CVE-2021-27428

EPSS 0.25%
Published 23.03.2022 20:15:08
Last modified 21.11.2024 05:57:58
Source ics-cert@hq.dhs.gov
Teams watchlist Login
Open Login

GE UR IED firmware versions prior to version 8.1x supports upgrading firmware using UR Setup configuration tool – Enervista UR Setup. This UR Setup tool validates the authenticity and integrity of firmware file before uploading the UR IED. An illegitimate user could upgrade firmware without appropriate privileges. The weakness is assessed, and mitigation is implemented in firmware Version 8.10.

Affected products Warnungen 0 Metrics 4 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Ge ≫ Multilin B30 Firmware Version < 8.10

Ge ≫ Multilin B30 Version-

Ge ≫ Multilin B90 Firmware Version < 8.10

Ge ≫ Multilin B90 Version-

Ge ≫ Multilin C60 Firmware Version < 8.10

Ge ≫ Multilin C60 Version-

Ge ≫ Multilin C70 Firmware Version < 8.10

Ge ≫ Multilin C70 Version-

Ge ≫ Multilin C95 Firmware Version < 8.10

Ge ≫ Multilin C95 Version-

Ge ≫ Multilin D30 Firmware Version < 8.10

Ge ≫ Multilin D30 Version-

Ge ≫ Multilin D60 Firmware Version < 8.10

Ge ≫ Multilin D60 Version-

Ge ≫ Multilin F35 Firmware Version < 8.10

Ge ≫ Multilin F35 Version-

Ge ≫ Multilin F60 Firmware Version < 8.10

Ge ≫ Multilin F60 Version-

Ge ≫ Multilin G30 Firmware Version < 8.10

Ge ≫ Multilin G30 Version-

Ge ≫ Multilin G60 Firmware Version < 8.10

Ge ≫ Multilin G60 Version-

Ge ≫ Multilin L30 Firmware Version < 8.10

Ge ≫ Multilin L30 Version-

Ge ≫ Multilin L60 Firmware Version < 8.10

Ge ≫ Multilin L60 Version-

Ge ≫ Multilin L90 Firmware Version < 8.10

Ge ≫ Multilin L90 Version-

Ge ≫ Multilin M60 Firmware Version < 8.10

Ge ≫ Multilin M60 Version-

Ge ≫ Multilin N60 Firmware Version < 8.10

Ge ≫ Multilin N60 Version-

Ge ≫ Multilin T35 Firmware Version < 8.10

Ge ≫ Multilin T35 Version-

Ge ≫ Multilin T60 Firmware Version < 8.10

Ge ≫ Multilin T60 Version-

Ge ≫ Multilin C30 Firmware Version < 8.10

Ge ≫ Multilin C30 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.25%	0.478

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P
ics-cert@hq.dhs.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-434 Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

https://www.cisa.gov/uscert/ics/advisories/icsa-21-075-02

Third Party Advisory

US Government Resource

Mitigation

https://www.gegridsolutions.com/Passport/Login.aspx

Vendor Advisory

Permissions Required

https://nvd.nist.gov/vuln/detail/CVE-2021-27428

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-27428

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-27428

EUVD