CVE-2021-27428

Published: Mar 23, 2022Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

GE UR IED firmware versions prior to version 8.1x supports upgrading firmware using UR Setup configuration tool – Enervista UR Setup. This UR Setup tool validates the authenticity and integrity of firmware file before uploading the UR IED. An illegitimate user could upgrade firmware without appropriate privileges. The weakness is assessed, and mitigation is implemented in firmware Version 8.10.

Affected (19)

Products: Ge: Multilin B30 Firmware, Multilin B90 Firmware, Multilin C60 Firmware, Multilin C70 Firmware, Multilin C95 Firmware, Multilin D30 Firmware, Multilin D60 Firmware, Multilin F35 Firmware, Multilin F60 Firmware, Multilin G30 Firmware, Multilin G60 Firmware, Multilin L30 Firmware, Multilin L60 Firmware, Multilin L90 Firmware, Multilin M60 Firmware, Multilin N60 Firmware, Multilin T35 Firmware, Multilin T60 Firmware, Multilin C30 Firmware

19 products

Multilin B30 Firmware

Multilin B90 Firmware

Multilin C60 Firmware

Multilin C70 Firmware

Multilin C95 Firmware

Multilin D30 Firmware

Multilin D60 Firmware

Multilin F35 Firmware

Multilin F60 Firmware

Multilin G30 Firmware

Multilin G60 Firmware

Multilin L30 Firmware

Multilin L60 Firmware

Multilin L90 Firmware

Multilin M60 Firmware

Multilin N60 Firmware

Multilin T35 Firmware

Multilin T60 Firmware

Multilin C30 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ge Multilin B30 Firmware	Before 8.10

Running on/with	Platform Versions
Ge Multilin B30	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ge Multilin B90 Firmware	Before 8.10

Running on/with	Platform Versions
Ge Multilin B90	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ge Multilin C60 Firmware	Before 8.10

Running on/with	Platform Versions
Ge Multilin C60	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ge Multilin C70 Firmware	Before 8.10

Running on/with	Platform Versions
Ge Multilin C70	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ge Multilin C95 Firmware	Before 8.10

Running on/with	Platform Versions
Ge Multilin C95	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ge Multilin D30 Firmware	Before 8.10

Running on/with	Platform Versions
Ge Multilin D30	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ge Multilin D60 Firmware	Before 8.10

Running on/with	Platform Versions
Ge Multilin D60	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ge Multilin F35 Firmware	Before 8.10

Running on/with	Platform Versions
Ge Multilin F35	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ge Multilin F60 Firmware	Before 8.10

Running on/with	Platform Versions
Ge Multilin F60	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ge Multilin G30 Firmware	Before 8.10

Running on/with	Platform Versions
Ge Multilin G30	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ge Multilin G60 Firmware	Before 8.10

Running on/with	Platform Versions
Ge Multilin G60	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ge Multilin L30 Firmware	Before 8.10

Running on/with	Platform Versions
Ge Multilin L30	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ge Multilin L60 Firmware	Before 8.10

Running on/with	Platform Versions
Ge Multilin L60	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ge Multilin L90 Firmware	Before 8.10

Running on/with	Platform Versions
Ge Multilin L90	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ge Multilin M60 Firmware	Before 8.10

Running on/with	Platform Versions
Ge Multilin M60	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ge Multilin N60 Firmware	Before 8.10

Running on/with	Platform Versions
Ge Multilin N60	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ge Multilin T35 Firmware	Before 8.10

Running on/with	Platform Versions
Ge Multilin T35	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ge Multilin T60 Firmware	Before 8.10

Running on/with	Platform Versions
Ge Multilin T60	All versions

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ge Multilin C30 Firmware	Before 8.10

Running on/with	Platform Versions
Ge Multilin C30	All versions

Related CWEs

CWE-434

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (4)

https://www.cisa.gov/uscert/ics/advisories/icsa-21-075-02

Source: ics-cert@hq.dhs.gov

MitigationThird Party AdvisoryUS Government Resource

https://www.gegridsolutions.com/Passport/Login.aspx

Source: ics-cert@hq.dhs.gov

Permissions RequiredVendor Advisory

https://www.cisa.gov/uscert/ics/advisories/icsa-21-075-02

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationThird Party AdvisoryUS Government Resource

https://www.gegridsolutions.com/Passport/Login.aspx

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions RequiredVendor Advisory

Timeline

No history available yet.