#VU51530 Information disclosure in GE products - CVE-2021-27424
Published: March 17, 2021
Vulnerability identifier: #VU51530
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2021-27424
CWE-ID: CWE-200
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
B30
C30
C60
C70
C95
D30
D60
F35
F60
G30
G60
L30
L60
L90
M60
N60
T35
T60
B30
C30
C60
C70
C95
D30
D60
F35
F60
G30
G60
L30
L60
L90
M60
N60
T35
T60
Software vendor:
GE
GE
Description
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to the UR shares MODBUS memory map as part of the communications guide. A remote attacker can gain unauthorized access to sensitive information on the system.
Note: This vulnerability affects the following versions of Access to “Last-key pressed” register:
- all firmware versions prior to 8.1x with basic security option
Remediation
Install updates from vendor's website.