5.3

CVE-2021-27424

GE UR firmware versions prior to version 8.1x shares MODBUS memory map as part of the communications guide. GE was made aware a “Last-key pressed” MODBUS register can be used to gain unauthorized information.

Data is provided by the National Vulnerability Database (NVD)
GeMultilin B30 Firmware Version < 8.10
   GeMultilin B30 Version-
GeMultilin B90 Firmware Version < 8.10
   GeMultilin B90 Version-
GeMultilin C60 Firmware Version < 8.10
   GeMultilin C60 Version-
GeMultilin C70 Firmware Version < 8.10
   GeMultilin C70 Version-
GeMultilin C95 Firmware Version < 8.10
   GeMultilin C95 Version-
GeMultilin D30 Firmware Version < 8.10
   GeMultilin D30 Version-
GeMultilin D60 Firmware Version < 8.10
   GeMultilin D60 Version-
GeMultilin F35 Firmware Version < 8.10
   GeMultilin F35 Version-
GeMultilin F60 Firmware Version < 8.10
   GeMultilin F60 Version-
GeMultilin G30 Firmware Version < 8.10
   GeMultilin G30 Version-
GeMultilin G60 Firmware Version < 8.10
   GeMultilin G60 Version-
GeMultilin L30 Firmware Version < 8.10
   GeMultilin L30 Version-
GeMultilin L60 Firmware Version < 8.10
   GeMultilin L60 Version-
GeMultilin L90 Firmware Version < 8.10
   GeMultilin L90 Version-
GeMultilin M60 Firmware Version < 8.10
   GeMultilin M60 Version-
GeMultilin N60 Firmware Version < 8.10
   GeMultilin N60 Version-
GeMultilin T35 Firmware Version < 8.10
   GeMultilin T35 Version-
GeMultilin T60 Firmware Version < 8.10
   GeMultilin T60 Version-
GeMultilin C30 Firmware Version < 8.10
   GeMultilin C30 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.19% 0.416
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
ics-cert@hq.dhs.gov 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

CWE-668 Exposure of Resource to Wrong Sphere

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

https://www.cisa.gov/uscert/ics/advisories/icsa-21-075-02
Third Party Advisory
US Government Resource
Mitigation
https://www.gegridsolutions.com/Passport/Login.aspx
Vendor Advisory
Permissions Required