Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-27428

GE UR IED firmware versions prior to version 8.1x supports upgrading firmware using UR Setup configuration tool – Enervista UR Setup. This UR Setup tool validates the authenticity and integrity of firmware file before uploading the UR IED. An illegitimate user could upgrade firmware without appropriate privileges. The weakness is assessed, and mitigation is implemented in firmware Version 8.10.

Published

2022-03-23T20:15:08.527

Last Modified

2024-11-21T05:57:58.207

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

6.4

Weaknesses

Type: Secondary
CWE-434
Type: Primary
CWE-434

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	ge	multilin_b30_firmware	< 8.10	Yes
Hardware	ge	multilin_b30	-	No
Operating System	ge	multilin_b90_firmware	< 8.10	Yes
Hardware	ge	multilin_b90	-	No
Operating System	ge	multilin_c60_firmware	< 8.10	Yes
Hardware	ge	multilin_c60	-	No
Operating System	ge	multilin_c70_firmware	< 8.10	Yes
Hardware	ge	multilin_c70	-	No
Operating System	ge	multilin_c95_firmware	< 8.10	Yes
Hardware	ge	multilin_c95	-	No
Operating System	ge	multilin_d30_firmware	< 8.10	Yes
Hardware	ge	multilin_d30	-	No
Operating System	ge	multilin_d60_firmware	< 8.10	Yes
Hardware	ge	multilin_d60	-	No
Operating System	ge	multilin_f35_firmware	< 8.10	Yes
Hardware	ge	multilin_f35	-	No
Operating System	ge	multilin_f60_firmware	< 8.10	Yes
Hardware	ge	multilin_f60	-	No
Operating System	ge	multilin_g30_firmware	< 8.10	Yes
Hardware	ge	multilin_g30	-	No
Operating System	ge	multilin_g60_firmware	< 8.10	Yes
Hardware	ge	multilin_g60	-	No
Operating System	ge	multilin_l30_firmware	< 8.10	Yes
Hardware	ge	multilin_l30	-	No
Operating System	ge	multilin_l60_firmware	< 8.10	Yes
Hardware	ge	multilin_l60	-	No
Operating System	ge	multilin_l90_firmware	< 8.10	Yes
Hardware	ge	multilin_l90	-	No
Operating System	ge	multilin_m60_firmware	< 8.10	Yes
Hardware	ge	multilin_m60	-	No
Operating System	ge	multilin_n60_firmware	< 8.10	Yes
Hardware	ge	multilin_n60	-	No
Operating System	ge	multilin_t35_firmware	< 8.10	Yes
Hardware	ge	multilin_t35	-	No
Operating System	ge	multilin_t60_firmware	< 8.10	Yes
Hardware	ge	multilin_t60	-	No
Operating System	ge	multilin_c30_firmware	< 8.10	Yes
Hardware	ge	multilin_c30	-	No

References

https://www.cisa.gov/uscert/ics/advisories/icsa-21-075-02 Mitigation, Third Party Advisory, US Government Resource ([email protected])
https://www.gegridsolutions.com/Passport/Login.aspx Permissions Required, Vendor Advisory ([email protected])
https://www.cisa.gov/uscert/ics/advisories/icsa-21-075-02 Mitigation, Third Party Advisory, US Government Resource (af854a3a-2127-422b-91ae-364da2661108)
https://www.gegridsolutions.com/Passport/Login.aspx Permissions Required, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)