7.5

CVE-2021-27422

GE UR firmware versions prior to version 8.1x web server interface is supported on UR over HTTP protocol. It allows sensitive information exposure without authentication.

Data is provided by the National Vulnerability Database (NVD)
GeMultilin B30 Firmware Version < 8.10
   GeMultilin B30 Version-
GeMultilin B90 Firmware Version < 8.10
   GeMultilin B90 Version-
GeMultilin C60 Firmware Version < 8.10
   GeMultilin C60 Version-
GeMultilin C70 Firmware Version < 8.10
   GeMultilin C70 Version-
GeMultilin C95 Firmware Version < 8.10
   GeMultilin C95 Version-
GeMultilin D30 Firmware Version < 8.10
   GeMultilin D30 Version-
GeMultilin D60 Firmware Version < 8.10
   GeMultilin D60 Version-
GeMultilin F35 Firmware Version < 8.10
   GeMultilin F35 Version-
GeMultilin F60 Firmware Version < 8.10
   GeMultilin F60 Version-
GeMultilin G30 Firmware Version < 8.10
   GeMultilin G30 Version-
GeMultilin G60 Firmware Version < 8.10
   GeMultilin G60 Version-
GeMultilin L30 Firmware Version < 8.10
   GeMultilin L30 Version-
GeMultilin L60 Firmware Version < 8.10
   GeMultilin L60 Version-
GeMultilin L90 Firmware Version < 8.10
   GeMultilin L90 Version-
GeMultilin M60 Firmware Version < 8.10
   GeMultilin M60 Version-
GeMultilin N60 Firmware Version < 8.10
   GeMultilin N60 Version-
GeMultilin T35 Firmware Version < 8.10
   GeMultilin T35 Version-
GeMultilin T60 Firmware Version < 8.10
   GeMultilin T60 Version-
GeMultilin C30 Firmware Version < 8.10
   GeMultilin C30 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.1% 0.284
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
ics-cert@hq.dhs.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

CWE-319 Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

https://www.cisa.gov/uscert/ics/advisories/icsa-21-075-02
Third Party Advisory
US Government Resource
Mitigation
https://www.gegridsolutions.com/Passport/Login.aspx
Vendor Advisory
Permissions Required