Critical severity9.8NVD Advisory· Published Jun 30, 2017· Updated May 13, 2026

CVE-2017-7905

Description

A Weak Cryptography for Passwords issue was discovered in General Electric (GE) Multilin SR 750 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 760 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 469 Motor Protection Relay, firmware versions prior to Version 5.23; SR 489 Generator Protection Relay, firmware versions prior to Version 4.06; SR 745 Transformer Protection Relay, firmware versions prior to Version 5.23; SR 369 Motor Protection Relay, all firmware versions; Multilin Universal Relay, firmware Version 6.0 and prior versions; and Multilin URplus (D90, C90, B95), all versions. Ciphertext versions of user passwords were created with a non-random initialization vector leaving them susceptible to dictionary attacks. Ciphertext of user passwords can be obtained from the front LCD panel of affected products and through issued Modbus commands.

Affected products

Ge/Multilin Sr 369 Motor Protection Relay Firmware
cpe:2.3:o:ge:multilin_sr_369_motor_protection_relay_firmware:-:*:*:*:*:*:*:*
Ge/Multilin Sr 469 Motor Protection Relay Firmware
cpe:2.3:o:ge:multilin_sr_469_motor_protection_relay_firmware:*:*:*:*:*:*:*:*
Range: <=2.90
Ge/Multilin Sr 489 Generator Protection Relay Firmware
cpe:2.3:o:ge:multilin_sr_489_generator_protection_relay_firmware:*:*:*:*:*:*:*:*
Range: <=1.53
Ge/Multilin Sr 745 Transformer Protection Relay Firmware
cpe:2.3:o:ge:multilin_sr_745_transformer_protection_relay_firmware:*:*:*:*:*:*:*:*
Range: <=2.85
Ge/Multilin Sr 750 Feeder Protection Relay Firmware
cpe:2.3:o:ge:multilin_sr_750_feeder_protection_relay_firmware:*:*:*:*:*:*:*:*
Range: <=5.02
Ge/Multilin Sr 760 Feeder Protection Relay Firmware
cpe:2.3:o:ge:multilin_sr_760_feeder_protection_relay_firmware:*:*:*:*:*:*:*:*
Range: <=5.02
Ge/Multilin Universal Relay Firmware
cpe:2.3:o:ge:multilin_universal_relay_firmware:*:*:*:*:*:*:*:*
Range: <=6.0
Ge/Multilin Urplus B95 Firmware
cpe:2.3:o:ge:multilin_urplus_b95_firmware:-:*:*:*:*:*:*:*
Ge/Multilin Urplus C90 Firmware
cpe:2.3:o:ge:multilin_urplus_c90_firmware:-:*:*:*:*:*:*:*
Ge/Multilin Urplus D90 Firmware
cpe:2.3:o:ge:multilin_urplus_d90_firmware:-:*:*:*:*:*:*:*
N/a/Ge Multilin Sr, Ur, And Urplus Protective Relaysv5
Range: GE Multilin SR, UR, and URplus Protective Relays

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

ics-cert.us-cert.gov/advisories/ICSA-17-117-01AnvdPatchThird Party AdvisoryUS Government Resource
www.securityfocus.com/bid/98063nvdThird Party AdvisoryVDB Entry

News mentions

No linked articles in our index yet.

cvss	0.637
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000