Risk | High |
Patch available | YES |
Number of vulnerabilities | 7 |
CVE-ID | CVE-2021-27422 CVE-2021-27418 CVE-2021-27420 CVE-2021-27428 CVE-2021-27426 CVE-2021-27424 CVE-2021-27430 |
CWE-ID | CWE-200 CWE-79 CWE-20 CWE-434 CWE-453 CWE-798 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software Subscribe |
B30 Hardware solutions / Firmware C30 Hardware solutions / Firmware C60 Hardware solutions / Firmware C70 Hardware solutions / Firmware C95 Hardware solutions / Firmware D30 Hardware solutions / Firmware D60 Hardware solutions / Firmware F35 Hardware solutions / Firmware F60 Hardware solutions / Firmware G30 Hardware solutions / Firmware G60 Hardware solutions / Firmware L30 Hardware solutions / Firmware L60 Hardware solutions / Firmware L90 Hardware solutions / Firmware M60 Hardware solutions / Firmware N60 Hardware solutions / Firmware T35 Hardware solutions / Firmware T60 Hardware solutions / Firmware UR bootloader binary Other software / Other software solutions |
Vendor | GE |
Security Bulletin
This security bulletin contains information about 7 vulnerabilities.
EUVDB-ID: #VU51525
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-27422
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to the web server interface is supported on UR over HTTP protocol. A remote attacker can gain unauthorized access to sensitive information on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsB30: before 8.10
C30: before 8.10
C60: before 8.10
C70: before 8.10
C95: before 8.10
D30: before 8.10
D60: before 8.10
F35: before 8.10
F60: before 8.10
G30: before 8.10
G60: before 8.10
L30: before 8.10
L60: before 8.10
L90: before 8.10
M60: before 8.10
N60: before 8.10
T35: before 8.10
T60: before 8.10
External linkshttp://ics-cert.us-cert.gov/advisories/icsa-21-075-02
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU51526
Risk: Low
CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-27418
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationInstall updates from vendor's website.
Vulnerable software versionsB30: before 8.10
C30: before 8.10
C60: before 8.10
C70: before 8.10
C95: before 8.10
D30: before 8.10
D60: before 8.10
F35: before 8.10
F60: before 8.10
G30: before 8.10
G60: before 8.10
L30: before 8.10
L60: before 8.10
L90: before 8.10
M60: before 8.10
N60: before 8.10
T35: before 8.10
T60: before 8.10
External linkshttp://ics-cert.us-cert.gov/advisories/icsa-21-075-02
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU51527
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-27420
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to the UR Firmware web server task does not properly handle receipt of unsupported HTTP verbst. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Vulnerable software versionsB30: before 8.10
C30: before 8.10
C60: before 8.10
C70: before 8.10
C95: before 8.10
D30: before 8.10
D60: before 8.10
F35: before 8.10
F60: before 8.10
G30: before 8.10
G60: before 8.10
L30: before 8.10
L60: before 8.10
L90: before 8.10
M60: before 8.10
N60: before 8.10
T35: before 8.10
T60: before 8.10
External linkshttp://ics-cert.us-cert.gov/advisories/icsa-21-075-02
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU51528
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-27428
CWE-ID:
CWE-434 - Unrestricted Upload of File with Dangerous Type
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to the UR Setup tool validates the authenticity and integrity of firmware file before uploading the UR IED. A remote attacker can upgrade firmware without appropriate privileges.
MitigationInstall updates from vendor's website.
Vulnerable software versionsB30: before 8.10
C30: before 8.10
C60: before 8.10
C70: before 8.10
C95: before 8.10
D30: before 8.10
D60: before 8.10
F35: before 8.10
F60: before 8.10
G30: before 8.10
G60: before 8.10
L30: before 8.10
L60: before 8.10
L90: before 8.10
M60: before 8.10
N60: before 8.10
T35: before 8.10
T60: before 8.10
External linkshttp://ics-cert.us-cert.gov/advisories/icsa-21-075-02
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU51529
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-27426
CWE-ID:
CWE-453 - Insecure Default Variable Initialization
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to the UR IED with “Basic” security variant does not allow the disabling of the “Factory Mode", which is used for servicing the IED by a “Factory” user. A remote attacker who can execute arbitrary code on the system.
Note: This vulnerability affects the following versions of Provisions to disable Factory Mode:
Mitigation
Install updates from vendor's website.
Vulnerable software versionsB30: before 8.10
C30: before 8.10
C60: before 8.10
C70: before 8.10
C95: before 8.10
D30: before 8.10
D60: before 8.10
F35: before 8.10
F60: before 8.10
G30: before 8.10
G60: before 8.10
L30: before 8.10
L60: before 8.10
L90: before 8.10
M60: before 8.10
N60: before 8.10
T35: before 8.10
T60: before 8.10
External linkshttp://ics-cert.us-cert.gov/advisories/icsa-21-075-02
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU51530
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-27424
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to the UR shares MODBUS memory map as part of the communications guide. A remote attacker can gain unauthorized access to sensitive information on the system.
Note: This vulnerability affects the following versions of Access to “Last-key pressed” register:
Install updates from vendor's website.
Vulnerable software versionsB30: before 8.10
C30: before 8.10
C60: before 8.10
C70: before 8.10
C95: before 8.10
D30: before 8.10
D60: before 8.10
F35: before 8.10
F60: before 8.10
G30: before 8.10
G60: before 8.10
L30: before 8.10
L60: before 8.10
L90: before 8.10
M60: before 8.10
N60: before 8.10
T35: before 8.10
T60: before 8.10
External linkshttp://ics-cert.us-cert.gov/advisories/icsa-21-075-02
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU51531
Risk: Low
CVSSv3.1: 7.3 [CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-27430
CWE-ID:
CWE-798 - Use of Hard-coded Credentials
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain full access to vulnerable system.
The vulnerability exists due to presence of hard-coded credentials in application code. A local attacker can interrupt the boot sequence by rebooting the UR.
MitigationInstall updates from vendor's website.
Vulnerable software versionsUR bootloader binary: 7.00 - 7.02
B30: before 8.10
C30: before 8.10
C60: before 8.10
C70: before 8.10
C95: before 8.10
D30: before 8.10
D60: before 8.10
F35: before 8.10
F60: before 8.10
G30: before 8.10
G60: before 8.10
L30: before 8.10
L60: before 8.10
L90: before 8.10
M60: before 8.10
N60: before 8.10
T35: before 8.10
T60: before 8.10
External linkshttp://ics-cert.us-cert.gov/advisories/icsa-21-075-02
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.