GE MU320E

Act Now9.8ICS-CERT ICSA-21-082-02Mar 23, 2021

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

GE MU320E contains hard-coded credentials and privilege escalation vulnerabilities (CWE-259, CWE-250, CWE-326) that allow an attacker with network access to take administrative control of the device without authentication. Affected versions are all firmware versions prior to 04A00.1. Successful exploitation could allow an attacker to escalate privileges and use the hard-coded credentials to take control of the device and alter its operation.

What this means

What could happen

An attacker with network access to the MU320E could use hard-coded credentials and privilege escalation flaws to gain full control of the device, potentially altering power system operations or disabling protective relaying functions.

Who's at risk

Electric utilities and power system operators who rely on GE MU320E protection and control devices for generator or transformer monitoring. Affects relay protection, automation, and metering functions in energy generation and distribution.

How it could be exploited

An attacker on the network containing the MU320E discovers the device and connects to its management port. The attacker then uses the hard-coded credentials to authenticate and exploit the privilege escalation vulnerability to gain administrative control of the device, allowing them to reconfigure settings or inject malicious logic.

Prerequisites

Network access to MU320E management port (typically port 502 or web interface)
No authentication required—hard-coded credentials are embedded in the firmware

remotely exploitableno authentication requiredlow complexityhard-coded credentialsaffects critical infrastructurehigh CVSS score (9.8)

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (1)

ProductAffected VersionsFix Status

MU320E All firmware:< 04A00.104A00.1 or higher

Remediation & Mitigation

0/5

Do now

0/2

HARDENINGPlace MU320E devices behind firewall and isolate from business network

HARDENINGImplement network access controls to restrict access to MU320E management ports to authorized personnel only

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade MU320E firmware to version 04A00.1 or higher

Long-term hardening

0/2

HARDENINGDeploy intrusion detection monitoring on the control system network segment containing MU320E

HARDENINGUse VPN with latest security patches if remote access to MU320E is required

CVEs (3)

CVE-2021-27452 CVE-2021-27448 CVE-2021-27450

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/ef61c53b-0828-4050-9db2-686f4bd9858b