Multiple vulnerabilities in GE UR family



Published: 2021-03-17
Risk High
Patch available YES
Number of vulnerabilities 7
CVE-ID CVE-2021-27422
CVE-2021-27418
CVE-2021-27420
CVE-2021-27428
CVE-2021-27426
CVE-2021-27424
CVE-2021-27430
CWE-ID CWE-200
CWE-79
CWE-20
CWE-434
CWE-453
CWE-798
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
B30
Hardware solutions / Firmware

C30
Hardware solutions / Firmware

C60
Hardware solutions / Firmware

C70
Hardware solutions / Firmware

C95
Hardware solutions / Firmware

D30
Hardware solutions / Firmware

D60
Hardware solutions / Firmware

F35
Hardware solutions / Firmware

F60
Hardware solutions / Firmware

G30
Hardware solutions / Firmware

G60
Hardware solutions / Firmware

L30
Hardware solutions / Firmware

L60
Hardware solutions / Firmware

L90
Hardware solutions / Firmware

M60
Hardware solutions / Firmware

N60
Hardware solutions / Firmware

T35
Hardware solutions / Firmware

T60
Hardware solutions / Firmware

UR bootloader binary
Other software / Other software solutions

Vendor GE

Security Bulletin

This security bulletin contains information about 7 vulnerabilities.

1) Information disclosure

EUVDB-ID: #VU51525

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-27422

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to the web server interface is supported on UR over HTTP protocol. A remote attacker can gain unauthorized access to sensitive information on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

B30: before 8.10

C30: before 8.10

C60: before 8.10

C70: before 8.10

C95: before 8.10

D30: before 8.10

D60: before 8.10

F35: before 8.10

F60: before 8.10

G30: before 8.10

G60: before 8.10

L30: before 8.10

L60: before 8.10

L90: before 8.10

M60: before 8.10

N60: before 8.10

T35: before 8.10

T60: before 8.10

External links

http://ics-cert.us-cert.gov/advisories/icsa-21-075-02


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Cross-site scripting

EUVDB-ID: #VU51526

Risk: Low

CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-27418

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

B30: before 8.10

C30: before 8.10

C60: before 8.10

C70: before 8.10

C95: before 8.10

D30: before 8.10

D60: before 8.10

F35: before 8.10

F60: before 8.10

G30: before 8.10

G60: before 8.10

L30: before 8.10

L60: before 8.10

L90: before 8.10

M60: before 8.10

N60: before 8.10

T35: before 8.10

T60: before 8.10

External links

http://ics-cert.us-cert.gov/advisories/icsa-21-075-02


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Input validation error

EUVDB-ID: #VU51527

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-27420

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to the UR Firmware web server task does not properly handle receipt of unsupported HTTP verbst. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

B30: before 8.10

C30: before 8.10

C60: before 8.10

C70: before 8.10

C95: before 8.10

D30: before 8.10

D60: before 8.10

F35: before 8.10

F60: before 8.10

G30: before 8.10

G60: before 8.10

L30: before 8.10

L60: before 8.10

L90: before 8.10

M60: before 8.10

N60: before 8.10

T35: before 8.10

T60: before 8.10

External links

http://ics-cert.us-cert.gov/advisories/icsa-21-075-02


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Arbitrary file upload

EUVDB-ID: #VU51528

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-27428

CWE-ID: CWE-434 - Unrestricted Upload of File with Dangerous Type

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to the UR Setup tool validates the authenticity and integrity of firmware file before uploading the UR IED. A remote attacker can upgrade firmware without appropriate privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

B30: before 8.10

C30: before 8.10

C60: before 8.10

C70: before 8.10

C95: before 8.10

D30: before 8.10

D60: before 8.10

F35: before 8.10

F60: before 8.10

G30: before 8.10

G60: before 8.10

L30: before 8.10

L60: before 8.10

L90: before 8.10

M60: before 8.10

N60: before 8.10

T35: before 8.10

T60: before 8.10

External links

http://ics-cert.us-cert.gov/advisories/icsa-21-075-02


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Insecure Default Variable Initialization

EUVDB-ID: #VU51529

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-27426

CWE-ID: CWE-453 - Insecure Default Variable Initialization

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to the UR IED with “Basic” security variant does not allow the disabling of the “Factory Mode", which is used for servicing the IED by a “Factory” user. A remote attacker who can execute arbitrary code on the system.

Note: This vulnerability affects the following versions of Provisions to disable Factory Mode:

  • all firmware versions prior to 8.1x with basic security option

Mitigation

Install updates from vendor's website.

Vulnerable software versions

B30: before 8.10

C30: before 8.10

C60: before 8.10

C70: before 8.10

C95: before 8.10

D30: before 8.10

D60: before 8.10

F35: before 8.10

F60: before 8.10

G30: before 8.10

G60: before 8.10

L30: before 8.10

L60: before 8.10

L90: before 8.10

M60: before 8.10

N60: before 8.10

T35: before 8.10

T60: before 8.10

External links

http://ics-cert.us-cert.gov/advisories/icsa-21-075-02


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Information disclosure

EUVDB-ID: #VU51530

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-27424

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to the UR shares MODBUS memory map as part of the communications guide. A remote attacker can gain unauthorized access to sensitive information on the system.

Note: This vulnerability affects the following versions of Access to “Last-key pressed” register:

  • all firmware versions prior to 8.1x with basic security option

Mitigation

Install updates from vendor's website.

Vulnerable software versions

B30: before 8.10

C30: before 8.10

C60: before 8.10

C70: before 8.10

C95: before 8.10

D30: before 8.10

D60: before 8.10

F35: before 8.10

F60: before 8.10

G30: before 8.10

G60: before 8.10

L30: before 8.10

L60: before 8.10

L90: before 8.10

M60: before 8.10

N60: before 8.10

T35: before 8.10

T60: before 8.10

External links

http://ics-cert.us-cert.gov/advisories/icsa-21-075-02


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Use of hard-coded credentials

EUVDB-ID: #VU51531

Risk: Low

CVSSv3.1: 7.3 [CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-27430

CWE-ID: CWE-798 - Use of Hard-coded Credentials

Exploit availability: No

Description

The vulnerability allows a local attacker to gain full access to vulnerable system.

The vulnerability exists due to presence of hard-coded credentials in application code. A local attacker can interrupt the boot sequence by rebooting the UR. 

Mitigation

Install updates from vendor's website.

Vulnerable software versions

UR bootloader binary: 7.00 - 7.02

B30: before 8.10

C30: before 8.10

C60: before 8.10

C70: before 8.10

C95: before 8.10

D30: before 8.10

D60: before 8.10

F35: before 8.10

F60: before 8.10

G30: before 8.10

G60: before 8.10

L30: before 8.10

L60: before 8.10

L90: before 8.10

M60: before 8.10

N60: before 8.10

T35: before 8.10

T60: before 8.10

External links

http://ics-cert.us-cert.gov/advisories/icsa-21-075-02


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###