Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-27420

GE UR firmware versions prior to version 8.1x web server task does not properly handle receipt of unsupported HTTP verbs, resulting in the web server becoming temporarily unresponsive after receiving a series of unsupported HTTP requests. When unresponsive, the web server is inaccessible. By itself, this is not particularly significant as the relay remains effective in all other functionality and communication channels.

Published

2022-03-23T20:15:08.310

Last Modified

2024-11-21T05:57:57.210

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.3 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

2.9

Weaknesses

Type: Secondary
CWE-20
Type: Primary
CWE-20

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	ge	multilin_b30_firmware	< 8.10	Yes
Hardware	ge	multilin_b30	-	No
Operating System	ge	multilin_b90_firmware	< 8.10	Yes
Hardware	ge	multilin_b90	-	No
Operating System	ge	multilin_c60_firmware	< 8.10	Yes
Hardware	ge	multilin_c60	-	No
Operating System	ge	multilin_c70_firmware	< 8.10	Yes
Hardware	ge	multilin_c70	-	No
Operating System	ge	multilin_c95_firmware	< 8.10	Yes
Hardware	ge	multilin_c95	-	No
Operating System	ge	multilin_d30_firmware	< 8.10	Yes
Hardware	ge	multilin_d30	-	No
Operating System	ge	multilin_d60_firmware	< 8.10	Yes
Hardware	ge	multilin_d60	-	No
Operating System	ge	multilin_f35_firmware	< 8.10	Yes
Hardware	ge	multilin_f35	-	No
Operating System	ge	multilin_f60_firmware	< 8.10	Yes
Hardware	ge	multilin_f60	-	No
Operating System	ge	multilin_g30_firmware	< 8.10	Yes
Hardware	ge	multilin_g30	-	No
Operating System	ge	multilin_g60_firmware	< 8.10	Yes
Hardware	ge	multilin_g60	-	No
Operating System	ge	multilin_l30_firmware	< 8.10	Yes
Hardware	ge	multilin_l30	-	No
Operating System	ge	multilin_l60_firmware	< 8.10	Yes
Hardware	ge	multilin_l60	-	No
Operating System	ge	multilin_l90_firmware	< 8.10	Yes
Hardware	ge	multilin_l90	-	No
Operating System	ge	multilin_m60_firmware	< 8.10	Yes
Hardware	ge	multilin_m60	-	No
Operating System	ge	multilin_n60_firmware	< 8.10	Yes
Hardware	ge	multilin_n60	-	No
Operating System	ge	multilin_t35_firmware	< 8.10	Yes
Hardware	ge	multilin_t35	-	No
Operating System	ge	multilin_t60_firmware	< 8.10	Yes
Hardware	ge	multilin_t60	-	No
Operating System	ge	multilin_c30_firmware	< 8.10	Yes
Hardware	ge	multilin_c30	-	No

References

https://www.cisa.gov/uscert/ics/advisories/icsa-21-075-02 Mitigation, Third Party Advisory, US Government Resource ([email protected])
https://www.gegridsolutions.com/Passport/Login.aspx Permissions Required, Vendor Advisory ([email protected])
https://www.cisa.gov/uscert/ics/advisories/icsa-21-075-02 Mitigation, Third Party Advisory, US Government Resource (af854a3a-2127-422b-91ae-364da2661108)
https://www.gegridsolutions.com/Passport/Login.aspx Permissions Required, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)