CVE-2021-27428
Summary
| CVE | CVE-2021-27428 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-03-23 20:15:00 UTC |
| Updated | 2022-04-01 15:28:00 UTC |
| Description | GE UR IED firmware versions prior to version 8.1x supports upgrading firmware using UR Setup configuration tool – Enervista UR Setup. This UR Setup tool validates the authenticity and integrity of firmware file before uploading the UR IED. An illegitimate user could upgrade firmware without appropriate privileges. The weakness is assessed, and mitigation is implemented in firmware Version 8.10. |
Risk And Classification
Problem Types: CWE-434
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Ge | Multilin B30 | - | All | All | All |
| Operating System | Ge | Multilin B30 Firmware | All | All | All | All |
| Hardware | Ge | Multilin B90 | - | All | All | All |
| Operating System | Ge | Multilin B90 Firmware | All | All | All | All |
| Hardware | Ge | Multilin C30 | - | All | All | All |
| Operating System | Ge | Multilin C30 Firmware | All | All | All | All |
| Hardware | Ge | Multilin C60 | - | All | All | All |
| Operating System | Ge | Multilin C60 Firmware | All | All | All | All |
| Hardware | Ge | Multilin C70 | - | All | All | All |
| Operating System | Ge | Multilin C70 Firmware | All | All | All | All |
| Hardware | Ge | Multilin C95 | - | All | All | All |
| Operating System | Ge | Multilin C95 Firmware | All | All | All | All |
| Hardware | Ge | Multilin D30 | - | All | All | All |
| Operating System | Ge | Multilin D30 Firmware | All | All | All | All |
| Hardware | Ge | Multilin D60 | - | All | All | All |
| Operating System | Ge | Multilin D60 Firmware | All | All | All | All |
| Hardware | Ge | Multilin F35 | - | All | All | All |
| Operating System | Ge | Multilin F35 Firmware | All | All | All | All |
| Hardware | Ge | Multilin F60 | - | All | All | All |
| Operating System | Ge | Multilin F60 Firmware | All | All | All | All |
| Hardware | Ge | Multilin G30 | - | All | All | All |
| Operating System | Ge | Multilin G30 Firmware | All | All | All | All |
| Hardware | Ge | Multilin G60 | - | All | All | All |
| Operating System | Ge | Multilin G60 Firmware | All | All | All | All |
| Hardware | Ge | Multilin L30 | - | All | All | All |
| Operating System | Ge | Multilin L30 Firmware | All | All | All | All |
| Hardware | Ge | Multilin L60 | - | All | All | All |
| Operating System | Ge | Multilin L60 Firmware | All | All | All | All |
| Hardware | Ge | Multilin L90 | - | All | All | All |
| Operating System | Ge | Multilin L90 Firmware | All | All | All | All |
| Hardware | Ge | Multilin M60 | - | All | All | All |
| Operating System | Ge | Multilin M60 Firmware | All | All | All | All |
| Hardware | Ge | Multilin N60 | - | All | All | All |
| Operating System | Ge | Multilin N60 Firmware | All | All | All | All |
| Hardware | Ge | Multilin T35 | - | All | All | All |
| Operating System | Ge | Multilin T35 Firmware | All | All | All | All |
| Hardware | Ge | Multilin T60 | - | All | All | All |
| Operating System | Ge | Multilin T60 Firmware | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| GE UR family | CISA | CONFIRM | www.cisa.gov | |
| Grid Passport Login : GE Grid Solutions | CONFIRM | www.gegridsolutions.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
LEGACY: SCADA-X, DOE’s Cyber Testing for Resilient Industrial Control Systems (CyTRICS) program, Verve Industrial, and VuMetric reported these vulnerabilities to GE.
There are currently no legacy QID mappings associated with this CVE.