CVE-2020-25197

moderate-risk
Published 2022-03-18

A code injection vulnerability exists in one of the webpages in GE Reason RT430, RT431 & RT434 GNSS clocks in firmware versions prior to version 08A06 that could allow an authenticated remote attacker to execute arbitrary code on the system.

Do I need to act?

~
3.6% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (3)

Rt430 Firmware
Rt431 Firmware
Rt434 Firmware

Affected Vendors

Ge

References (4)

Mitigation https://www.cisa.gov/uscert/ics/advisories/icsa-21-005-03
Permissions Required https://www.gegridsolutions.com/app/DownloadFile.aspx?prod=RT430&type=21&file=5
Mitigation https://www.cisa.gov/uscert/ics/advisories/icsa-21-005-03
Permissions Required https://www.gegridsolutions.com/app/DownloadFile.aspx?prod=RT430&type=21&file=5
48
/ 100
moderate-risk
Severity 32/34 · Critical
Exploitability 7/34 · Low
Exposure 9/34 · Low