5.3

CVE-2021-27420

GE UR firmware versions prior to version 8.1x web server task does not properly handle receipt of unsupported HTTP verbs, resulting in the web server becoming temporarily unresponsive after receiving a series of unsupported HTTP requests. When unresponsive, the web server is inaccessible. By itself, this is not particularly significant as the relay remains effective in all other functionality and communication channels.

Data is provided by the National Vulnerability Database (NVD)
GeMultilin B30 Firmware Version < 8.10
   GeMultilin B30 Version-
GeMultilin B90 Firmware Version < 8.10
   GeMultilin B90 Version-
GeMultilin C60 Firmware Version < 8.10
   GeMultilin C60 Version-
GeMultilin C70 Firmware Version < 8.10
   GeMultilin C70 Version-
GeMultilin C95 Firmware Version < 8.10
   GeMultilin C95 Version-
GeMultilin D30 Firmware Version < 8.10
   GeMultilin D30 Version-
GeMultilin D60 Firmware Version < 8.10
   GeMultilin D60 Version-
GeMultilin F35 Firmware Version < 8.10
   GeMultilin F35 Version-
GeMultilin F60 Firmware Version < 8.10
   GeMultilin F60 Version-
GeMultilin G30 Firmware Version < 8.10
   GeMultilin G30 Version-
GeMultilin G60 Firmware Version < 8.10
   GeMultilin G60 Version-
GeMultilin L30 Firmware Version < 8.10
   GeMultilin L30 Version-
GeMultilin L60 Firmware Version < 8.10
   GeMultilin L60 Version-
GeMultilin L90 Firmware Version < 8.10
   GeMultilin L90 Version-
GeMultilin M60 Firmware Version < 8.10
   GeMultilin M60 Version-
GeMultilin N60 Firmware Version < 8.10
   GeMultilin N60 Version-
GeMultilin T35 Firmware Version < 8.10
   GeMultilin T35 Version-
GeMultilin T60 Firmware Version < 8.10
   GeMultilin T60 Version-
GeMultilin C30 Firmware Version < 8.10
   GeMultilin C30 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.22% 0.443
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
ics-cert@hq.dhs.gov 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://www.cisa.gov/uscert/ics/advisories/icsa-21-075-02
Third Party Advisory
US Government Resource
Mitigation
https://www.gegridsolutions.com/Passport/Login.aspx
Vendor Advisory
Permissions Required