// For flags

CVE-2020-25193

GE Reason RT43X Clocks Use of Hard-coded Cryptographic Key

Severity Score

5.3
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

By having access to the hard-coded cryptographic key for GE Reason RT430, RT431 & RT434 GNSS clocks in firmware versions prior to version 08A06, attackers would be able to intercept and decrypt encrypted traffic through an HTTPS connection.

Al tener acceso a la clave criptográfica embebida para los relojes GNSS GE Reason RT430, RT431 y RT434 en versiones de firmware anteriores a 08A06, los atacantes podrían interceptar y descifrar el tráfico cifrado mediante una conexión HTTPS

*Credits: Tom Westenberg of Thales UK reported these vulnerabilities to GE.
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2020-09-04 CVE Reserved
  • 2022-03-18 CVE Published
  • 2024-08-04 CVE Updated
  • 2024-12-17 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-321: Use of Hard-coded Cryptographic Key
  • CWE-798: Use of Hard-coded Credentials
CAPEC
References (1)
URL Tag Source
https://www.cisa.gov/uscert/ics/advisories/icsa-21-005-03 Mitigation
URL Date SRC
URL Date SRC
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Ge
Search vendor "Ge"
 Rt430 Firmware
Search vendor "Ge" for product "Rt430 Firmware"
 < 08a06
Search vendor "Ge" for product "Rt430 Firmware" and version " < 08a06"
-
Affected
in Ge
Search vendor "Ge"
 Rt430
Search vendor "Ge" for product "Rt430"
--
Safe
Ge
Search vendor "Ge"
 Rt431 Firmware
Search vendor "Ge" for product "Rt431 Firmware"
 < 08a06
Search vendor "Ge" for product "Rt431 Firmware" and version " < 08a06"
-
Affected
in Ge
Search vendor "Ge"
 Rt431
Search vendor "Ge" for product "Rt431"
--
Safe
Ge
Search vendor "Ge"
 Rt434 Firmware
Search vendor "Ge" for product "Rt434 Firmware"
 < 08a06
Search vendor "Ge" for product "Rt434 Firmware" and version " < 08a06"
-
Affected
in Ge
Search vendor "Ge"
 Rt434
Search vendor "Ge" for product "Rt434"
--
Safe