CVE-2021-27420
Summary
| CVE | CVE-2021-27420 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-03-23 20:15:00 UTC |
| Updated | 2022-04-01 18:25:00 UTC |
| Description | GE UR firmware versions prior to version 8.1x web server task does not properly handle receipt of unsupported HTTP verbs, resulting in the web server becoming temporarily unresponsive after receiving a series of unsupported HTTP requests. When unresponsive, the web server is inaccessible. By itself, this is not particularly significant as the relay remains effective in all other functionality and communication channels. |
Risk And Classification
Problem Types: CWE-20
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Ge | Multilin B30 | - | All | All | All |
| Operating System | Ge | Multilin B30 Firmware | All | All | All | All |
| Hardware | Ge | Multilin B90 | - | All | All | All |
| Operating System | Ge | Multilin B90 Firmware | All | All | All | All |
| Hardware | Ge | Multilin C30 | - | All | All | All |
| Operating System | Ge | Multilin C30 Firmware | All | All | All | All |
| Hardware | Ge | Multilin C60 | - | All | All | All |
| Operating System | Ge | Multilin C60 Firmware | All | All | All | All |
| Hardware | Ge | Multilin C70 | - | All | All | All |
| Operating System | Ge | Multilin C70 Firmware | All | All | All | All |
| Hardware | Ge | Multilin C95 | - | All | All | All |
| Operating System | Ge | Multilin C95 Firmware | All | All | All | All |
| Hardware | Ge | Multilin D30 | - | All | All | All |
| Operating System | Ge | Multilin D30 Firmware | All | All | All | All |
| Hardware | Ge | Multilin D60 | - | All | All | All |
| Operating System | Ge | Multilin D60 Firmware | All | All | All | All |
| Hardware | Ge | Multilin F35 | - | All | All | All |
| Operating System | Ge | Multilin F35 Firmware | All | All | All | All |
| Hardware | Ge | Multilin F60 | - | All | All | All |
| Operating System | Ge | Multilin F60 Firmware | All | All | All | All |
| Hardware | Ge | Multilin G30 | - | All | All | All |
| Operating System | Ge | Multilin G30 Firmware | All | All | All | All |
| Hardware | Ge | Multilin G60 | - | All | All | All |
| Operating System | Ge | Multilin G60 Firmware | All | All | All | All |
| Hardware | Ge | Multilin L30 | - | All | All | All |
| Operating System | Ge | Multilin L30 Firmware | All | All | All | All |
| Hardware | Ge | Multilin L60 | - | All | All | All |
| Operating System | Ge | Multilin L60 Firmware | All | All | All | All |
| Hardware | Ge | Multilin L90 | - | All | All | All |
| Operating System | Ge | Multilin L90 Firmware | All | All | All | All |
| Hardware | Ge | Multilin M60 | - | All | All | All |
| Operating System | Ge | Multilin M60 Firmware | All | All | All | All |
| Hardware | Ge | Multilin N60 | - | All | All | All |
| Operating System | Ge | Multilin N60 Firmware | All | All | All | All |
| Hardware | Ge | Multilin T35 | - | All | All | All |
| Operating System | Ge | Multilin T35 Firmware | All | All | All | All |
| Hardware | Ge | Multilin T60 | - | All | All | All |
| Operating System | Ge | Multilin T60 Firmware | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| GE UR family | CISA | CONFIRM | www.cisa.gov | |
| Grid Passport Login : GE Grid Solutions | CONFIRM | www.gegridsolutions.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
LEGACY: SCADA-X, DOE’s Cyber Testing for Resilient Industrial Control Systems (CyTRICS) program, Verve Industrial, and VuMetric reported these vulnerabilities to GE.
There are currently no legacy QID mappings associated with this CVE.