CVE-2020-12017

Name of the Vulnerable Software and Affected Versions GE Grid Solutions Reason RT Clocks versions prior to 08A05 GE Grid Solutions RT430 versions prior to 08A05 GE Grid Solutions RT431 versions prior to 08A05 GE Grid Solutions RT434 versions prior to 08A05

Description The device's web application contains a vulnerability that could allow multiple unauthenticated attacks, potentially causing serious impact. An unauthenticated attacker may execute arbitrary commands, send a request to a specific URL to make the device unresponsive, change the password of the configuration user account to modify the device's configuration via the web interface, and bypass authentication required to configure the device and reboot the system.

Recommendations For GE Grid Solutions Reason RT Clocks, RT430, RT431, and RT434 versions prior to 08A05, update the firmware to version 08A05 or later to resolve the issue. As a temporary workaround, consider restricting access to the web interface to minimize the risk of exploitation. Avoid using the web interface for configuration changes until the issue is resolved.