QID 591350

Date Published: 2023-02-17

QID 591350: General Electric D20MX Open Secure Sockets Layer (OpenSSL) Multiple Vulnerabilities (PRSN-0006)

AFFECTED PRODUCTS
D20MX's with firmware versions v1.00, v1.10, v1.20, v1.21, v1.30, v1.31, v1.32, v1.33, v1.40, v1.50, v1.51, v1.60, v1.61 and v1.62.

QID Detection Logic:
This QID checks for the Vulnerable version of General Electric D20MX using passive scanning

The D20MX Substation Gateway is a specialized computing platform which executes communications and energy management applications for monitoring and control of electrical substations. The D20MX is capable of consolidating data from multiple slave devices connected through communication channels (DCA: Data Collection Applications) and D20 Input / Output Modules in a single database. The D20MX can execute local logic, aggregate data, process data through one of multiple applications (DTA: Data Translation Applications) and report data upstream to master stations through different server protocols (DPA: Data Processing Applications).

  • CVSS V3 rated as High - 7.4 severity.
  • CVSS V2 rated as Critical - 9.3 severity.
    • Solution

    Customers are advised to refer to CERT MITIGATIONS section PRSN-0006 for affected packages and patching details.

    Vendor References

    CVEs related to QID 591350

    CVE-2017-3735 | CVE-2014-3566 | CVE-2014-3508 | CVE-2014-3470 | CVE-2014-0224 | CVE-2014-0076 | CVE-2013-0169 | CVE-2012-2333 | CVE-2012-2110 | CVE-2011-4576 | CVE-2011-4109 |
    Software Advisories
    Advisory ID Software Component Link
    PRSN-0006 URL Logo www.gegridsolutions.com/app/DownloadFile.aspx?prod=d20mx&type=21&file=195
    By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].