CVE-2017-7905 : What You Need to Know
Discover the Weak Cryptography vulnerability in GE Multilin protective relays, exposing user passwords to dictionary attacks. Learn about the impact, affected systems, and mitigation steps.
A Weak Cryptography for Passwords vulnerability has been identified in General Electric (GE) Multilin protective relays, potentially exposing user passwords to dictionary attacks.
Understanding CVE-2017-7905
This CVE involves a weakness in password encryption in various GE Multilin protective relays, making user passwords vulnerable to decryption.
What is CVE-2017-7905?
The vulnerability stems from the use of non-random initialization vectors in generating ciphertext versions of user passwords, allowing attackers to potentially decipher passwords through dictionary attacks.
The Impact of CVE-2017-7905
The vulnerability could lead to unauthorized access to sensitive systems and data protected by the affected GE Multilin protective relays.
Technical Details of CVE-2017-7905
This section delves into the specific technical aspects of the CVE.
Vulnerability Description
The vulnerability arises from the improper encryption of user passwords in various GE Multilin protective relays, leaving them susceptible to decryption.
Affected Systems and Versions
- GE Multilin SR 750 Feeder Protection Relay, firmware versions prior to Version 7.47
- SR 760 Feeder Protection Relay, firmware versions prior to Version 7.47
- SR 469 Motor Protection Relay, firmware versions prior to Version 5.23
- SR 489 Generator Protection Relay, firmware versions prior to Version 4.06
- SR 745 Transformer Protection Relay, firmware versions prior to Version 5.23
- SR 369 Motor Protection Relay, all firmware versions
- Multilin Universal Relay, firmware Version 6.0 and prior versions
- Multilin URplus (D90, C90, B95), all versions
Exploitation Mechanism
Attackers can potentially acquire ciphertext versions of user passwords from the front LCD panel of the affected products or through transmitted Modbus commands.
Mitigation and Prevention
Protective measures to address and prevent exploitation of the vulnerability.
Immediate Steps to Take
- Update affected devices to the latest firmware versions that address the encryption vulnerability.
- Implement strong, randomized initialization vectors for password encryption.
Long-Term Security Practices
- Regularly monitor and audit password security practices within the organization.
- Conduct security training for personnel on password management best practices.
Patching and Updates
- Apply patches and updates provided by General Electric to fix the weak cryptography issue in the affected protective relays.