CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2020-25193 – GE Reason RT43X Clocks Use of Hard-coded Cryptographic Key
https://notcve.org/view.php?id=CVE-2020-25193
18 Mar 2022 — By having access to the hard-coded cryptographic key for GE Reason RT430, RT431 & RT434 GNSS clocks in firmware versions prior to version 08A06, attackers would be able to intercept and decrypt encrypted traffic through an HTTPS connection. Al tener acceso a la clave criptográfica embebida para los relojes GNSS GE Reason RT430, RT431 y RT434 en versiones de firmware anteriores a 08A06, los atacantes podrían interceptar y descifrar el tráfico cifrado mediante una conexión HTTPS • https://www.cisa.gov/uscert/ics/advisories/icsa-21-005-03 • CWE-321: Use of Hard-coded Cryptographic Key CWE-798: Use of Hard-coded Credentials •
CVSS: 9.8EPSS: 5%CPEs: 6EXPL: 0CVE-2020-25197 – GE Reason RT43X Clocks Code Injection
https://notcve.org/view.php?id=CVE-2020-25197
18 Mar 2022 — A code injection vulnerability exists in one of the webpages in GE Reason RT430, RT431 & RT434 GNSS clocks in firmware versions prior to version 08A06 that could allow an authenticated remote attacker to execute arbitrary code on the system. Se presenta una vulnerabilidad de inyección de código en una de las páginas web de los relojes GNSS GE Reason RT430, RT431 y RT434 en versiones de firmware anteriores a 08A06, que podría permitir a un atacante remoto autenticado ejecutar código arbitrario en el sistema • https://www.cisa.gov/uscert/ics/advisories/icsa-21-005-03 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2020-12017
https://notcve.org/view.php?id=CVE-2020-12017
02 Jun 2020 — GE Grid Solutions Reason RT Clocks, RT430, RT431, and RT434, all firmware versions prior to 08A05. The device’s vulnerability in the web application could allow multiple unauthenticated attacks that could cause serious impact. The vulnerability may allow an unauthenticated attacker to execute arbitrary commands and send a request to a specific URL that could cause the device to become unresponsive. The unauthenticated attacker may change the password of the 'configuration' user account, allowing the attacke... • https://www.us-cert.gov/ics/advisories/icsa-20-154-05 • CWE-306: Missing Authentication for Critical Function •