Vulnerability identifier: #VU51529

Vulnerability risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-27426

CWE-ID: CWE-453

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
B30
Hardware solutions / Firmware
C30
Hardware solutions / Firmware
C60
Hardware solutions / Firmware
C70
Hardware solutions / Firmware
C95
Hardware solutions / Firmware
D30
Hardware solutions / Firmware
D60
Hardware solutions / Firmware
F35
Hardware solutions / Firmware
F60
Hardware solutions / Firmware
G30
Hardware solutions / Firmware
G60
Hardware solutions / Firmware
L30
Hardware solutions / Firmware
L60
Hardware solutions / Firmware
L90
Hardware solutions / Firmware
M60
Hardware solutions / Firmware
N60
Hardware solutions / Firmware
T35
Hardware solutions / Firmware
T60
Hardware solutions / Firmware

Vendor:

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to the UR IED with “Basic” security variant does not allow the disabling of the “Factory Mode", which is used for servicing the IED by a “Factory” user. A remote attacker who can execute arbitrary code on the system.

Note: This vulnerability affects the following versions of Provisions to disable Factory Mode:

• all firmware versions prior to 8.1x with basic security option

Mitigation
Install updates from vendor's website.

Vulnerable software versions

---

External links
http://ics-cert.us-cert.gov/advisories/icsa-21-075-02

---

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.