CISA has published an advisory on a missing authentication for critical function vulnerability in GE Grid Solutions Reason RT Clocks. For RT430, RT431, and RT434, all firmware versions prior to 08A05 are affected. Successful exploitation of this vulnerability could allow access to sensitive information, execution of arbitrary code, and cause the device to become unresponsive. GE strongly recommends users of time synchronization products update their units to firmware Version 08A05 or greater to resolve these issues. It also recommends a series of mitigation measures. CISA also recommends a series of measures to mitigate the vulnerability. Read the advisory at CISA.
H2Oex: In Person 1 day event/exercise. Thurs Dec 5th. Washington DC. Join us!