5.3

CVE-2021-27424

GE UR family exposure of sensitive information to an unauthorized actor

GE UR firmware versions prior to version 8.1x shares MODBUS memory map as part of the communications guide. GE was made aware a “Last-key pressed” MODBUS register can be used to gain unauthorized information.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GeMultilin B30 Firmware Version < 8.10
   GeMultilin B30 Version-
GeMultilin B90 Firmware Version < 8.10
   GeMultilin B90 Version-
GeMultilin C60 Firmware Version < 8.10
   GeMultilin C60 Version-
GeMultilin C70 Firmware Version < 8.10
   GeMultilin C70 Version-
GeMultilin C95 Firmware Version < 8.10
   GeMultilin C95 Version-
GeMultilin D30 Firmware Version < 8.10
   GeMultilin D30 Version-
GeMultilin D60 Firmware Version < 8.10
   GeMultilin D60 Version-
GeMultilin F35 Firmware Version < 8.10
   GeMultilin F35 Version-
GeMultilin F60 Firmware Version < 8.10
   GeMultilin F60 Version-
GeMultilin G30 Firmware Version < 8.10
   GeMultilin G30 Version-
GeMultilin G60 Firmware Version < 8.10
   GeMultilin G60 Version-
GeMultilin L30 Firmware Version < 8.10
   GeMultilin L30 Version-
GeMultilin L60 Firmware Version < 8.10
   GeMultilin L60 Version-
GeMultilin L90 Firmware Version < 8.10
   GeMultilin L90 Version-
GeMultilin M60 Firmware Version < 8.10
   GeMultilin M60 Version-
GeMultilin N60 Firmware Version < 8.10
   GeMultilin N60 Version-
GeMultilin T35 Firmware Version < 8.10
   GeMultilin T35 Version-
GeMultilin T60 Firmware Version < 8.10
   GeMultilin T60 Version-
GeMultilin C30 Firmware Version < 8.10
   GeMultilin C30 Version-
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.18% 0.388
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
ics-cert@hq.dhs.gov 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

CWE-668 Exposure of Resource to Wrong Sphere

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

https://www.cisa.gov/uscert/ics/advisories/icsa-21-075-02
Third Party Advisory
US Government Resource
Mitigation
https://www.gegridsolutions.com/Passport/Login.aspx
Vendor Advisory
Permissions Required