GE UR firmware versions prior to version 8.1x web server task does not properly handle receipt of unsupported HTTP verbs, resulting in the web server becoming temporarily unresponsive after receiving a series of unsupported HTTP requests. When unresponsive, the web server is inaccessible. By itself, this is not particularly significant as the relay remains effective in all other functionality and communication channels.
References
Link | Resource |
---|---|
https://www.cisa.gov/uscert/ics/advisories/icsa-21-075-02 | Mitigation Third Party Advisory US Government Resource |
https://www.gegridsolutions.com/Passport/Login.aspx | Permissions Required Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
AND |
|
Configuration 10 (hide)
AND |
|
Configuration 11 (hide)
AND |
|
Configuration 12 (hide)
AND |
|
Configuration 13 (hide)
AND |
|
Configuration 14 (hide)
AND |
|
Configuration 15 (hide)
AND |
|
Configuration 16 (hide)
AND |
|
Configuration 17 (hide)
AND |
|
Configuration 18 (hide)
AND |
|
Configuration 19 (hide)
AND |
|
History
01 Apr 2022, 18:25
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-20 | |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 5.3 |
References | (CONFIRM) https://www.cisa.gov/uscert/ics/advisories/icsa-21-075-02 - Mitigation, Third Party Advisory, US Government Resource | |
References | (CONFIRM) https://www.gegridsolutions.com/Passport/Login.aspx - Permissions Required, Vendor Advisory | |
CPE | cpe:2.3:o:ge:multilin_d60_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:ge:multilin_n60_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:ge:multilin_b90:-:*:*:*:*:*:*:* cpe:2.3:o:ge:multilin_c70_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:ge:multilin_l90:-:*:*:*:*:*:*:* cpe:2.3:o:ge:multilin_d30_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:ge:multilin_t60:-:*:*:*:*:*:*:* cpe:2.3:o:ge:multilin_b30_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:ge:multilin_m60_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:ge:multilin_c30:-:*:*:*:*:*:*:* cpe:2.3:o:ge:multilin_f35_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:ge:multilin_c60_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:ge:multilin_c95:-:*:*:*:*:*:*:* cpe:2.3:h:ge:multilin_g30:-:*:*:*:*:*:*:* cpe:2.3:h:ge:multilin_f60:-:*:*:*:*:*:*:* cpe:2.3:h:ge:multilin_c70:-:*:*:*:*:*:*:* cpe:2.3:h:ge:multilin_g60:-:*:*:*:*:*:*:* cpe:2.3:h:ge:multilin_l60:-:*:*:*:*:*:*:* cpe:2.3:h:ge:multilin_m60:-:*:*:*:*:*:*:* cpe:2.3:o:ge:multilin_t35_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:ge:multilin_t35:-:*:*:*:*:*:*:* cpe:2.3:o:ge:multilin_g30_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:ge:multilin_n60:-:*:*:*:*:*:*:* cpe:2.3:o:ge:multilin_l90_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:ge:multilin_d30:-:*:*:*:*:*:*:* cpe:2.3:o:ge:multilin_c95_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:ge:multilin_c60:-:*:*:*:*:*:*:* cpe:2.3:o:ge:multilin_g60_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:ge:multilin_l60_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:ge:multilin_d60:-:*:*:*:*:*:*:* cpe:2.3:o:ge:multilin_t60_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:ge:multilin_f60_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:ge:multilin_f35:-:*:*:*:*:*:*:* cpe:2.3:h:ge:multilin_l30:-:*:*:*:*:*:*:* cpe:2.3:o:ge:multilin_l30_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:ge:multilin_b30:-:*:*:*:*:*:*:* cpe:2.3:o:ge:multilin_b90_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:ge:multilin_c30_firmware:*:*:*:*:*:*:*:* |
23 Mar 2022, 20:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-03-23 20:15
Updated : 2024-02-04 22:29
NVD link : CVE-2021-27420
Mitre link : CVE-2021-27420
CVE.ORG link : CVE-2021-27420
JSON object : View
Products Affected
ge
- multilin_c95
- multilin_n60_firmware
- multilin_n60
- multilin_b90
- multilin_t35_firmware
- multilin_d60
- multilin_g60_firmware
- multilin_g60
- multilin_b30
- multilin_l30_firmware
- multilin_t35
- multilin_l90
- multilin_l90_firmware
- multilin_f60_firmware
- multilin_b30_firmware
- multilin_m60_firmware
- multilin_b90_firmware
- multilin_f35
- multilin_g30
- multilin_d30
- multilin_g30_firmware
- multilin_c30
- multilin_d30_firmware
- multilin_m60
- multilin_d60_firmware
- multilin_l30
- multilin_t60_firmware
- multilin_l60_firmware
- multilin_t60
- multilin_c60
- multilin_f60
- multilin_c30_firmware
- multilin_c60_firmware
- multilin_c70_firmware
- multilin_f35_firmware
- multilin_c70
- multilin_l60
- multilin_c95_firmware
CWE
CWE-20
Improper Input Validation