GE Multilin SR, UR, and URplus Protective Relays (Update B)
Plan Patch8.1ICS-CERT ICSA-17-117-01BApr 27, 2017
Attack VectorNetwork
Auth RequiredNone
ComplexityHigh
User InteractionNone needed
Summary
GE Multilin protective relays (SR, UR, URplus, and related models) contain a cryptographic weakness (CWE-261) that allows remote access bypass. Affected firmware versions across multiple relay product lines (750, 760, 745, 339, 350, 345, 469, 489, 369, MX350, T1000, MM200, MM300, RPTCS, B95Plus, and Universal Relay) are vulnerable to unauthorized remote access. The vulnerability allows an attacker to gain control without proper authentication.
What this means
What could happen
An attacker with network access to the relay could bypass authentication and remotely execute commands to alter protection settings, trip generators or feeder circuits, or disable protective functions, leading to loss of generation, uncontrolled fault conditions, or service interruption.
Who's at risk
Power generation and distribution operators, particularly those using GE Multilin protective relay product lines for generator protection (489, 469), transformer protection (345, 745), feeder protection (350, 750, 760), motor protection (339, 369, 469), and control/monitoring systems (UR, URplus, MX350, MM200, MM300, RPTCS, T1000, Universal Relay, B95Plus). Affects critical protection functions in electric utilities and large industrial facilities with backup generation.
How it could be exploited
An attacker on the network sends a specially crafted request to the relay's network interface. The weak cryptographic implementation allows the attacker to forge authentication credentials or bypass access controls, gaining command execution on the relay without valid credentials. The attacker can then reconfigure protection relay logic or issue trip commands.
Prerequisites
- Network access to the relay (typically port 502 for Modbus or telnet/SSH ports)
- No valid credentials required
Remotely exploitableNo authentication requiredLow complexity attackNo patch availableAffects protective relays—critical safety functionMultiple product lines affected
Exploitability
Low exploit probability (EPSS 0.2%)
Affected products (25)
25 EOL
ProductAffected VersionsFix Status
URplus firmware:1.86No fix (EOL)
MX350 Relay firmware:< 1.27No fix (EOL)
489 Generator Protection Relay firmware:< 4.06No fix (EOL)
489 Generator Protection Relay:4.06No fix (EOL)
369 Motor Protection Relay:3.63No fix (EOL)
Remediation & Mitigation
0/6
Do now
0/3HARDENINGImplement firewall rules to restrict network access to protective relays. Limit access to relay management ports to authorized engineering workstations and control network subnets only. Block all inbound connections from untrusted networks or the Internet.
HARDENINGImplement network segmentation to isolate protective relays and control systems on a dedicated VLAN with restricted access. Use switches with VLAN capabilities to prevent lateral movement from other network segments.
WORKAROUNDIf relay management interfaces are not actively used, disable remote access protocols (telnet, SSH, HTTP) on affected relays. Document which protocols are essential for your control scheme.
Schedule — requires maintenance window
0/2Patching may require device reboot — plan for process interruption
HARDENINGMonitor relay network traffic for unauthorized access attempts and suspicious commands using IDS/IPS rules or flow analysis on control network traffic.
HOTFIXWork with GE Vernova to obtain vendor firmware updates as they become available. Until patches are released, maintain an inventory of all affected relay firmware versions and prioritize replacement or upgrades of oldest versions.
Long-term hardening
0/1HOTFIXDevelop a relay patching strategy with GE Vernova that minimizes impact to generation and protection during firmware updates. Plan maintenance windows and test updates in a lab environment before deployment.
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/2b5ba692-4143-4e07-bdd3-d782341c6756