CVE-2020-12017
published 2020-06-02CVE-2020-12017: GE Grid Solutions Reason RT Clocks, RT430, RT431, and RT434, all firmware versions prior to 08A05. The device’s vulnerability in the web application could…
PriorityP271critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
2.33%
81.4th percentile
GE Grid Solutions Reason RT Clocks, RT430, RT431, and RT434, all firmware versions prior to 08A05. The device’s vulnerability in the web application could allow multiple unauthenticated attacks that could cause serious impact. The vulnerability may allow an unauthenticated attacker to execute arbitrary commands and send a request to a specific URL that could cause the device to become unresponsive. The unauthenticated attacker may change the password of the 'configuration' user account, allowing the attacker to modify the configuration of the device via the web interface using the new password. This vulnerability may also allow an unauthenticated attacker to bypass the authentication required to configure the device and reboot the system.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ge | rt430_firmware | < 08a05 | 08a05 |
| ge | rt431_firmware | < 08a05 | 08a05 |
| ge | rt434_firmware | < 08a05 | 08a05 |
Detection & IOCsextracted from sources · hover to see the quote
- →Block TCP/IP port 80 (HTTP) to prevent unauthenticated access to the RT clock web interface, which is the attack surface for CVE-2020-12017. ↗
- →Block TCP/IP port 443 (HTTPS) to prevent unauthenticated access to the RT clock web interface, which is the attack surface for CVE-2020-12017. ↗
- →Monitor for unauthenticated requests to specific URLs on GE RT430/RT431/RT434 web interfaces that may trigger device unresponsiveness or password changes for the 'configuration' user account. ↗
- →Alert on unexpected HTTP/HTTPS traffic originating from adjacent network segments targeting GE Reason RT clock devices (CVSS attack vector is adjacent network, AV:A). ↗
- →Analyze security events to allow early detection of unexpected traffic/communication targeting GE Reason RT clock devices on the local network. ↗
- ·The vulnerability affects GE RT430, RT431, and RT434 running firmware versions prior to 08A05 only; devices updated to 08A05 or greater are not affected. ↗
- ·No known public exploits specifically target this vulnerability at the time of advisory publication, reducing immediate exploitation risk but not eliminating it. ↗
- ·The attack vector is adjacent network (AV:A), meaning exploitation requires the attacker to be on the same local network segment as the affected device — remote internet-based exploitation is not directly possible without prior network access. ↗
- ·Port blocking of TCP 80/443 should be scoped to the specific Ethernet interface where the RT clock is connected (e.g., via ACL) to avoid disrupting other HTTP/HTTPS applications on the network. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.09.0CRITICALAV:N/AC:L/Au:N/C:P/I:P/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
GE Grid Solutions Reason RT Clocks
cisa_ics·2020-06-02·CVSS 9.8
[CRITICAL] GE Grid Solutions Reason RT Clocks
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
GE Grid Solutions Reason RT Clocks
Last RevisedJune 02, 2020
Alert CodeICSA-20-154-05
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.6
- ATTENTION: Low skill level to exploit/exploitable remotely
- Vendor: GE
- Equipment: Grid Solutions Reason RT Clocks
- Vulnerability: Missing Authentication for Critical Function
## 2. RISK EVALUATION
Successful exploitation of this vulnerability could allow access to sensitive information, execution of arbitrary code, and cause the device to become unresponsive.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following versions of Grid Solu
GHSA
GHSA-29xh-89xf-762p: GE Grid Solutions Reason RT Clocks, RT430, RT431, and RT434, all firmware versions prior to 08A05
ghsa_unreviewed·2022-05-24
CVE-2020-12017 [HIGH] GHSA-29xh-89xf-762p: GE Grid Solutions Reason RT Clocks, RT430, RT431, and RT434, all firmware versions prior to 08A05
GE Grid Solutions Reason RT Clocks, RT430, RT431, and RT434, all firmware versions prior to 08A05. The device’s vulnerability in the web application could allow multiple unauthenticated attacks that could cause serious impact. The vulnerability may allow an unauthenticated attacker to execute arbitrary commands and send a request to a specific URL that could cause the device to become unresponsive. The unauthenticated attacker may change the password of the 'configuration' user account, allowing the attacker to modify the configuration of the device via the web interface using the new password. This vulnerability may also allow an unauthenticated attacker to bypass the authentication required to configure the device and reboot the system.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2020-06-02
Published