Summary
Detail | |||
---|---|---|---|
Vendor | Ge | First view | 2017-06-29 |
Product | Multilin Sr 469 Motor Protection Relay Firmware | Last view | 2017-06-29 |
Version | Type | Os | |
Update | |||
Edition | |||
Language | |||
Sofware Edition | |||
Target Software | |||
Target Hardware | |||
Other |
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
CPE Name | Affected CVE |
---|---|
cpe:2.3:o:ge:multilin_sr_469_motor_protection_relay_firmware:2.90:*:*:*:*:*:*:* | 1 |
Related : CVE
Date | Alert | Description | |
---|---|---|---|
9.8 | 2017-06-29 | CVE-2017-7905 | A Weak Cryptography for Passwords issue was discovered in General Electric (GE) Multilin SR 750 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 760 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 469 Motor Protection Relay, firmware versions prior to Version 5.23; SR 489 Generator Protection Relay, firmware versions prior to Version 4.06; SR 745 Transformer Protection Relay, firmware versions prior to Version 5.23; SR 369 Motor Protection Relay, all firmware versions; Multilin Universal Relay, firmware Version 6.0 and prior versions; and Multilin URplus (D90, C90, B95), all versions. Ciphertext versions of user passwords were created with a non-random initialization vector leaving them susceptible to dictionary attacks. Ciphertext of user passwords can be obtained from the front LCD panel of affected products and through issued Modbus commands. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
33% (1) | CWE-522 | Insufficiently Protected Credentials |
33% (1) | CWE-330 | Use of Insufficiently Random Values |
33% (1) | CWE-326 | Inadequate Encryption Strength |