CVE-2021-31477 – This vulnerability allows remote attackers to e... (How to Fix)

Q: What is the severity of CVE-2021-31477?

CVE-2021-31477 has a CVSS score of 7.3 (HIGH). This vulnerability allows remote attackers to execute arbitrary code on GE Reason RPV311 14A03 devices without authentication. The firmware contains hard-coded default credentials that can be leveraged to gain code execution as the download user. All installations using affected firmware versions are vulnerable.

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary code on GE Reason RPV311 14A03 devices without authentication. The firmware contains hard-coded default credentials that can be leveraged to gain code execution as the download user. All installations using affected firmware versions are vulnerable.

💻 Affected Systems

Products:

GE Reason RPV311 14A03

Versions: All versions prior to firmware update addressing CVE-2021-31477

Operating Systems: Embedded firmware

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability exists in the firmware and filesystem with hard-coded credentials that cannot be changed by users.

📦 What is this software?

Reason Rpv311 Firmware by Ge

View all CVEs affecting Reason Rpv311 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the device allowing attackers to execute arbitrary code, potentially disrupting industrial operations, modifying device behavior, or using the device as an entry point into industrial control networks.

🟠

Likely Case

Unauthorized access to the device leading to configuration changes, data exfiltration, or use as a pivot point within industrial networks.

🟢

If Mitigated

Limited impact if devices are behind firewalls with strict network segmentation and access controls, though the vulnerability remains present.

🌐 Internet-Facing: HIGH - No authentication required and remote exploitation possible makes internet-facing devices extremely vulnerable.

🏢 Internal Only: HIGH - Even internally, the lack of authentication requirement makes these devices vulnerable to any internal threat actor or compromised system.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability requires no authentication and leverages known hard-coded credentials, making exploitation straightforward for attackers with network access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Firmware update addressing CVE-2021-31477 (specific version not specified in references)

Vendor Advisory: https://www.gegridsolutions.com/products/support/GES-2021-005%20-%20RPV311%20Security%20Notice.pdf

Restart Required: Yes

Instructions:

1. Download the firmware update from GE Grid Solutions support portal. 2. Follow GE's firmware update procedure for RPV311 devices. 3. Verify the update was successful and credentials are no longer hard-coded.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate RPV311 devices from untrusted networks using firewalls and network segmentation

Access Control Lists

all

Implement strict network access controls to limit which systems can communicate with RPV311 devices

🧯 If You Can't Patch

Segment devices on isolated VLANs with strict firewall rules allowing only necessary industrial protocols
Implement network monitoring and intrusion detection specifically for traffic to/from RPV311 devices

🔍 How to Verify

Check if Vulnerable:

Check firmware version against GE's security advisory and attempt to authenticate using known hard-coded credentials if permitted by security policy

Check Version:

Check device firmware version through the RPV311 web interface or management console

Verify Fix Applied:

Verify firmware version has been updated to the patched version and test that hard-coded credentials no longer work

📡 Detection & Monitoring

Log Indicators:

Failed authentication attempts followed by successful login
Unusual login patterns or source IPs
Configuration changes from unexpected sources

Network Indicators:

Network traffic to RPV311 devices from unexpected sources
Protocol anomalies in industrial communication

SIEM Query:

source_ip IN (RPV311_DEVICES) AND (event_type="authentication" AND result="success") AND user="download"

📊 Metadata

CVE ID: CVE-2021-31477

CVSS v3 Score: 7.3 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-798

Published: June 16, 2021

Last Updated: November 21, 2024

🔗 References

https://www.gegridsolutions.com/products/support/GES-2021-005%20-%20RPV311%20Security%20Notice.pdf Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-21-616/ Third Party Advisory,VDB Entry
https://www.gegridsolutions.com/products/support/GES-2021-005%20-%20RPV311%20Security%20Notice.pdf Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-21-616/ Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-31477, you might also want to check these: