← Back to home
ICSA-17-117-01B  ·  Published 2017-07-25  ·  View on CISA ICS-CERT ↗

GE Multilin SR, UR, and URplus Protective Relays (Update B)

CVSS 8.1 HIGH

Risk Summary

ATTENTION: Remotely exploitable/low skill level to exploit.

CVEs (1)

Remediations

  • GE's download link for 760 Feeder Protection Relay, Version 7.47 is as follows:
  • GE's download link for 750 Feeder Protection Relay, Version 7.47 is as follows (login required):
  • GE's download link for 745 Transformer Protection Relay, Version 5.23 is as follows (login required):
  • GE's download link for 489 Generator Protection Relay, Version 4.06 is as follows (login required):
  • GE's download link for 469 Motor Protection Relay, Version 5.23 is as follows (login required):
  • GE's download link for 369 Motor Protection Relay, Version 3.63 is as follows (login required):
  • GE security advisory, UR-2017-00001 Multilin UR/URPlus Family of Protective Relays, is available at the following location, with a valid account:
  • GE had identified additional legacy products that have the same vulnerability as the SR protective relays and in response, has released the following updated firmware versions:
  • GE's download link for the MM300 Motor Management Relay, firmware Version 1.71 is as follows (login required):
  • GE's release notification is as follows:
  • GE's download link for the MM200 Motor Management System, firmware Version 1.25 is as follows (login required):
  • MX350 Relay, firmware versions prior to Version 1.27,
  • For more information about the availability of this firmware version, contact GE's support:
  • RPTCS, firmware versions prior to Version 1.29,
  • GE's download link for the 350 Feeder Protection Relay, firmware Version 2.30 is as follows (login required):
  • GE's download link for the 345 Transformer Protection Relay, firmware Version 2.30, is as follows (login required):
  • GE's download link for the 339 Motor Protection Relay, firmware Version 2.30, is as follows (login required):
  • GE's download link for the T1000 Switch, firmware Version 03A02 is as follows (login required):
  • GE UR firmware versions 7.xx are not affected. GE has released updates that remove the ability to obtain the password cipher text in the following firmware versions:
  • Universal Relay: firmware Version 5.83
  • Universal Relay: firmware Version 5.92
  • Universal Relay: firmware Version 6.02 to 6.05
  • The Universal Relay firmware is available at the following location:
  • GE reports that the URplus platform will have firmware updates released in July 2017 for the following product versions:
  • URplus: firmware Version 1.86
  • URplus: firmware Version 1.92
  • B95Plus: firmware Version 1.03
  • GE recommends that users apply updated firmware versions to affected products, as well as implement the following physical security and network security defensive measures:
  • Control access to affected products by keeping devices in a locked and secure environment,
  • Remove passwords when decommissioning devices,
  • Monitor and block malicious network activity, and
  • Implement appropriate network segmentation and place affected devices within the control system network, behind properly configured firewalls. Protection and Control system devices should not be directly connected to the Internet or business networks.
  • GE security advisory, SR-2017-00001 Multilin SR Family of Protective Relays, is available at the following location, with a valid account:

Affected Vendors

General Electric (GE)

Affected Products (28)

General Electric (GE) · URplus (D90 C90 B95) vers:all/*
General Electric (GE) · MX350 Relay firmware < 1.27
General Electric (GE) · 489 Generator Protection Relay firmware < 4.06
General Electric (GE) · 369 Motor Protection Relay 3.63
General Electric (GE) · 469 Motor Protection Relay firmware < 5.23
General Electric (GE) · URplus firmware 1.86
General Electric (GE) · 369 Motor Protection Relay firmware < 3.63
General Electric (GE) · T1000 Switch firmware < 03A02
General Electric (GE) · MM200 Motor Management System firmware < 1.25
General Electric (GE) · 489 Generator Protection Relay 4.06
General Electric (GE) · 750 Feeder Protection Relay 7.47
General Electric (GE) · Universal Relay firmware >= 6.02 | <= 6.05
General Electric (GE) · RPTCS firmware < 1.29
General Electric (GE) · Universal Relay firmware 6.02 (excluding Version 5.83 Version 5.92 and all subsequent minor releases)
General Electric (GE) · Universal Relay firmware 5.83
General Electric (GE) · 760 Feeder Protection Relay firmware < 7.47
General Electric (GE) · 760 Feeder Protection Relay 7.47
General Electric (GE) · B95Plus firmware 1.03
General Electric (GE) · 339 Motor Protection Relay firmware < 2.30
General Electric (GE) · 350 Feeder Protection Relay firmware < 2.30
General Electric (GE) · 345 Transformer Protection Relay firmware < 2.30
General Electric (GE) · 469 Motor Protection Relay 5.23
General Electric (GE) · MM300 Motor Management Relay firmware < 1.71
General Electric (GE) · Universal Relay firmware 5.92
General Electric (GE) · 750 Feeder Protection Relay firmware < 7.47
General Electric (GE) · 745 Transformer Protection Relay firmware < 5.23
General Electric (GE) · 745 Transformer Protection Relay 5.23
General Electric (GE) · URplus firmware 1.92

Affected Sectors

Chemical, Critical Manufacturing, Dams, Energy, Food and Agriculture, Government Facilities, Transportation Systems, Water and Wastewater Systems

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more