ICSA-21-075-02
·
Published 2021-03-16
·
View on CISA ICS-CERT ↗
GE UR Family (Update A)
CVSS 9.8
CRITICAL
Risk Summary
Successful exploitation of these vulnerabilities could allow an attacker to access sensitive information, reboot the UR, gain privileged access, or cause a denial-of-service condition.
CVEs (10)
Remediations
- GE strongly recommends users with impacted firmware versions update their UR devices to UR firmware Version 8.10 or greater to resolve these vulnerabilities. GE provides additional mitigations and information about these vulnerabilities in GE Publication Number: GES-2021-004 at https://www.gegridsolutions.com/Passport/Login.aspx (login required).
- GE recommends protecting UR IED by using network defense-in-depth practices. This includes, but is not limited to, placing UR IED inside the control system network security perimeter, and having access controls, monitoring (such as an Intrusion Detection System), and other mitigating technologies in place.
- GE recommends users refer to the UR Deployment guide for secure configuration of UR IED and system.
Affected Vendors
GE Veronva
Affected Products (19)
GE Veronva
·
UR B30
<8.10
GE Veronva
·
UR B90
<8.10
GE Veronva
·
UR C30
<8.10
GE Veronva
·
UR C60
<8.10
GE Veronva
·
UR C70
<8.10
GE Veronva
·
UR C95
<8.10
GE Veronva
·
UR D30
<8.10
GE Veronva
·
UR D60
<8.10
GE Veronva
·
UR F35
<8.10
GE Veronva
·
UR F60
<8.10
GE Veronva
·
UR G30
<8.10
GE Veronva
·
UR G60
<8.10
GE Veronva
·
UR L30
<8.10
GE Veronva
·
UR L60
<8.10
GE Veronva
·
UR L90
<8.10
GE Veronva
·
UR M60
<8.10
GE Veronva
·
UR N60
<8.10
GE Veronva
·
UR T35
<8.10
GE Veronva
·
UR T60
<8.10
Affected Sectors
Communications, Critical Manufacturing, Energy, Healthcare and Public Health, Transportation Systems, Water and Wastewater Systems
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more