GE Reason RT43X Clocks

Act Now9.8ICS-CERT ICSA-21-005-03Jan 5, 2021

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

GE Reason RT43X clocks contain two vulnerabilities (CWE-94: arbitrary code execution, CWE-321: hardcoded cryptographic keys) affecting firmware versions prior to 08A06. An authenticated remote attacker could execute arbitrary code on the system or intercept and decrypt encrypted traffic. The RT430, RT431, and RT434 models are affected.

What this means

What could happen

An authenticated attacker with network access to a Reason RT43X clock could run arbitrary commands on the device, potentially altering time synchronization across your control network or disrupting dependent systems. They could also decrypt encrypted communications to intercept sensitive control system data.

Who's at risk

Energy and transportation operators who use GE Reason RT43X time synchronization clocks (models RT430, RT431, RT434) for grid timing, SCADA synchronization, or transit signal coordination should treat this as a critical risk. Any facility relying on these clocks for coordinated operations is affected.

How it could be exploited

An attacker with network access to the Reason RT43X clock's HTTP/HTTPS interface (ports 80/443) and valid credentials could upload and execute malicious code, or use the hardcoded encryption key to decrypt sensitive traffic. The attack requires the attacker to reach the clock on your local network—not exploitable directly from the Internet if the device is properly isolated.

Prerequisites

Network access to Reason RT43X clock on ports 80 or 443
Valid authentication credentials for the clock's web interface
Firmware version prior to 08A06

remotely exploitableauthentication requiredno patch available for all modelsaffects time synchronization (critical for grid/transit operations)hardcoded encryption keys

Exploitability

Moderate exploit probability (EPSS 3.6%)

Affected products (1)

ProductAffected VersionsFix Status

RT430 RT431 & RT434: all< 08A0608A06

Remediation & Mitigation

0/5

Do now

0/2

WORKAROUNDBlock access to TCP ports 80 and 443 on the network segment where the RT43X clock is installed using firewall rules or network ACLs

HARDENINGEnsure the RT43X clock is not reachable from the Internet or business network; isolate it to the control system network only

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate RT43X firmware to version 08A06 or greater

Long-term hardening

0/2

HARDENINGImplement network monitoring to detect unexpected traffic to the RT43X clock on ports 80/443

HARDENINGUse VPN or secure out-of-band methods if remote management access to the clock is required

CVEs (2)

CVE-2020-25197 CVE-2020-25193

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/69322e45-36ed-4051-898e-95f5d23e984e