CVE-2021-27418

Published: Mar 23, 2022Modified: Nov 21, 2024

6.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: NVD

Description

GE UR firmware versions prior to version 8.1x supports web interface with read-only access. The device fails to properly validate user input, making it possible to perform cross-site scripting attacks, which may be used to send a malicious script. Also, UR Firmware web server does not perform HTML encoding of user-supplied strings.

Affected (19)

Products: Ge: Multilin B30 Firmware, Multilin B90 Firmware, Multilin C60 Firmware, Multilin C70 Firmware, Multilin C95 Firmware, Multilin D30 Firmware, Multilin D60 Firmware, Multilin F35 Firmware, Multilin F60 Firmware, Multilin G30 Firmware, Multilin G60 Firmware, Multilin L30 Firmware, Multilin L60 Firmware, Multilin L90 Firmware, Multilin M60 Firmware, Multilin N60 Firmware, Multilin T35 Firmware, Multilin T60 Firmware, Multilin C30 Firmware

19 products

Multilin B30 Firmware

Multilin B90 Firmware

Multilin C60 Firmware

Multilin C70 Firmware

Multilin C95 Firmware

Multilin D30 Firmware

Multilin D60 Firmware

Multilin F35 Firmware

Multilin F60 Firmware

Multilin G30 Firmware

Multilin G60 Firmware

Multilin L30 Firmware

Multilin L60 Firmware

Multilin L90 Firmware

Multilin M60 Firmware

Multilin N60 Firmware

Multilin T35 Firmware

Multilin T60 Firmware

Multilin C30 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ge Multilin B30 Firmware	Before 8.10

Running on/with	Platform Versions
Ge Multilin B30	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ge Multilin B90 Firmware	Before 8.10

Running on/with	Platform Versions
Ge Multilin B90	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ge Multilin C60 Firmware	Before 8.10

Running on/with	Platform Versions
Ge Multilin C60	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ge Multilin C70 Firmware	Before 8.10

Running on/with	Platform Versions
Ge Multilin C70	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ge Multilin C95 Firmware	Before 8.10

Running on/with	Platform Versions
Ge Multilin C95	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ge Multilin D30 Firmware	Before 8.10

Running on/with	Platform Versions
Ge Multilin D30	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ge Multilin D60 Firmware	Before 8.10

Running on/with	Platform Versions
Ge Multilin D60	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ge Multilin F35 Firmware	Before 8.10

Running on/with	Platform Versions
Ge Multilin F35	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ge Multilin F60 Firmware	Before 8.10

Running on/with	Platform Versions
Ge Multilin F60	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ge Multilin G30 Firmware	Before 8.10

Running on/with	Platform Versions
Ge Multilin G30	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ge Multilin G60 Firmware	Before 8.10

Running on/with	Platform Versions
Ge Multilin G60	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ge Multilin L30 Firmware	Before 8.10

Running on/with	Platform Versions
Ge Multilin L30	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ge Multilin L60 Firmware	Before 8.10

Running on/with	Platform Versions
Ge Multilin L60	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ge Multilin L90 Firmware	Before 8.10

Running on/with	Platform Versions
Ge Multilin L90	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ge Multilin M60 Firmware	Before 8.10

Running on/with	Platform Versions
Ge Multilin M60	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ge Multilin N60 Firmware	Before 8.10

Running on/with	Platform Versions
Ge Multilin N60	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ge Multilin T35 Firmware	Before 8.10

Running on/with	Platform Versions
Ge Multilin T35	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ge Multilin T60 Firmware	Before 8.10

Running on/with	Platform Versions
Ge Multilin T60	All versions

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ge Multilin C30 Firmware	Before 8.10

Running on/with	Platform Versions
Ge Multilin C30	All versions

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (4)

https://www.cisa.gov/uscert/ics/advisories/icsa-21-075-02

Source: ics-cert@hq.dhs.gov

MitigationThird Party AdvisoryUS Government Resource

https://www.gegridsolutions.com/Passport/Login.aspx

Source: ics-cert@hq.dhs.gov

Permissions RequiredVendor Advisory

https://www.cisa.gov/uscert/ics/advisories/icsa-21-075-02

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationThird Party AdvisoryUS Government Resource

https://www.gegridsolutions.com/Passport/Login.aspx

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions RequiredVendor Advisory

Timeline

No history available yet.