CVE-2021-27420
GE UR family input validation
Severity Score
5.3
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
GE UR firmware versions prior to version 8.1x web server task does not properly handle receipt of unsupported HTTP verbs, resulting in the web server becoming temporarily unresponsive after receiving a series of unsupported HTTP requests. When unresponsive, the web server is inaccessible. By itself, this is not particularly significant as the relay remains effective in all other functionality and communication channels.
GE UR versiones de firmware anteriores a versión 8.1x, de la tarea del servidor web no manejan apropiadamente la recepción de verbos HTTP no admitidos, resultando en que el servidor web deje de responder temporalmente tras recibir una serie de peticiones HTTP no admitidas. Cuando no responde, el servidor web es inaccesible. Por sí mismo, esto no es particularmente significativo, ya que el relé sigue siendo efectivo en todas las demás funcionalidades y canales de comunicación
*Credits:
SCADA-X, DOE’s Cyber Testing for Resilient Industrial Control Systems (CyTRICS) program, Verve Industrial, and VuMetric reported these vulnerabilities to GE.
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2021-02-19 CVE Reserved
- 2022-03-23 CVE Published
- 2024-08-03 CVE Updated
- 2024-12-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (1)
| URL | Tag | Source |
|---|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-21-075-02 | Mitigation |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Ge Search vendor "Ge" | Multilin B30 Firmware Search vendor "Ge" for product "Multilin B30 Firmware" | < 8.10 Search vendor "Ge" for product "Multilin B30 Firmware" and version " < 8.10" | - |
Affected
| in | Ge Search vendor "Ge" | Multilin B30 Search vendor "Ge" for product "Multilin B30" | - | - |
Safe
|
| Ge Search vendor "Ge" | Multilin B90 Firmware Search vendor "Ge" for product "Multilin B90 Firmware" | < 8.10 Search vendor "Ge" for product "Multilin B90 Firmware" and version " < 8.10" | - |
Affected
| in | Ge Search vendor "Ge" | Multilin B90 Search vendor "Ge" for product "Multilin B90" | - | - |
Safe
|
| Ge Search vendor "Ge" | Multilin C60 Firmware Search vendor "Ge" for product "Multilin C60 Firmware" | < 8.10 Search vendor "Ge" for product "Multilin C60 Firmware" and version " < 8.10" | - |
Affected
| in | Ge Search vendor "Ge" | Multilin C60 Search vendor "Ge" for product "Multilin C60" | - | - |
Safe
|
| Ge Search vendor "Ge" | Multilin C70 Firmware Search vendor "Ge" for product "Multilin C70 Firmware" | < 8.10 Search vendor "Ge" for product "Multilin C70 Firmware" and version " < 8.10" | - |
Affected
| in | Ge Search vendor "Ge" | Multilin C70 Search vendor "Ge" for product "Multilin C70" | - | - |
Safe
|
| Ge Search vendor "Ge" | Multilin C95 Firmware Search vendor "Ge" for product "Multilin C95 Firmware" | < 8.10 Search vendor "Ge" for product "Multilin C95 Firmware" and version " < 8.10" | - |
Affected
| in | Ge Search vendor "Ge" | Multilin C95 Search vendor "Ge" for product "Multilin C95" | - | - |
Safe
|
| Ge Search vendor "Ge" | Multilin D30 Firmware Search vendor "Ge" for product "Multilin D30 Firmware" | < 8.10 Search vendor "Ge" for product "Multilin D30 Firmware" and version " < 8.10" | - |
Affected
| in | Ge Search vendor "Ge" | Multilin D30 Search vendor "Ge" for product "Multilin D30" | - | - |
Safe
|
| Ge Search vendor "Ge" | Multilin D60 Firmware Search vendor "Ge" for product "Multilin D60 Firmware" | < 8.10 Search vendor "Ge" for product "Multilin D60 Firmware" and version " < 8.10" | - |
Affected
| in | Ge Search vendor "Ge" | Multilin D60 Search vendor "Ge" for product "Multilin D60" | - | - |
Safe
|
| Ge Search vendor "Ge" | Multilin F35 Firmware Search vendor "Ge" for product "Multilin F35 Firmware" | < 8.10 Search vendor "Ge" for product "Multilin F35 Firmware" and version " < 8.10" | - |
Affected
| in | Ge Search vendor "Ge" | Multilin F35 Search vendor "Ge" for product "Multilin F35" | - | - |
Safe
|
| Ge Search vendor "Ge" | Multilin F60 Firmware Search vendor "Ge" for product "Multilin F60 Firmware" | < 8.10 Search vendor "Ge" for product "Multilin F60 Firmware" and version " < 8.10" | - |
Affected
| in | Ge Search vendor "Ge" | Multilin F60 Search vendor "Ge" for product "Multilin F60" | - | - |
Safe
|
| Ge Search vendor "Ge" | Multilin G30 Firmware Search vendor "Ge" for product "Multilin G30 Firmware" | < 8.10 Search vendor "Ge" for product "Multilin G30 Firmware" and version " < 8.10" | - |
Affected
| in | Ge Search vendor "Ge" | Multilin G30 Search vendor "Ge" for product "Multilin G30" | - | - |
Safe
|
| Ge Search vendor "Ge" | Multilin G60 Firmware Search vendor "Ge" for product "Multilin G60 Firmware" | < 8.10 Search vendor "Ge" for product "Multilin G60 Firmware" and version " < 8.10" | - |
Affected
| in | Ge Search vendor "Ge" | Multilin G60 Search vendor "Ge" for product "Multilin G60" | - | - |
Safe
|
| Ge Search vendor "Ge" | Multilin L30 Firmware Search vendor "Ge" for product "Multilin L30 Firmware" | < 8.10 Search vendor "Ge" for product "Multilin L30 Firmware" and version " < 8.10" | - |
Affected
| in | Ge Search vendor "Ge" | Multilin L30 Search vendor "Ge" for product "Multilin L30" | - | - |
Safe
|
| Ge Search vendor "Ge" | Multilin L60 Firmware Search vendor "Ge" for product "Multilin L60 Firmware" | < 8.10 Search vendor "Ge" for product "Multilin L60 Firmware" and version " < 8.10" | - |
Affected
| in | Ge Search vendor "Ge" | Multilin L60 Search vendor "Ge" for product "Multilin L60" | - | - |
Safe
|
| Ge Search vendor "Ge" | Multilin L90 Firmware Search vendor "Ge" for product "Multilin L90 Firmware" | < 8.10 Search vendor "Ge" for product "Multilin L90 Firmware" and version " < 8.10" | - |
Affected
| in | Ge Search vendor "Ge" | Multilin L90 Search vendor "Ge" for product "Multilin L90" | - | - |
Safe
|
| Ge Search vendor "Ge" | Multilin M60 Firmware Search vendor "Ge" for product "Multilin M60 Firmware" | < 8.10 Search vendor "Ge" for product "Multilin M60 Firmware" and version " < 8.10" | - |
Affected
| in | Ge Search vendor "Ge" | Multilin M60 Search vendor "Ge" for product "Multilin M60" | - | - |
Safe
|
| Ge Search vendor "Ge" | Multilin N60 Firmware Search vendor "Ge" for product "Multilin N60 Firmware" | < 8.10 Search vendor "Ge" for product "Multilin N60 Firmware" and version " < 8.10" | - |
Affected
| in | Ge Search vendor "Ge" | Multilin N60 Search vendor "Ge" for product "Multilin N60" | - | - |
Safe
|
| Ge Search vendor "Ge" | Multilin T35 Firmware Search vendor "Ge" for product "Multilin T35 Firmware" | < 8.10 Search vendor "Ge" for product "Multilin T35 Firmware" and version " < 8.10" | - |
Affected
| in | Ge Search vendor "Ge" | Multilin T35 Search vendor "Ge" for product "Multilin T35" | - | - |
Safe
|
| Ge Search vendor "Ge" | Multilin T60 Firmware Search vendor "Ge" for product "Multilin T60 Firmware" | < 8.10 Search vendor "Ge" for product "Multilin T60 Firmware" and version " < 8.10" | - |
Affected
| in | Ge Search vendor "Ge" | Multilin T60 Search vendor "Ge" for product "Multilin T60" | - | - |
Safe
|
| Ge Search vendor "Ge" | Multilin C30 Firmware Search vendor "Ge" for product "Multilin C30 Firmware" | < 8.10 Search vendor "Ge" for product "Multilin C30 Firmware" and version " < 8.10" | - |
Affected
| in | Ge Search vendor "Ge" | Multilin C30 Search vendor "Ge" for product "Multilin C30" | - | - |
Safe
|