OTPulse
FeedAboutContact

GE S2020/S2020G Fast Switch 61850

Monitor4.6ICS-CERT ICSA-19-351-01Dec 17, 2019
Attack VectorNetwork
Auth RequiredLow
ComplexityLow
User InteractionRequired
Summary

The S2020/S2020G Fast Switch 61850 (versions 07A03 and earlier) contains a code injection vulnerability (CWE-79) that allows an authenticated attacker with network access to inject arbitrary code and read sensitive data. GE released firmware version 07A04 prior to public disclosure, which corrects the vulnerability. The attack requires valid user credentials and user interaction (such as clicking a malicious link).

What this means
What could happen
An attacker with network access and valid credentials could inject malicious code into the S2020/S2020G Fast Switch, potentially altering power distribution control logic or reading sensitive configuration data from the device.
Who's at risk
Electric utilities and power distribution operators managing GE S2020/S2020G Fast Switch relays (IEC 61850 Ethernet communication devices). These switches control power flow routing and protection functions in substations and distribution networks.
How it could be exploited
An attacker must gain network access to the device and provide valid credentials (likely engineering or administrative access to the web interface or management port). Once authenticated, they can inject arbitrary code through an unvalidated input field, which the device executes, or extract sensitive data by reading memory or configuration files.
Prerequisites
  • Network access to the S2020/S2020G management interface or web console
  • Valid user credentials (engineering or administrative level access)
  • User interaction required to click a malicious link or open a crafted file
Remotely exploitable over networkAuthentication required (credentials needed)Requires user interactionLow complexity attackAffects power distribution control equipment
Exploitability
Low exploit probability (EPSS 0.7%)
Affected products (1)
ProductAffected VersionsFix Status
S2020/S2020G Fast Switch 61850:≤ 07A0307A04
Remediation & Mitigation
0/4
Do now
0/1
WORKAROUNDRestrict network access to the S2020/S2020G management ports using firewall rules; ensure the device is not reachable from the Internet or untrusted networks
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade S2020/S2020G Fast Switch firmware to version 07A04 or later
Long-term hardening
0/2
HARDENINGImplement network segmentation to isolate the device on a dedicated control system VLAN separate from business networks
HARDENINGFor remote access, use a VPN connection to the control network and keep VPN software updated to the latest version
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/719a831a-0c6d-46c7-9ee2-da4fdf4afb12
GE S2020/S2020G Fast Switch 61850 | CVSS 4.6 - OTPulse