Risk Summary
Successful exploitation of these vulnerabilities could allow an attacker to take full control of the digital fault recorder (DFR), remotely execute code, or escalate privileges.
CVEs (3)
Remediations
- GE recommends DR60 users upgrade to firmware v02A04.1 or higher to correct these vulnerabilities.
- Instructions on how to upgrade the DR60 firmware and verify its installation are available in the product user's manual.
- See GE publication number: GES-2021-002 for more information.
- GE recommends DR60 devices be protected using network defense-in-depth practices. This includes, but is not limited to, placing DR60 devices inside the control system network security perimeter, and having access controls, monitoring (such as an Intrusion Detection System), and other mitigating technologies in place. Many electric utilities have deployed cyber security solutions in accordance with the NERC-CIP implementation requirements. Please refer to the product secure deployment guide.
Affected Vendors
General Electric (GE)
Affected Products (1)
General Electric (GE)
·
DR60
< 02A04.1
Affected Sectors
Communications, Critical Manufacturing, Energy, Healthcare and Public Health, Transportation Systems, Water and Wastewater Systems
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more