The US Cybersecurity and Infrastructure Security Agency has warned of critical severity flaws that lie within General Electric’s Universal Relay power management devices. The flaws could allow for denial-of-service attacks, allow an attacker to access unauthorized sensitive information, reboot the Universal Relay, and gain privileged access. The CISA stated that the affected products should be updated immediately to mitigate any risks of exploitation.
The computing devices allow for switches between various power modes, according to the advisory. Each of the distinct device families has its own power usage characteristics. GE has issued patches for over a dozen different affected UR device families, urging customers to update their devices as soon as possible. The impacts of these flaws could be heightened due to the fact that the products control the flow and direction of electrical power.