GE UR IED firmware versions prior to version 8.1x supports upgrading firmware using UR Setup configuration tool – Enervista UR Setup. This UR Setup tool validates the authenticity and integrity of firmware file before uploading the UR IED. An illegitimate user could upgrade firmware without appropriate privileges. The weakness is assessed, and mitigation is implemented in firmware Version 8.10.
References
Link | Resource |
---|---|
https://www.cisa.gov/uscert/ics/advisories/icsa-21-075-02 | Mitigation Third Party Advisory US Government Resource |
https://www.gegridsolutions.com/Passport/Login.aspx | Permissions Required Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
AND |
|
Configuration 10 (hide)
AND |
|
Configuration 11 (hide)
AND |
|
Configuration 12 (hide)
AND |
|
Configuration 13 (hide)
AND |
|
Configuration 14 (hide)
AND |
|
Configuration 15 (hide)
AND |
|
Configuration 16 (hide)
AND |
|
Configuration 17 (hide)
AND |
|
Configuration 18 (hide)
AND |
|
Configuration 19 (hide)
AND |
|
History
01 Apr 2022, 15:28
Type | Values Removed | Values Added |
---|---|---|
First Time |
Ge multilin N60 Firmware
Ge multilin L60 Firmware Ge multilin C30 Firmware Ge multilin F60 Firmware Ge multilin C95 Ge multilin T60 Firmware Ge multilin G60 Ge multilin L90 Ge multilin C70 Firmware Ge multilin T35 Firmware Ge multilin B90 Firmware Ge multilin F35 Ge multilin C60 Ge multilin N60 Ge multilin B30 Firmware Ge multilin G30 Firmware Ge multilin L30 Ge multilin B90 Ge multilin T35 Ge multilin T60 Ge multilin M60 Ge multilin D30 Ge multilin C70 Ge multilin C95 Firmware Ge multilin D30 Firmware Ge multilin C60 Firmware Ge Ge multilin G60 Firmware Ge multilin G30 Ge multilin M60 Firmware Ge multilin F60 Ge multilin L90 Firmware Ge multilin F35 Firmware Ge multilin L60 Ge multilin D60 Firmware Ge multilin B30 Ge multilin C30 Ge multilin D60 Ge multilin L30 Firmware |
|
CVSS |
v2 : v3 : |
v2 : 7.5
v3 : 9.8 |
CWE | CWE-434 | |
CPE | cpe:2.3:h:ge:multilin_d30:-:*:*:*:*:*:*:* cpe:2.3:o:ge:multilin_b30_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:ge:multilin_c60_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:ge:multilin_g60_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:ge:multilin_m60_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:ge:multilin_n60:-:*:*:*:*:*:*:* cpe:2.3:h:ge:multilin_t60:-:*:*:*:*:*:*:* cpe:2.3:o:ge:multilin_g30_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:ge:multilin_g60:-:*:*:*:*:*:*:* cpe:2.3:o:ge:multilin_c30_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:ge:multilin_d30_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:ge:multilin_b90_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:ge:multilin_c70:-:*:*:*:*:*:*:* cpe:2.3:h:ge:multilin_d60:-:*:*:*:*:*:*:* cpe:2.3:h:ge:multilin_g30:-:*:*:*:*:*:*:* cpe:2.3:h:ge:multilin_t35:-:*:*:*:*:*:*:* cpe:2.3:h:ge:multilin_l60:-:*:*:*:*:*:*:* cpe:2.3:o:ge:multilin_l90_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:ge:multilin_c95_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:ge:multilin_c95:-:*:*:*:*:*:*:* cpe:2.3:h:ge:multilin_l30:-:*:*:*:*:*:*:* cpe:2.3:h:ge:multilin_f35:-:*:*:*:*:*:*:* cpe:2.3:o:ge:multilin_t35_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:ge:multilin_t60_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:ge:multilin_c30:-:*:*:*:*:*:*:* cpe:2.3:h:ge:multilin_b90:-:*:*:*:*:*:*:* cpe:2.3:h:ge:multilin_c60:-:*:*:*:*:*:*:* cpe:2.3:o:ge:multilin_f35_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:ge:multilin_l30_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:ge:multilin_f60:-:*:*:*:*:*:*:* cpe:2.3:h:ge:multilin_l90:-:*:*:*:*:*:*:* cpe:2.3:h:ge:multilin_m60:-:*:*:*:*:*:*:* cpe:2.3:o:ge:multilin_c70_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:ge:multilin_b30:-:*:*:*:*:*:*:* cpe:2.3:o:ge:multilin_d60_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:ge:multilin_n60_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:ge:multilin_l60_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:ge:multilin_f60_firmware:*:*:*:*:*:*:*:* |
|
References | (CONFIRM) https://www.cisa.gov/uscert/ics/advisories/icsa-21-075-02 - Mitigation, Third Party Advisory, US Government Resource | |
References | (CONFIRM) https://www.gegridsolutions.com/Passport/Login.aspx - Permissions Required, Vendor Advisory |
23 Mar 2022, 20:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-03-23 20:15
Updated : 2023-12-10 14:22
NVD link : CVE-2021-27428
Mitre link : CVE-2021-27428
CVE.ORG link : CVE-2021-27428
JSON object : View
Products Affected
ge
- multilin_l30
- multilin_f60
- multilin_g60_firmware
- multilin_g30_firmware
- multilin_c30
- multilin_m60
- multilin_f35_firmware
- multilin_t60
- multilin_g60
- multilin_c60
- multilin_g30
- multilin_t60_firmware
- multilin_f60_firmware
- multilin_l90_firmware
- multilin_b90
- multilin_c95_firmware
- multilin_d30
- multilin_l30_firmware
- multilin_n60
- multilin_c30_firmware
- multilin_b30
- multilin_t35_firmware
- multilin_f35
- multilin_b90_firmware
- multilin_d30_firmware
- multilin_c70
- multilin_n60_firmware
- multilin_m60_firmware
- multilin_l60
- multilin_c95
- multilin_d60_firmware
- multilin_d60
- multilin_c60_firmware
- multilin_l60_firmware
- multilin_l90
- multilin_b30_firmware
- multilin_t35
- multilin_c70_firmware
CWE
CWE-434
Unrestricted Upload of File with Dangerous Type