ICSA-18-137-01
·
Published 2018-05-17
·
View on CISA ICS-CERT ↗
GE PACSystems CPE305/310, CPE330, CPE400, RSTi-EP CPE 100, CPU320/CRU320, RXi
CVSS 7.5
HIGH
Risk Summary
Successful exploitation of this vulnerability could cause the device to reboot and change its state, causing the device to become unavailable.
CVEs (1)
Remediations
- IC695CPE305 - https://digitalsupport.ge.com/communities/en_US/Download/IC695CPE305-PACSystems-RX3i-CPU-DN - Upgrade Kit: CPE305_FW9_40_41G1733-MS10-000-A17.zip
- IC695CPE310 - https://digitalsupport.ge.com/communities/en_US/Download/IC695CPE310-PACSystems-RX3i-CPU-DN - Upgrade Kit: CPE310_FW9_40_41G1734-MS10-000-A17.zip
- IC695CPE330 - https://digitalsupport.ge.com/communities/en_US/Download/IC695CPE330-PACSystems-RX3i-CPU-DN - Upgrade Kit: CPE330_FW9_40_41G2016-FW01-000-A11.zip
- IC695CPE400 - https://digitalsupport.ge.com/communities/en_US/Download/IC695CPE400-PACSystems-RX3i-Rackless-CPU-with-Field-Agent - Upgrade Kit: CPE400_FW9_40_41G2376-FW01-000-A3.zip
- For CPE100 the newest firmware can be obtained
- GE reports that CPU/CRU320 is end of life, and there is a direct upgrade path available to users.
Affected Vendors
General Electric (GE)
Affected Products (5)
General Electric (GE)
·
PACSystems CPU320/CRU320 and RXi
vers:all/*
General Electric (GE)
·
RX3i CPE 400
<= 9.30
General Electric (GE)
·
PACSystems RX3i CPE305/310
<= 9.20
General Electric (GE)
·
PACSystems RSTi-EP CPE 100
vers:all/*
General Electric (GE)
·
RX3i CPE330
<= 9.21
Affected Sectors
Critical Manufacturing
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more