Quote:The U.S. Cybersecurity & Infrastructure Security Agency (CISA) is warning of critical-severity security flaws in GE’s Universal Relay (UR) family of power management devices.
GE’s UR devices are the “basis of simplified power management for the protection of critical assets,” according to the company. These are computing devices that allow users to control the amount of electrical power consumed by various device. The UR devices allow the underlying devices to switch into various power modes (each having various power usage characteristics). GE has issued patches for the following affected UR device families: B30, B90, C30, C60, C70, C95, D30, D60, F35, F60, G30, G60, L30, L60, L90, M60, N60, T35 and T60.
CISA warned that if not updated, the affected products could be exploited to allow an attacker to access sensitive information, reboot the UR, gain privileged access, or cause a denial-of-service condition.
Given that the devices control the flow and direction of electrical power, the impact of these flaws is heightened: “GE strongly recommends users with impacted firmware versions update their UR devices to UR firmware Version 8.10, or greater to resolve these vulnerabilities,” according to CISA’s alert last week.
Read more: CISA Warns of Security Flaws in GE Power Management Devices | Threatpost
![[-]](https://www.geeks.fyi/images/collapse.png)
