9.8
CVE-2021-27426
- EPSS 0.25%
- Published 23.03.2022 20:15:08
- Last modified 21.11.2024 05:57:57
- Source ics-cert@hq.dhs.gov
- Teams watchlist Login
- Open Login
GE UR IED firmware versions prior to version 8.1x with “Basic” security variant does not allow the disabling of the “Factory Mode,” which is used for servicing the IED by a “Factory” user.
Data is provided by the National Vulnerability Database (NVD)
Ge ≫ Multilin B30 Firmware Version < 8.10
Ge ≫ Multilin B90 Firmware Version < 8.10
Ge ≫ Multilin C60 Firmware Version < 8.10
Ge ≫ Multilin C70 Firmware Version < 8.10
Ge ≫ Multilin C95 Firmware Version < 8.10
Ge ≫ Multilin D30 Firmware Version < 8.10
Ge ≫ Multilin D60 Firmware Version < 8.10
Ge ≫ Multilin F35 Firmware Version < 8.10
Ge ≫ Multilin F60 Firmware Version < 8.10
Ge ≫ Multilin G30 Firmware Version < 8.10
Ge ≫ Multilin G60 Firmware Version < 8.10
Ge ≫ Multilin L30 Firmware Version < 8.10
Ge ≫ Multilin L60 Firmware Version < 8.10
Ge ≫ Multilin L90 Firmware Version < 8.10
Ge ≫ Multilin M60 Firmware Version < 8.10
Ge ≫ Multilin N60 Firmware Version < 8.10
Ge ≫ Multilin T35 Firmware Version < 8.10
Ge ≫ Multilin T60 Firmware Version < 8.10
Ge ≫ Multilin C30 Firmware Version < 8.10
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.25% | 0.478 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
| ics-cert@hq.dhs.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-453 Insecure Default Variable Initialization
The product, by default, initializes an internal variable with an insecure or less secure value than is possible.