cbcvebase.
CVE-2020-12017
published 2020-06-02

CVE-2020-12017: GE Grid Solutions Reason RT Clocks, RT430, RT431, and RT434, all firmware versions prior to 08A05. The device’s vulnerability in the web application could…

PriorityP271critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
2.33%
81.4th percentile
GE Grid Solutions Reason RT Clocks, RT430, RT431, and RT434, all firmware versions prior to 08A05. The device’s vulnerability in the web application could allow multiple unauthenticated attacks that could cause serious impact. The vulnerability may allow an unauthenticated attacker to execute arbitrary commands and send a request to a specific URL that could cause the device to become unresponsive. The unauthenticated attacker may change the password of the 'configuration' user account, allowing the attacker to modify the configuration of the device via the web interface using the new password. This vulnerability may also allow an unauthenticated attacker to bypass the authentication required to configure the device and reboot the system.

Affected

3 ranges
VendorProductVersion rangeFixed in
gert430_firmware< 08a0508a05
gert431_firmware< 08a0508a05
gert434_firmware< 08a0508a05

Detection & IOCsextracted from sources · hover to see the quote

  • Block TCP/IP port 80 (HTTP) to prevent unauthenticated access to the RT clock web interface, which is the attack surface for CVE-2020-12017.
  • Block TCP/IP port 443 (HTTPS) to prevent unauthenticated access to the RT clock web interface, which is the attack surface for CVE-2020-12017.
  • Monitor for unauthenticated requests to specific URLs on GE RT430/RT431/RT434 web interfaces that may trigger device unresponsiveness or password changes for the 'configuration' user account.
  • Alert on unexpected HTTP/HTTPS traffic originating from adjacent network segments targeting GE Reason RT clock devices (CVSS attack vector is adjacent network, AV:A).
  • Analyze security events to allow early detection of unexpected traffic/communication targeting GE Reason RT clock devices on the local network.
  • ·The vulnerability affects GE RT430, RT431, and RT434 running firmware versions prior to 08A05 only; devices updated to 08A05 or greater are not affected.
  • ·No known public exploits specifically target this vulnerability at the time of advisory publication, reducing immediate exploitation risk but not eliminating it.
  • ·The attack vector is adjacent network (AV:A), meaning exploitation requires the attacker to be on the same local network segment as the affected device — remote internet-based exploitation is not directly possible without prior network access.
  • ·Port blocking of TCP 80/443 should be scoped to the specific Ethernet interface where the RT clock is connected (e.g., via ACL) to avoid disrupting other HTTP/HTTPS applications on the network.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.09.0CRITICALAV:N/AC:L/Au:N/C:P/I:P/A:C
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.