Risk Summary
Successful exploitation of these vulnerabilities could allow an attacker to escalate unnecessary privileges and use hard-coded credentials to take control of the device.
CVEs (3)
Remediations
- GE recommends MU320E users upgrade to firmware v04A00.1 or higher to mitigate these vulnerabilities.
- Instructions on how to upgrade the MU320E firmware and verify its installation are available in the product user's manual.
- See GE publication number: GES-2021-003 for more information.
- GE recommends MU320E devices be protected using network defense-in-depth practices. This includes, but is not limited to, placing MU320E devices inside the control system network security perimeter, and having access controls, monitoring (such as an Intrusion Detection System), and other mitigating technologies in place. Many electric utilities have deployed cyber security solutions in accordance with the NERC-CIP implementation requirements. Please refer to the product secure deployment guide.
Affected Vendors
General Electric (GE)
Affected Products (1)
General Electric (GE)
·
MU320E All firmware
< 04A00.1
Affected Sectors
Multiple
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more