A critical vulnerability which affects some of the GE’s protection relays poses a very serious threat to power grid, as the researchers have claimed. This vendor has started releasing patches for this security hole.
A team of the researchers from New York University said that they have identified a severe flaw in some of the GE’s Multilin SR protection relays, which are now widely deployed in the whole energy sector. These experts will detail and then demonstrate an exploit at upcoming Black Hat conference in the Las Vegas, before that, they have shared some information about their findings.
“Essentially, we completely broke the homebrew encryption algorithm used by the protection and management devices to generally authenticate the users and then allow the privileged operations,” these experts wrote in their abstract for the Black Hat conference. “Knowledge of passcode enables the attacker to completely pwn that device and disconnect all the sectors of the power grid at will, thus locking operators out to just prolong the attack.”
In an advisory published on this Thursday, ICS-CERT said that the remotely exploitable vulnerability, tracked as the CVE-2017-7095, is related to use of non-random initialization vectors when the encrypting passwords, which exposes them to the dictionary attacks.
An attacker who can get the password — either from the an front LCD panel or via a Modbus commands — can just hijack the affected device.
ICS-CERT reported that the flaw affects the 750 and 760 Feeder Protection Systems, 369 and 469 Motor Protection Relays, 745 Transformer Protection Relays, and 489 Generator Protection Relays.
GE has already released firmware updates that address the vulnerability for most of these devices, except for 369 Motor Protection Relays, for which patches are expected to become available in June.