CVE-2021-27420

GE UR firmware versions prior to version 8.1x web server task does not properly handle receipt of unsupported HTTP verbs, resulting in the web server becoming temporarily unresponsive after receiving a series of unsupported HTTP requests. When unresponsive, the web server is inaccessible. By itself, this is not particularly significant as the relay remains effective in all other functionality and communication channels.

CVSS v3 5.3 MEDIUM
CVSS v2.0 5.0 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-21-075-02	Mitigation Third Party Advisory US Government Resource
https://www.gegridsolutions.com/Passport/Login.aspx	Permissions Required Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:ge:multilin_b30_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ge:multilin_b30:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:ge:multilin_b90_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ge:multilin_b90:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:ge:multilin_c60_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ge:multilin_c60:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:ge:multilin_c70_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ge:multilin_c70:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:ge:multilin_c95_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ge:multilin_c95:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:ge:multilin_d30_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ge:multilin_d30:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:ge:multilin_d60_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ge:multilin_d60:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:ge:multilin_f35_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ge:multilin_f35:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:ge:multilin_f60_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ge:multilin_f60:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:ge:multilin_g30_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ge:multilin_g30:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:ge:multilin_g60_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ge:multilin_g60:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:ge:multilin_l30_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ge:multilin_l30:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:ge:multilin_l60_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ge:multilin_l60:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:ge:multilin_l90_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ge:multilin_l90:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:ge:multilin_m60_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ge:multilin_m60:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:ge:multilin_n60_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ge:multilin_n60:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:ge:multilin_t35_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ge:multilin_t35:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND

cpe:2.3:o:ge:multilin_t60_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ge:multilin_t60:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND

cpe:2.3:o:ge:multilin_c30_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ge:multilin_c30:-:*:*:*:*:*:*:*

History

01 Apr 2022, 18:25

Type	Values Removed	Values Added
CWE		CWE-20
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 5.0 v3 : 5.3
References	~~(CONFIRM) https://www.cisa.gov/uscert/ics/advisories/icsa-21-075-02 -~~	(CONFIRM) https://www.cisa.gov/uscert/ics/advisories/icsa-21-075-02 - Mitigation, Third Party Advisory, US Government Resource
References	~~(CONFIRM) https://www.gegridsolutions.com/Passport/Login.aspx -~~	(CONFIRM) https://www.gegridsolutions.com/Passport/Login.aspx - Permissions Required, Vendor Advisory
CPE		cpe:2.3:o:ge:multilin_d60_firmware:::::::: cpe:2.3:o:ge:multilin_n60_firmware:::::::: cpe:2.3:h:ge:multilin_b90:-:::::::* cpe:2.3:o:ge:multilin_c70_firmware:::::::: cpe:2.3:h:ge:multilin_l90:-:::::::* cpe:2.3:o:ge:multilin_d30_firmware:::::::: cpe:2.3:h:ge:multilin_t60:-:::::::* cpe:2.3:o:ge:multilin_b30_firmware:::::::: cpe:2.3:o:ge:multilin_m60_firmware:::::::: cpe:2.3:h:ge:multilin_c30:-:::::::* cpe:2.3:o:ge:multilin_f35_firmware:::::::: cpe:2.3:o:ge:multilin_c60_firmware:::::::: cpe:2.3:h:ge:multilin_c95:-:::::::* cpe:2.3:h:ge:multilin_g30:-:::::::* cpe:2.3:h:ge:multilin_f60:-:::::::* cpe:2.3:h:ge:multilin_c70:-:::::::* cpe:2.3:h:ge:multilin_g60:-:::::::* cpe:2.3:h:ge:multilin_l60:-:::::::* cpe:2.3:h:ge:multilin_m60:-:::::::* cpe:2.3:o:ge:multilin_t35_firmware:::::::: cpe:2.3:h:ge:multilin_t35:-:::::::* cpe:2.3:o:ge:multilin_g30_firmware:::::::: cpe:2.3:h:ge:multilin_n60:-:::::::* cpe:2.3:o:ge:multilin_l90_firmware:::::::: cpe:2.3:h:ge:multilin_d30:-:::::::* cpe:2.3:o:ge:multilin_c95_firmware:::::::: cpe:2.3:h:ge:multilin_c60:-:::::::* cpe:2.3:o:ge:multilin_g60_firmware:::::::: cpe:2.3:o:ge:multilin_l60_firmware:::::::: cpe:2.3:h:ge:multilin_d60:-:::::::* cpe:2.3:o:ge:multilin_t60_firmware:::::::: cpe:2.3:o:ge:multilin_f60_firmware:::::::: cpe:2.3:h:ge:multilin_f35:-:::::::* cpe:2.3:h:ge:multilin_l30:-:::::::* cpe:2.3:o:ge:multilin_l30_firmware:::::::: cpe:2.3:h:ge:multilin_b30:-:::::::* cpe:2.3:o:ge:multilin_b90_firmware:::::::: cpe:2.3:o:ge:multilin_c30_firmware::::::::

23 Mar 2022, 20:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-03-23 20:15

Updated : 2024-02-04 22:29

NVD link : CVE-2021-27420

Mitre link : CVE-2021-27420

CVE.ORG link : CVE-2021-27420

JSON object : View

Products Affected

multilin_c95
multilin_n60_firmware
multilin_n60
multilin_b90
multilin_t35_firmware
multilin_d60
multilin_g60_firmware
multilin_g60
multilin_b30
multilin_l30_firmware
multilin_t35
multilin_l90
multilin_l90_firmware
multilin_f60_firmware
multilin_b30_firmware
multilin_m60_firmware
multilin_b90_firmware
multilin_f35
multilin_g30
multilin_d30
multilin_g30_firmware
multilin_c30
multilin_d30_firmware
multilin_m60
multilin_d60_firmware
multilin_l30
multilin_t60_firmware
multilin_l60_firmware
multilin_t60
multilin_c60
multilin_f60
multilin_c30_firmware
multilin_c60_firmware
multilin_c70_firmware
multilin_f35_firmware
multilin_c70
multilin_l60
multilin_c95_firmware

CWE

CWE-20

Improper Input Validation

5.3 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

5.0 /10

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

JSON object

Attach tags to CVE-2021-27420

5.3^/10

5.0^/10

Attach tags to `CVE-2021-27420`