SIMonline

Service receive & sending SMS

Vulnerability of GE Power Meter

366   |     /   Security

Vulnerability of GE Power Meter
GE Communicator software has several vulnerabilities, including hardcoded credentials and privilege escalation deficiencies, ICS-CERT reported.



Receive SMS online on the SIMonline website to confirm your account

GE Communicator is designed to configure and commission General Electric energy meters. The tool is used by electricity companies, large manufacturers and other types of organizations around the world.

Reid Whiteman, senior vulnerability researcher at Dragos, an industrial cybersecurity company, discovered that GE Communicator was exposed to a total of five vulnerabilities.

Wightman said that flaws could allow an attacker to gain administrator privileges on a workstation running GE Communicator software, but for operation it requires either network access to the workstation (and Windows Firewall settings that allow incoming network connections) or local login to network access system. workstation with normal user rights.

Remote operation from the Internet may also be possible, but unlikely, said Whiteman, because it is workstation software that usually runs on company laptops and laboratory workstations, where services are not provided directly.

One of the vulnerabilities is related to the existence of two backdoor accounts with hard-coded credentials. They can allow an attacker to gain control of the application database, but ICS-CERT says that operation is prevented if the Windows Firewall settings are set to the default.

Another security hole allows a user with non-administrative privileges to put a malicious file in the installation folder, giving him administrator rights during installation or update. Such a flaw allows an attacker with non-administrator privileges to increase privileges by replacing the GE Communicator uninstaller with a malicious file.

According to ICS-CERT, another drawback can be used to control widgets and user interface elements by placing a specially created file in the application’s working directory.

The latter vulnerability relates to a system privilege service that a user with low privileges can use to perform certain administrative actions. An attacker can use this to execute scheduled scripts with administrative privileges. Like the first vulnerability, the exploitation of this vulnerability is prevented if Windows Firewall is enabled with default settings.

Four out of five vulnerabilities were assigned CVSS points, which put them in the “high severity” category. However, Whiteman says he does not consider this problem critical.

“They are typical of engineering software that has not yet undergone a thorough security analysis,” he said. “Most engineering programs in control network systems will have similar problems regardless of vendor.”

GE fixed these vulnerabilities in the release of GE Communicator 4.0.517. Whiteman said it took the company nearly 7 months to fix the flaws.

According to Wightman, organizations can also prevent exploitation by restricting access to TCP ports 1233 (RPC endpoint for the MeterManager scheduler service) and 5433 (database server).

“These services are blocked by default Windows configuration, but engineers may accidentally or intentionally disable the standard Windows firewall,” said Whiteman. “This often happens when troubleshooting communication problems. We recommend that you make sure that these services are limited to both the host firewall and any perimeter firewalls that the utility can run. ”


Similar news


Hundreds of Git Vaults Have Been Hacked

Cybercriminals erase the repositories of GitHub, GitLab and Bitbucket and ask their owners to pay a ransom for data recovery. Vulnerable Git service providers believe that cybercriminals used compromised credentials to access their accounts.

AdBlock Vulnerability Endangers Users

People use ad blockers for a number of reasons. Some block ads because of annoyance or frustration. Others do this to protect their privacy or to keep malicious ads out of the way. Millions did not know that their desire to block content opened the door to cyber attacks.

DoS attack on PLC can disrupt physical processes

The research team has demonstrated an interesting type of denial of service (DoS) attack on programmable logic controllers (PLCs), where network overflows can disrupt the physical process controlled by the device.



SIMONLINE.SU

This is not only a service for receiving and sending SMS messages to virtual numbers, but also a tutorial on user safety in the modern world, the latest developments in IT, social media security, fresh programs and lessons that simplify our lives. So are other issues encountered by the average user. In simple words, each user will find for themselves something interesting or answers to their questions.

SIMonline © 2018 - 2020

All rights reserved