T00:00:00
db:CNVDid:CNVD-2017-05694date:2017-05-01T00:00:00
db:CNVDid:CNVD-2017-07261date:2017-05-23T00:00:00
db:VULHUBid:VHN-116108date:2017-06-30T00:00:00
db:BIDid:98063date:2017-04-27T00:00:00
db:JVNDBid:JVNDB-2017-005682date:2017-08-03T00:00:00
db:CNNVDid:CNNVD-201705-173date:2017-04-27T00:00:00
db:NVDid:CVE-2017-7905date:2017-06-30T03:29:00.890