CVE-2018-5475

Vulnerability

GE D60 Line Distance Relay devices running firmware Version 7.11 and prior contain multiple stack-based buffer overflow vulnerabilities [1]. These flaws reside in the device's handling of network communications, allowing memory corruption when processing specially crafted packets [1].

Exploitation

An attacker can exploit these vulnerabilities remotely without authentication, requiring low skill level [1]. The exact sequence of steps is not detailed in the advisory, but the vulnerability is remotely exploitable over the network, likely by sending malformed packets to the relay [1].

Impact

Successful exploitation could allow remote code execution on the device, potentially leading to full compromise of the relay [1]. This could enable an attacker to disrupt protective relaying functions, cause denial of service, or gain persistent access to the power grid control network [1].

Mitigation

GE has released firmware updates that address the vulnerabilities. The latest firmware can be obtained from the GE Grid Solutions website (authentication required) [1]. CISA recommends minimizing network exposure for all control system devices, locating them behind firewalls, and using secure remote access methods such as VPNs [1]. Organizations should perform impact analysis and risk assessment before deploying defensive measures [1].