CVE-2021-27424

Published: Mar 23, 2022Modified: Nov 21, 2024

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

GE UR firmware versions prior to version 8.1x shares MODBUS memory map as part of the communications guide. GE was made aware a “Last-key pressed” MODBUS register can be used to gain unauthorized information.

Affected (19)

Products: Ge: Multilin B30 Firmware, Multilin B90 Firmware, Multilin C60 Firmware, Multilin C70 Firmware, Multilin C95 Firmware, Multilin D30 Firmware, Multilin D60 Firmware, Multilin F35 Firmware, Multilin F60 Firmware, Multilin G30 Firmware, Multilin G60 Firmware, Multilin L30 Firmware, Multilin L60 Firmware, Multilin L90 Firmware, Multilin M60 Firmware, Multilin N60 Firmware, Multilin T35 Firmware, Multilin T60 Firmware, Multilin C30 Firmware

19 products

Multilin B30 Firmware

Multilin B90 Firmware

Multilin C60 Firmware

Multilin C70 Firmware

Multilin C95 Firmware

Multilin D30 Firmware

Multilin D60 Firmware

Multilin F35 Firmware

Multilin F60 Firmware

Multilin G30 Firmware

Multilin G60 Firmware

Multilin L30 Firmware

Multilin L60 Firmware

Multilin L90 Firmware

Multilin M60 Firmware

Multilin N60 Firmware

Multilin T35 Firmware

Multilin T60 Firmware

Multilin C30 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ge Multilin B30 Firmware	Before 8.10

Running on/with	Platform Versions
Ge Multilin B30	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ge Multilin B90 Firmware	Before 8.10

Running on/with	Platform Versions
Ge Multilin B90	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ge Multilin C60 Firmware	Before 8.10

Running on/with	Platform Versions
Ge Multilin C60	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ge Multilin C70 Firmware	Before 8.10

Running on/with	Platform Versions
Ge Multilin C70	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ge Multilin C95 Firmware	Before 8.10

Running on/with	Platform Versions
Ge Multilin C95	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ge Multilin D30 Firmware	Before 8.10

Running on/with	Platform Versions
Ge Multilin D30	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ge Multilin D60 Firmware	Before 8.10

Running on/with	Platform Versions
Ge Multilin D60	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ge Multilin F35 Firmware	Before 8.10

Running on/with	Platform Versions
Ge Multilin F35	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ge Multilin F60 Firmware	Before 8.10

Running on/with	Platform Versions
Ge Multilin F60	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ge Multilin G30 Firmware	Before 8.10

Running on/with	Platform Versions
Ge Multilin G30	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ge Multilin G60 Firmware	Before 8.10

Running on/with	Platform Versions
Ge Multilin G60	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ge Multilin L30 Firmware	Before 8.10

Running on/with	Platform Versions
Ge Multilin L30	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ge Multilin L60 Firmware	Before 8.10

Running on/with	Platform Versions
Ge Multilin L60	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ge Multilin L90 Firmware	Before 8.10

Running on/with	Platform Versions
Ge Multilin L90	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ge Multilin M60 Firmware	Before 8.10

Running on/with	Platform Versions
Ge Multilin M60	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ge Multilin N60 Firmware	Before 8.10

Running on/with	Platform Versions
Ge Multilin N60	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ge Multilin T35 Firmware	Before 8.10

Running on/with	Platform Versions
Ge Multilin T35	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ge Multilin T60 Firmware	Before 8.10

Running on/with	Platform Versions
Ge Multilin T60	All versions

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ge Multilin C30 Firmware	Before 8.10

Running on/with	Platform Versions
Ge Multilin C30	All versions

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

CWE-668

Exposure of Resource to Wrong Sphere

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

References (4)

https://www.cisa.gov/uscert/ics/advisories/icsa-21-075-02

Source: ics-cert@hq.dhs.gov

MitigationThird Party AdvisoryUS Government Resource

https://www.gegridsolutions.com/Passport/Login.aspx

Source: ics-cert@hq.dhs.gov

Permissions RequiredVendor Advisory

https://www.cisa.gov/uscert/ics/advisories/icsa-21-075-02

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationThird Party AdvisoryUS Government Resource

https://www.gegridsolutions.com/Passport/Login.aspx

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions RequiredVendor Advisory

Timeline

No history available yet.