GE Grid Solutions Reason RT Clocks
Plan Patch9.6ICS-CERT ICSA-20-154-05Jun 2, 2020
Attack VectorAdjacent
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
GE Reason RT430, RT431, and RT434 precision time synchronization clocks contain a vulnerability that allows unauthenticated network access to the HTTP/HTTPS web interface. Exploitation could enable arbitrary code execution, information disclosure, and device unavailability. Affected firmware versions are prior to 08A05. The vulnerability resides in authentication and input validation mechanisms (CWE-306).
What this means
What could happen
An attacker on the local network could run arbitrary code on the RT clock, potentially disrupting time synchronization critical to grid operations, or access sensitive information from the device.
Who's at risk
Energy sector operators who rely on GE Reason RT430, RT431, and RT434 precision clocks for time synchronization in grid operations, especially those with devices running firmware versions prior to 08A05.
How it could be exploited
An attacker with network access to the RT clock could exploit the vulnerability through the HTTP/HTTPS web interface (ports 80 or 443) to inject and execute arbitrary code on the device without requiring authentication.
Prerequisites
- Network access to the local Ethernet network where the RT clock is installed
- Access to TCP/IP ports 80 or 443 on the affected device
- No authentication credentials required
Remotely exploitable from local networkNo authentication requiredLow complexity attackCritical CVSS score (9.6)No patch available for some deploymentsAffects grid time synchronization infrastructure
Exploitability
Low exploit probability (EPSS 0.7%)
Affected products (1)
ProductAffected VersionsFix Status
RT430 RT431 and RT434: all< 08A0508A05 or greater
Remediation & Mitigation
0/5
Do now
0/1WORKAROUNDBlock TCP/IP ports 80 and 443 to the RT clock using Access Control Lists (ACL) on the Ethernet port interface
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HOTFIXUpdate firmware to version 08A05 or greater
Long-term hardening
0/3HARDENINGImplement network segmentation to isolate time synchronization devices from direct network access
HARDENINGRestrict physical and network access to the local network where Reason clocks are installed
HARDENINGEnable security event logging and monitoring to detect unexpected traffic to the RT clock devices
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/9cb86cf4-1c2c-4d92-b0fa-e1f4491f718b