"CISA Warns of Security Flaws in GE Power Management Devices"

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) is warning of critical-severity security flaws in GE’s Universal Relay (UR) family of power management devices.  GE’s UR devices are computing devices that allow users to control the amount of electrical power consumed by various devices. GE has issued patches for the following affected UR device families: B30, B90, C30, C60, C70, C95, D30, D60, F35, F60, G30, G60, L30, L60, L90, M60, N60, T35, and T60.  CISA warned that if not updated, the affected products could be exploited to allow an attacker to access sensitive information, reboot the UR, gain privileged access, or cause a denial-of-service condition.  GE strongly recommends users with impacted firmware versions update their UR devices to UR firmware Version 8.10 or greater to resolve these vulnerabilities.  Overall, nine vulnerabilities were patched across the affected devices. The most serious of these (CVE-2021-27426) has a CVSS score of 9.8 out of 10, making it critical. The flaw stems from insecure default variable initialization. 

Threatpost reports: "CISA Warns of Security Flaws in GE Power Management Devices"