Receive SMS online on the SIMonline website to confirm your account
GE Communicator is designed to configure and commission General Electric energy meters. The tool is used by electricity companies, large manufacturers and other types of organizations around the world.
Reid Whiteman, senior vulnerability researcher at Dragos, an industrial cybersecurity company, discovered that GE Communicator was exposed to a total of five vulnerabilities.
Wightman said that flaws could allow an attacker to gain administrator privileges on a workstation running GE Communicator software, but for operation it requires either network access to the workstation (and Windows Firewall settings that allow incoming network connections) or local login to network access system. workstation with normal user rights.
Remote operation from the Internet may also be possible, but unlikely, said Whiteman, because it is workstation software that usually runs on company laptops and laboratory workstations, where services are not provided directly.
One of the vulnerabilities is related to the existence of two backdoor accounts with hard-coded credentials. They can allow an attacker to gain control of the application database, but ICS-CERT says that operation is prevented if the Windows Firewall settings are set to the default.
Another security hole allows a user with non-administrative privileges to put a malicious file in the installation folder, giving him administrator rights during installation or update. Such a flaw allows an attacker with non-administrator privileges to increase privileges by replacing the GE Communicator uninstaller with a malicious file.
According to ICS-CERT, another drawback can be used to control widgets and user interface elements by placing a specially created file in the application’s working directory.
The latter vulnerability relates to a system privilege service that a user with low privileges can use to perform certain administrative actions. An attacker can use this to execute scheduled scripts with administrative privileges. Like the first vulnerability, the exploitation of this vulnerability is prevented if Windows Firewall is enabled with default settings.
Four out of five vulnerabilities were assigned CVSS points, which put them in the “high severity” category. However, Whiteman says he does not consider this problem critical.
“They are typical of engineering software that has not yet undergone a thorough security analysis,” he said. “Most engineering programs in control network systems will have similar problems regardless of vendor.”
GE fixed these vulnerabilities in the release of GE Communicator 4.0.517. Whiteman said it took the company nearly 7 months to fix the flaws.
According to Wightman, organizations can also prevent exploitation by restricting access to TCP ports 1233 (RPC endpoint for the MeterManager scheduler service) and 5433 (database server).
“These services are blocked by default Windows configuration, but engineers may accidentally or intentionally disable the standard Windows firewall,” said Whiteman. “This often happens when troubleshooting communication problems. We recommend that you make sure that these services are limited to both the host firewall and any perimeter firewalls that the utility can run. ”