CVE-2018-5473

Vulnerability

A stack-based buffer overflow vulnerability exists in the SSH functions of GE D60 Line Distance Relay devices running firmware Version 7.11 and prior [1]. This is an improper restriction of operations within the bounds of a memory buffer. The vulnerability resides in the SSH service and can be triggered without authentication.

Exploitation

An attacker can exploit this vulnerability remotely over the network. No authentication or user interaction is required, and the skill level needed is low [1]. The attacker sends specially crafted input to the SSH service, causing a buffer overflow that overwrites memory.

Impact

Successful exploitation allows a remote attacker to execute arbitrary code on the device [1]. This could lead to full compromise of the relay, potentially disrupting power system operations and enabling further attacks on the control network.

Mitigation

GE has released a firmware update that addresses the vulnerability. The latest firmware can be obtained from GE's website (authentication required) [1]. Until patching is possible, organizations should minimize network exposure, place the device behind firewalls, and isolate it from the business network. Use VPNs for remote access and apply defense-in-depth strategies as recommended by CISA [1]. No workaround exists other than limiting network access.