CVE-2021-27420

Published: Mar 23, 2022Modified: Nov 21, 2024

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

GE UR firmware versions prior to version 8.1x web server task does not properly handle receipt of unsupported HTTP verbs, resulting in the web server becoming temporarily unresponsive after receiving a series of unsupported HTTP requests. When unresponsive, the web server is inaccessible. By itself, this is not particularly significant as the relay remains effective in all other functionality and communication channels.

Affected (19)

Products: Ge: Multilin B30 Firmware, Multilin B90 Firmware, Multilin C60 Firmware, Multilin C70 Firmware, Multilin C95 Firmware, Multilin D30 Firmware, Multilin D60 Firmware, Multilin F35 Firmware, Multilin F60 Firmware, Multilin G30 Firmware, Multilin G60 Firmware, Multilin L30 Firmware, Multilin L60 Firmware, Multilin L90 Firmware, Multilin M60 Firmware, Multilin N60 Firmware, Multilin T35 Firmware, Multilin T60 Firmware, Multilin C30 Firmware

19 products

Multilin B30 Firmware

Multilin B90 Firmware

Multilin C60 Firmware

Multilin C70 Firmware

Multilin C95 Firmware

Multilin D30 Firmware

Multilin D60 Firmware

Multilin F35 Firmware

Multilin F60 Firmware

Multilin G30 Firmware

Multilin G60 Firmware

Multilin L30 Firmware

Multilin L60 Firmware

Multilin L90 Firmware

Multilin M60 Firmware

Multilin N60 Firmware

Multilin T35 Firmware

Multilin T60 Firmware

Multilin C30 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ge Multilin B30 Firmware	Before 8.10

Running on/with	Platform Versions
Ge Multilin B30	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ge Multilin B90 Firmware	Before 8.10

Running on/with	Platform Versions
Ge Multilin B90	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ge Multilin C60 Firmware	Before 8.10

Running on/with	Platform Versions
Ge Multilin C60	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ge Multilin C70 Firmware	Before 8.10

Running on/with	Platform Versions
Ge Multilin C70	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ge Multilin C95 Firmware	Before 8.10

Running on/with	Platform Versions
Ge Multilin C95	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ge Multilin D30 Firmware	Before 8.10

Running on/with	Platform Versions
Ge Multilin D30	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ge Multilin D60 Firmware	Before 8.10

Running on/with	Platform Versions
Ge Multilin D60	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ge Multilin F35 Firmware	Before 8.10

Running on/with	Platform Versions
Ge Multilin F35	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ge Multilin F60 Firmware	Before 8.10

Running on/with	Platform Versions
Ge Multilin F60	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ge Multilin G30 Firmware	Before 8.10

Running on/with	Platform Versions
Ge Multilin G30	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ge Multilin G60 Firmware	Before 8.10

Running on/with	Platform Versions
Ge Multilin G60	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ge Multilin L30 Firmware	Before 8.10

Running on/with	Platform Versions
Ge Multilin L30	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ge Multilin L60 Firmware	Before 8.10

Running on/with	Platform Versions
Ge Multilin L60	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ge Multilin L90 Firmware	Before 8.10

Running on/with	Platform Versions
Ge Multilin L90	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ge Multilin M60 Firmware	Before 8.10

Running on/with	Platform Versions
Ge Multilin M60	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ge Multilin N60 Firmware	Before 8.10

Running on/with	Platform Versions
Ge Multilin N60	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ge Multilin T35 Firmware	Before 8.10

Running on/with	Platform Versions
Ge Multilin T35	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ge Multilin T60 Firmware	Before 8.10

Running on/with	Platform Versions
Ge Multilin T60	All versions

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ge Multilin C30 Firmware	Before 8.10

Running on/with	Platform Versions
Ge Multilin C30	All versions

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (4)

https://www.cisa.gov/uscert/ics/advisories/icsa-21-075-02

Source: ics-cert@hq.dhs.gov

MitigationThird Party AdvisoryUS Government Resource

https://www.gegridsolutions.com/Passport/Login.aspx

Source: ics-cert@hq.dhs.gov

Permissions RequiredVendor Advisory

https://www.cisa.gov/uscert/ics/advisories/icsa-21-075-02

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationThird Party AdvisoryUS Government Resource

https://www.gegridsolutions.com/Passport/Login.aspx

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions RequiredVendor Advisory

Timeline

No history available yet.