GE UR firmware versions prior to version 8.1x supports web interface with read-only access. The device fails to properly validate user input, making it possible to perform cross-site scripting attacks, which may be used to send a malicious script. Also, UR Firmware web server does not perform HTML encoding of user-supplied strings.
References
Link | Resource |
---|---|
https://www.cisa.gov/uscert/ics/advisories/icsa-21-075-02 | Mitigation Third Party Advisory US Government Resource |
https://www.gegridsolutions.com/Passport/Login.aspx | Permissions Required Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
AND |
|
Configuration 10 (hide)
AND |
|
Configuration 11 (hide)
AND |
|
Configuration 12 (hide)
AND |
|
Configuration 13 (hide)
AND |
|
Configuration 14 (hide)
AND |
|
Configuration 15 (hide)
AND |
|
Configuration 16 (hide)
AND |
|
Configuration 17 (hide)
AND |
|
Configuration 18 (hide)
AND |
|
Configuration 19 (hide)
AND |
|
History
01 Apr 2022, 18:26
Type | Values Removed | Values Added |
---|---|---|
References | (CONFIRM) https://www.cisa.gov/uscert/ics/advisories/icsa-21-075-02 - Mitigation, Third Party Advisory, US Government Resource | |
References | (CONFIRM) https://www.gegridsolutions.com/Passport/Login.aspx - Permissions Required, Vendor Advisory | |
First Time |
Ge multilin N60 Firmware
Ge multilin L60 Firmware Ge multilin C30 Firmware Ge multilin F60 Firmware Ge multilin C95 Ge multilin T60 Firmware Ge multilin G60 Ge multilin L90 Ge multilin C70 Firmware Ge multilin T35 Firmware Ge multilin B90 Firmware Ge multilin F35 Ge multilin C60 Ge multilin N60 Ge multilin B30 Firmware Ge multilin G30 Firmware Ge multilin L30 Ge multilin B90 Ge multilin T35 Ge multilin T60 Ge multilin M60 Ge multilin D30 Ge multilin C70 Ge multilin C95 Firmware Ge multilin D30 Firmware Ge multilin C60 Firmware Ge Ge multilin G60 Firmware Ge multilin G30 Ge multilin M60 Firmware Ge multilin F60 Ge multilin L90 Firmware Ge multilin F35 Firmware Ge multilin L60 Ge multilin D60 Firmware Ge multilin B30 Ge multilin C30 Ge multilin D60 Ge multilin L30 Firmware |
|
CPE | cpe:2.3:h:ge:multilin_d30:-:*:*:*:*:*:*:* cpe:2.3:o:ge:multilin_b30_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:ge:multilin_c60_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:ge:multilin_g60_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:ge:multilin_m60_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:ge:multilin_n60:-:*:*:*:*:*:*:* cpe:2.3:h:ge:multilin_t60:-:*:*:*:*:*:*:* cpe:2.3:o:ge:multilin_g30_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:ge:multilin_g60:-:*:*:*:*:*:*:* cpe:2.3:o:ge:multilin_c30_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:ge:multilin_d30_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:ge:multilin_b90_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:ge:multilin_c70:-:*:*:*:*:*:*:* cpe:2.3:h:ge:multilin_d60:-:*:*:*:*:*:*:* cpe:2.3:h:ge:multilin_g30:-:*:*:*:*:*:*:* cpe:2.3:h:ge:multilin_t35:-:*:*:*:*:*:*:* cpe:2.3:h:ge:multilin_l60:-:*:*:*:*:*:*:* cpe:2.3:o:ge:multilin_l90_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:ge:multilin_c95_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:ge:multilin_c95:-:*:*:*:*:*:*:* cpe:2.3:h:ge:multilin_l30:-:*:*:*:*:*:*:* cpe:2.3:h:ge:multilin_f35:-:*:*:*:*:*:*:* cpe:2.3:o:ge:multilin_t35_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:ge:multilin_t60_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:ge:multilin_c30:-:*:*:*:*:*:*:* cpe:2.3:h:ge:multilin_b90:-:*:*:*:*:*:*:* cpe:2.3:h:ge:multilin_c60:-:*:*:*:*:*:*:* cpe:2.3:o:ge:multilin_f35_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:ge:multilin_l30_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:ge:multilin_f60:-:*:*:*:*:*:*:* cpe:2.3:h:ge:multilin_l90:-:*:*:*:*:*:*:* cpe:2.3:h:ge:multilin_m60:-:*:*:*:*:*:*:* cpe:2.3:o:ge:multilin_c70_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:ge:multilin_b30:-:*:*:*:*:*:*:* cpe:2.3:o:ge:multilin_d60_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:ge:multilin_n60_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:ge:multilin_l60_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:ge:multilin_f60_firmware:*:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : 4.3
v3 : 6.1 |
CWE | CWE-79 |
23 Mar 2022, 20:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-03-23 20:15
Updated : 2023-12-10 14:22
NVD link : CVE-2021-27418
Mitre link : CVE-2021-27418
CVE.ORG link : CVE-2021-27418
JSON object : View
Products Affected
ge
- multilin_l30
- multilin_f60
- multilin_g60_firmware
- multilin_g30_firmware
- multilin_c30
- multilin_m60
- multilin_f35_firmware
- multilin_t60
- multilin_g60
- multilin_c60
- multilin_g30
- multilin_t60_firmware
- multilin_f60_firmware
- multilin_l90_firmware
- multilin_b90
- multilin_c95_firmware
- multilin_d30
- multilin_l30_firmware
- multilin_n60
- multilin_c30_firmware
- multilin_b30
- multilin_t35_firmware
- multilin_f35
- multilin_b90_firmware
- multilin_d30_firmware
- multilin_c70
- multilin_n60_firmware
- multilin_m60_firmware
- multilin_l60
- multilin_c95
- multilin_d60_firmware
- multilin_d60
- multilin_c60_firmware
- multilin_l60_firmware
- multilin_l90
- multilin_b30_firmware
- multilin_t35
- multilin_c70_firmware