GE Protection Relays has Critical Flaw which Exposes Power Grid: Researchers

A critical vulnerability that affects some of GE’s protection relays poses a serious threat to the power grid, researchers have claimed. The vendor has started releasing patches for the security hole.
A team of researchers from New York University said they identified a severe flaw in some of GE’s Multilin SR protection relays, which are widely deployed in the energy sector. The experts will detail and demonstrate an exploit at the upcoming Black Hat conference in Las Vegas, but they have shared some information on their findings.

“Essentially, we completely broke the home brew encryption algorithm used by these protection and management devices to authenticate users and allow privileged operations,” the experts wrote in their abstract for the conference. “Knowledge of the passcode enables an attacker to completely pwn the device and disconnect sectors of the power grid at will, locking operators out to prolong the attack.”
In an advisory published on Thursday, ICS-CERT said the remotely exploitable vulnerability, tracked as CVE-2017-7095, is related to the use of non-random initialization vectors when encrypting passwords, which exposes them to dictionary attacks.
An attacker who can obtain the password — either from the front LCD panel or via Modbus commands — can hijack the affected device.
ICS-CERT reported that the flaw affects the 750 and 760 Feeder Protection Systems, 369 and 469 Motor Protection Relays, 745 Transformer Protection Relays, and 489 Generator Protection Relays.
GE has already released firmware updates that address the vulnerability for most of these devices, except for 369 Motor Protection Relays, for which patches are expected to become available in June.

#CyberAttack #Anonymous #HackingNews
Share on Google Plus


    Blogger Comment
    Facebook Comment


Post a Comment