Vulnerability-Lookup

CVE-2021-27454 (GCVE-0-2021-27454)

Vulnerability from cvelistv5 – Published: 2021-03-25 19:33 – Updated: 2024-08-03 20:48

Summary

Severity

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-250 - EXECUTION WITH UNNECESSARY PRIVILEGES CWE-250

Assigner

icscert

References

1 reference

URL	Tags
https://us-cert.cisa.gov/ics/advisories/icsa-21-082-03	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
n/a	Reason DR60	Affected: All firmware versions prior to 02A04.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T20:48:17.242Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-082-03"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Reason DR60",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "All firmware versions prior to 02A04.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The software performs an operation at a privilege level higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses on the Reason DR60 (all firmware versions prior to 02A04.1)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-250",
              "description": "EXECUTION WITH UNNECESSARY PRIVILEGES CWE-250",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-03-25T19:33:20.000Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-082-03"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2021-27454",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Reason DR60",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All firmware versions prior to 02A04.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The software performs an operation at a privilege level higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses on the Reason DR60 (all firmware versions prior to 02A04.1)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "EXECUTION WITH UNNECESSARY PRIVILEGES CWE-250"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-082-03",
              "refsource": "MISC",
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-082-03"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2021-27454",
    "datePublished": "2021-03-25T19:33:20.000Z",
    "dateReserved": "2021-02-19T00:00:00.000Z",
    "dateUpdated": "2024-08-03T20:48:17.242Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2021-27454",
      "date": "2026-06-02",
      "epss": "0.00048",
      "percentile": "0.15286"
    },
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:ge:reason_dr60_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"02a04.1\", \"matchCriteriaId\": \"86109B55-8EBB-4C76-90C6-755C1469D8B1\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:ge:reason_dr60:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"095915F9-9B1A-4C1A-8D1F-80379B0B682C\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The software performs an operation at a privilege level higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses on the Reason DR60 (all firmware versions prior to 02A04.1).\"}, {\"lang\": \"es\", \"value\": \"El software lleva a cabo una operaci\\u00f3n en un nivel de privilegio mayor que el nivel m\\u00ednimo requerido, lo que crea nuevas debilidades o amplifica las consecuencias de otras debilidades en el Reason DR60 (todas las versiones de firmware anteriores a 02A04.1)\"}]",
      "id": "CVE-2021-27454",
      "lastModified": "2024-11-21T05:58:01.307",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 4.6, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 3.9, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2021-03-25T20:15:13.303",
      "references": "[{\"url\": \"https://us-cert.cisa.gov/ics/advisories/icsa-21-082-03\", \"source\": \"ics-cert@hq.dhs.gov\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"https://us-cert.cisa.gov/ics/advisories/icsa-21-082-03\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}]",
      "sourceIdentifier": "ics-cert@hq.dhs.gov",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"ics-cert@hq.dhs.gov\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-250\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-269\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-27454\",\"sourceIdentifier\":\"ics-cert@hq.dhs.gov\",\"published\":\"2021-03-25T20:15:13.303\",\"lastModified\":\"2024-11-21T05:58:01.307\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The software performs an operation at a privilege level higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses on the Reason DR60 (all firmware versions prior to 02A04.1).\"},{\"lang\":\"es\",\"value\":\"El software lleva a cabo una operaci\u00f3n en un nivel de privilegio mayor que el nivel m\u00ednimo requerido, lo que crea nuevas debilidades o amplifica las consecuencias de otras debilidades en el Reason DR60 (todas las versiones de firmware anteriores a 02A04.1)\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":4.6,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.9,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-250\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-269\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ge:reason_dr60_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"02a04.1\",\"matchCriteriaId\":\"86109B55-8EBB-4C76-90C6-755C1469D8B1\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ge:reason_dr60:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"095915F9-9B1A-4C1A-8D1F-80379B0B682C\"}]}]}],\"references\":[{\"url\":\"https://us-cert.cisa.gov/ics/advisories/icsa-21-082-03\",\"source\":\"ics-cert@hq.dhs.gov\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://us-cert.cisa.gov/ics/advisories/icsa-21-082-03\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]}]}}"
  }
}

CNVD-2021-24019

Vulnerability from cnvd - Published: 2021-03-31

Title

GE Reason DR60权限不当漏洞

Description

Reason DR60是GE公司推出的一款集中、一体式多功能数字故障记录器（DFR）。 GE Reason DR60 02A04.1之前版本固件存在权限不当漏洞。该漏洞源于该软件以高于所需最低权限的权限水平执行操作。目前没有详细的漏洞细节提供。

Severity

中

Patch Name

GE Reason DR60权限不当漏洞的补丁

Patch Description

Reason DR60是GE公司推出的一款集中、一体式多功能数字故障记录器（DFR）。 GE Reason DR60 02A04.1之前版本固件存在权限不当漏洞。该漏洞源于该软件以高于所需最低权限的权限水平执行操作。目前没有详细的漏洞细节提供。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://www.gegridsolutions.com/Passport/Login.aspx?ReturnUrl=%2fapp%2fviewfiles.aspx%3fprod%3dDR60%26type%3d21

Reference

https://us-cert.cisa.gov/ics/advisories/icsa-21-082-03

Impacted products

Name
GE Reason DR60 <02A04.1

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-27454",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2021-27454"
    }
  },
  "description": "Reason DR60\u662fGE\u516c\u53f8\u63a8\u51fa\u7684\u4e00\u6b3e\u96c6\u4e2d\u3001\u4e00\u4f53\u5f0f\u591a\u529f\u80fd\u6570\u5b57\u6545\u969c\u8bb0\u5f55\u5668\uff08DFR\uff09\u3002\n\nGE Reason DR60 02A04.1\u4e4b\u524d\u7248\u672c\u56fa\u4ef6\u5b58\u5728\u6743\u9650\u4e0d\u5f53\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u8be5\u8f6f\u4ef6\u4ee5\u9ad8\u4e8e\u6240\u9700\u6700\u4f4e\u6743\u9650\u7684\u6743\u9650\u6c34\u5e73\u6267\u884c\u64cd\u4f5c\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.gegridsolutions.com/Passport/Login.aspx?ReturnUrl=%2fapp%2fviewfiles.aspx%3fprod%3dDR60%26type%3d21",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-24019",
  "openTime": "2021-03-31",
  "patchDescription": "Reason DR60\u662fGE\u516c\u53f8\u63a8\u51fa\u7684\u4e00\u6b3e\u96c6\u4e2d\u3001\u4e00\u4f53\u5f0f\u591a\u529f\u80fd\u6570\u5b57\u6545\u969c\u8bb0\u5f55\u5668\uff08DFR\uff09\u3002\r\n\r\nGE Reason DR60 02A04.1\u4e4b\u524d\u7248\u672c\u56fa\u4ef6\u5b58\u5728\u6743\u9650\u4e0d\u5f53\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u8be5\u8f6f\u4ef6\u4ee5\u9ad8\u4e8e\u6240\u9700\u6700\u4f4e\u6743\u9650\u7684\u6743\u9650\u6c34\u5e73\u6267\u884c\u64cd\u4f5c\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "GE Reason DR60\u6743\u9650\u4e0d\u5f53\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "GE Reason DR60 \u003c02A04.1"
  },
  "referenceLink": "https://us-cert.cisa.gov/ics/advisories/icsa-21-082-03",
  "serverity": "\u4e2d",
  "submitTime": "2021-03-24",
  "title": "GE Reason DR60\u6743\u9650\u4e0d\u5f53\u6f0f\u6d1e"
}

FKIE_CVE-2021-27454

Vulnerability from fkie_nvd - Published: 2021-03-25 20:15 - Updated: 2024-11-21 05:58

Severity

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	ics-cert@hq.dhs.gov	https://us-cert.cisa.gov/ics/advisories/icsa-21-082-03	Third Party Advisory, US Government Resource
	af854a3a-2127-422b-91ae-364da2661108	https://us-cert.cisa.gov/ics/advisories/icsa-21-082-03	Third Party Advisory, US Government Resource

Impacted products

	Vendor	Product	Version
	ge	reason_dr60_firmware	*
	ge	reason_dr60	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ge:reason_dr60_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "86109B55-8EBB-4C76-90C6-755C1469D8B1",
              "versionEndExcluding": "02a04.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ge:reason_dr60:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "095915F9-9B1A-4C1A-8D1F-80379B0B682C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The software performs an operation at a privilege level higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses on the Reason DR60 (all firmware versions prior to 02A04.1)."
    },
    {
      "lang": "es",
      "value": "El software lleva a cabo una operaci\u00f3n en un nivel de privilegio mayor que el nivel m\u00ednimo requerido, lo que crea nuevas debilidades o amplifica las consecuencias de otras debilidades en el Reason DR60 (todas las versiones de firmware anteriores a 02A04.1)"
    }
  ],
  "id": "CVE-2021-27454",
  "lastModified": "2024-11-21T05:58:01.307",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-03-25T20:15:13.303",
  "references": [
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-082-03"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-082-03"
    }
  ],
  "sourceIdentifier": "ics-cert@hq.dhs.gov",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-250"
        }
      ],
      "source": "ics-cert@hq.dhs.gov",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-269"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-PC3X-H9M3-QRCQ

Vulnerability from github – Published: 2022-05-24 17:45 – Updated: 2022-05-24 17:45

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2021-27454"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-250",
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-03-25T20:15:00Z",
    "severity": "HIGH"
  },
  "details": "The software performs an operation at a privilege level higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses on the Reason DR60 (all firmware versions prior to 02A04.1).",
  "id": "GHSA-pc3x-h9m3-qrcq",
  "modified": "2022-05-24T17:45:26Z",
  "published": "2022-05-24T17:45:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27454"
    },
    {
      "type": "WEB",
      "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-082-03"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2021-27454

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2021-27454

Aliases

CVE-2021-27454

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2021-27454",
    "description": "The software performs an operation at a privilege level higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses on the Reason DR60 (all firmware versions prior to 02A04.1).",
    "id": "GSD-2021-27454"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-27454"
      ],
      "details": "The software performs an operation at a privilege level higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses on the Reason DR60 (all firmware versions prior to 02A04.1).",
      "id": "GSD-2021-27454",
      "modified": "2023-12-13T01:23:36.151006Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "ics-cert@hq.dhs.gov",
        "ID": "CVE-2021-27454",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Reason DR60",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "All firmware versions prior to 02A04.1"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The software performs an operation at a privilege level higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses on the Reason DR60 (all firmware versions prior to 02A04.1)."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "EXECUTION WITH UNNECESSARY PRIVILEGES CWE-250"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-082-03",
            "refsource": "MISC",
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-082-03"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:ge:reason_dr60_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "02a04.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:ge:reason_dr60:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2021-27454"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The software performs an operation at a privilege level higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses on the Reason DR60 (all firmware versions prior to 02A04.1)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-269"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-082-03",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-082-03"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2021-03-30T17:21Z",
      "publishedDate": "2021-03-25T20:15Z"
    }
  }
}

ICSA-21-082-03

Vulnerability from csaf_cisa - Published: 2021-03-23 00:00 - Updated: 2021-03-23 00:00

Summary

GE Reason DR60

Notes

CISA Disclaimer: This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov

Legal Notice: All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.

Risk evaluation: Successful exploitation of these vulnerabilities could allow an attacker to take full control of the digital fault recorder (DFR), remotely execute code, or escalate privileges.

Critical infrastructure sectors: Communications, Critical Manufacturing, Energy, Healthcare and Public Health, Transportation Systems, Water and Wastewater Systems

Countries/areas deployed: Worldwide

Company headquarters location: United States

Recommended Practices: CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:

Recommended Practices: CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also provides a section for control systems security recommended practices on the ICS webpage onus-cert.cisa.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Recommended Practices: Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on us-cert.cisa.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies. Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.

Recommended Practices: CISA also recommends users take the following measures to protect themselves from social engineering attacks:

Exploitability: No known public exploits specifically target these vulnerabilities.

CVE-2021-27440

9.8 (Critical)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-259 - Use of Hard-coded Password

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
DR60: all versions prior to 02A04.1 General Electric (GE) / DR60		< 02A04.1	Vendor Fix Vendor Fix Mitigation fix Vendor Fix

CVE-2021-27438

8.8 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-94 - Improper Control of Generation of Code ('Code Injection')

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
DR60: all versions prior to 02A04.1 General Electric (GE) / DR60		< 02A04.1	Vendor Fix Vendor Fix Mitigation fix Vendor Fix

CVE-2021-27454

7.8 (High)


                        
                          CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-250 - Execution with Unnecessary Privileges

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
DR60: all versions prior to 02A04.1 General Electric (GE) / DR60		< 02A04.1	Vendor Fix Vendor Fix Mitigation fix Vendor Fix

References

11 references

URL	Category
https://raw.githubusercontent.com/cisagov/CSAF/de…	self
https://www.cisa.gov/news-events/ics-advisories/i…	self
https://us-cert.cisa.gov/ncas/tips/ST04-014	external
https://us-cert.cisa.gov/sites/default/files/reco…	external
https://us-cert.cisa.gov/ics/tips/ICS-TIP-12-146-01B	external
http://web.nvd.nist.gov/view/vuln/detail?vulnId=C…	external
https://www.first.org/cvss/calculator/3.0#CVSS:3.…	external
http://web.nvd.nist.gov/view/vuln/detail?vulnId=C…	external
https://www.first.org/cvss/calculator/3.0#CVSS:3.…	external
http://web.nvd.nist.gov/view/vuln/detail?vulnId=C…	external
https://www.first.org/cvss/calculator/3.0#CVSS:3.…	external

Acknowledgments

Thales OT Security Team

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "organization": "Thales OT Security Team",
        "summary": "reporting these vulnerabilities to GE"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://us-cert.cisa.gov/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
        "title": "CISA Disclaimer"
      },
      {
        "category": "legal_disclaimer",
        "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
        "title": "Legal Notice"
      },
      {
        "category": "summary",
        "text": "Successful exploitation of these vulnerabilities could allow an attacker to take full control of the digital fault recorder (DFR), remotely execute code, or escalate privileges.",
        "title": "Risk evaluation"
      },
      {
        "category": "other",
        "text": "Communications, Critical Manufacturing, Energy, Healthcare and Public Health, Transportation Systems, Water and Wastewater Systems",
        "title": "Critical infrastructure sectors"
      },
      {
        "category": "other",
        "text": "Worldwide",
        "title": "Countries/areas deployed"
      },
      {
        "category": "other",
        "text": "United States",
        "title": "Company headquarters location"
      },
      {
        "category": "general",
        "text": "CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\nCISA also provides a section for control systems security recommended practices on the ICS webpage onus-cert.cisa.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on us-cert.cisa.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA also recommends users take the following measures to protect themselves from social engineering attacks:",
        "title": "Recommended Practices"
      },
      {
        "category": "other",
        "text": "No known public exploits specifically target these vulnerabilities.",
        "title": "Exploitability"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-21-082-03 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2021/icsa-21-082-03.json"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-21-082-03 Web Version",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-21-082-03"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://us-cert.cisa.gov/ncas/tips/ST04-014"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://us-cert.cisa.gov/ics/tips/ICS-TIP-12-146-01B"
      }
    ],
    "title": "GE Reason DR60",
    "tracking": {
      "current_release_date": "2021-03-23T00:00:00.000000Z",
      "generator": {
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.0.0"
        }
      },
      "id": "ICSA-21-082-03",
      "initial_release_date": "2021-03-23T00:00:00.000000Z",
      "revision_history": [
        {
          "date": "2021-03-23T00:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "ICSA-21-082-03 GE Reason DR60"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c 02A04.1",
                "product": {
                  "name": "DR60: all versions prior to 02A04.1",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "DR60"
          }
        ],
        "category": "vendor",
        "name": "General Electric (GE)"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-27440",
      "cwe": {
        "id": "CWE-259",
        "name": "Use of Hard-coded Password"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The software contains a hard-coded password it uses for its own inbound authentication or for outbound communication to external components.CVE-2021-27440 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27440"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "GE recommends DR60 users upgrade to firmware v02A04.1 or higher to correct these vulnerabilities.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Instructions on how to upgrade the DR60 firmware and verify its installation are available in the product user\u0027s manual.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "See GE publication number: GES-2021-002 for more information.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://www.gegridsolutions.com/app/viewfiles.aspx?prod=DR60\u0026type=21"
        },
        {
          "category": "vendor_fix",
          "details": "GE recommends DR60 devices be protected using network defense-in-depth practices. This includes, but is not limited to, placing DR60 devices inside the control system network security perimeter, and having access controls, monitoring (such as an Intrusion Detection System), and other mitigating technologies in place. Many electric utilities have deployed cyber security solutions in accordance with the NERC-CIP implementation requirements. Please refer to the product secure deployment guide.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2021-27438",
      "cwe": {
        "id": "CWE-94",
        "name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The software constructs all or part of a code segment using externally influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.CVE-2021-27438 has been assigned to this vulnerability. A CVSS v3 base score of 8.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27438"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "GE recommends DR60 users upgrade to firmware v02A04.1 or higher to correct these vulnerabilities.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Instructions on how to upgrade the DR60 firmware and verify its installation are available in the product user\u0027s manual.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "See GE publication number: GES-2021-002 for more information.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://www.gegridsolutions.com/app/viewfiles.aspx?prod=DR60\u0026type=21"
        },
        {
          "category": "vendor_fix",
          "details": "GE recommends DR60 devices be protected using network defense-in-depth practices. This includes, but is not limited to, placing DR60 devices inside the control system network security perimeter, and having access controls, monitoring (such as an Intrusion Detection System), and other mitigating technologies in place. Many electric utilities have deployed cyber security solutions in accordance with the NERC-CIP implementation requirements. Please refer to the product secure deployment guide.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2021-27454",
      "cwe": {
        "id": "CWE-250",
        "name": "Execution with Unnecessary Privileges"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The software performs an operation at a privilege level higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.CVE-2021-27454 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27454"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "GE recommends DR60 users upgrade to firmware v02A04.1 or higher to correct these vulnerabilities.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Instructions on how to upgrade the DR60 firmware and verify its installation are available in the product user\u0027s manual.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "See GE publication number: GES-2021-002 for more information.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://www.gegridsolutions.com/app/viewfiles.aspx?prod=DR60\u0026type=21"
        },
        {
          "category": "vendor_fix",
          "details": "GE recommends DR60 devices be protected using network defense-in-depth practices. This includes, but is not limited to, placing DR60 devices inside the control system network security perimeter, and having access controls, monitoring (such as an Intrusion Detection System), and other mitigating technologies in place. Many electric utilities have deployed cyber security solutions in accordance with the NERC-CIP implementation requirements. Please refer to the product secure deployment guide.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ]
    }
  ]
}

VAR-202103-0916

Vulnerability from variot - Updated: 2023-12-18 12:42

The software performs an operation at a privilege level higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses on the Reason DR60 (all firmware versions prior to 02A04.1). General Electric Provided by the company MU320E The following multiple vulnerabilities exist in. * Use hard-coded passwords (CWE-259) - CVE-2021-27452 ‥ * Execution with unnecessary privileges (CWE-250) - CVE-2021-27448 ‥ * Inadequate encryption strength (CWE-326) - CVE-2021-27450General Electric Provided by the company Reason DR60 The following multiple vulnerabilities exist in. * Use hard-coded passwords (CWE-259) - CVE-2021-27440 ‥ * Code injection (CWE-94) - CVE-2021-27438 ‥ * Execution with unnecessary privileges (CWE-250) - CVE-2021-27454The expected impact depends on each vulnerability, but it may be affected as follows. * A remote third party uses hard-coded credentials to control the merging unit - CVE-2021-27452 ‥ * Elevated to privilege by a third party who has access to the device - CVE-2021-27448 ‥ * SSH Insufficient cryptographic strength of the protocol can lead to further improper configuration or use as a springboard for other attacks. - CVE-2021-27450 ‥ * Hard-coded credentials are used by remote third parties to be fraudulently authenticated or communicated with external components. - CVE-2021-27440 ‥ * Malicious input is made by a remote third party to change the syntax or behavior of the code segment. - CVE-2021-27438 ‥ * Because the software operates at an unnecessary privilege level, other vulnerabilities may occur or the effects of other vulnerabilities may increase. - CVE-2021-27454. Reason DR60 is a centralized, integrated multifunctional digital fault recorder (DFR) launched by GE.

GE Reason DR60 firmware before 02A04.1 has a permission improper vulnerability. No detailed vulnerability details are currently provided

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202103-0916",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "reason dr60",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "ge",
        "version": "02a04.1"
      },
      {
        "model": "mu320e",
        "scope": null,
        "trust": 0.8,
        "vendor": "general electric",
        "version": null
      },
      {
        "model": "reason dr60",
        "scope": null,
        "trust": 0.8,
        "vendor": "general electric",
        "version": null
      },
      {
        "model": "reason dr60 \u003c02a04.1",
        "scope": null,
        "trust": 0.6,
        "vendor": "ge",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-24019"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-001291"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-27454"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:ge:reason_dr60_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "02a04.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:ge:reason_dr60:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-27454"
      }
    ]
  },
  "cve": "CVE-2021-27454",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "id": "CNVD-2021-24019",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULMON",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "id": "CVE-2021-27454",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "MEDIUM",
            "trust": 0.1,
            "userInteractionRequired": null,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "IPA",
            "availabilityImpact": "High",
            "baseScore": 7.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "JVNDB-2021-001291",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 1.6,
            "userInteraction": "None",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "IPA",
            "availabilityImpact": "High",
            "baseScore": 9.8,
            "baseSeverity": "Critical",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "JVNDB-2021-001291",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "High",
            "attackVector": "Local",
            "author": "IPA",
            "availabilityImpact": "Low",
            "baseScore": 3.8,
            "baseSeverity": "Low",
            "confidentialityImpact": "Low",
            "exploitabilityScore": null,
            "id": "JVNDB-2021-001291",
            "impactScore": null,
            "integrityImpact": "Low",
            "privilegesRequired": "High",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "IPA",
            "availabilityImpact": "High",
            "baseScore": 9.8,
            "baseSeverity": "Critical",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "JVNDB-2021-001291",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "IPA",
            "availabilityImpact": "High",
            "baseScore": 8.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "JVNDB-2021-001291",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "IPA",
            "id": "JVNDB-2021-001291",
            "trust": 2.4,
            "value": "High"
          },
          {
            "author": "IPA",
            "id": "JVNDB-2021-001291",
            "trust": 1.6,
            "value": "Critical"
          },
          {
            "author": "NVD",
            "id": "CVE-2021-27454",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "IPA",
            "id": "JVNDB-2021-001291",
            "trust": 0.8,
            "value": "Low"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2021-24019",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202103-1365",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2021-27454",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-24019"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-27454"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-001291"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-001291"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-001291"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-001291"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-001291"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-001291"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-27454"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202103-1365"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The software performs an operation at a privilege level higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses on the Reason DR60 (all firmware versions prior to 02A04.1). General Electric Provided by the company MU320E The following multiple vulnerabilities exist in. * Use hard-coded passwords (CWE-259) - CVE-2021-27452 \u2025 * Execution with unnecessary privileges (CWE-250) - CVE-2021-27448 \u2025 * Inadequate encryption strength (CWE-326) - CVE-2021-27450General Electric Provided by the company Reason DR60 The following multiple vulnerabilities exist in. * Use hard-coded passwords (CWE-259) - CVE-2021-27440 \u2025 * Code injection (CWE-94) - CVE-2021-27438 \u2025 * Execution with unnecessary privileges (CWE-250) - CVE-2021-27454The expected impact depends on each vulnerability, but it may be affected as follows. * A remote third party uses hard-coded credentials to control the merging unit - CVE-2021-27452 \u2025 * Elevated to privilege by a third party who has access to the device - CVE-2021-27448 \u2025 * SSH Insufficient cryptographic strength of the protocol can lead to further improper configuration or use as a springboard for other attacks. - CVE-2021-27450 \u2025 * Hard-coded credentials are used by remote third parties to be fraudulently authenticated or communicated with external components. - CVE-2021-27440 \u2025 * Malicious input is made by a remote third party to change the syntax or behavior of the code segment. - CVE-2021-27438 \u2025 * Because the software operates at an unnecessary privilege level, other vulnerabilities may occur or the effects of other vulnerabilities may increase. - CVE-2021-27454. Reason DR60 is a centralized, integrated multifunctional digital fault recorder (DFR) launched by GE. \n\r\n\r\nGE Reason DR60 firmware before 02A04.1 has a permission improper vulnerability. No detailed vulnerability details are currently provided",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-27454"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-001291"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2021-24019"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-27454"
      }
    ],
    "trust": 2.25
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2021-27454",
        "trust": 3.1
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-21-082-03",
        "trust": 3.1
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-21-082-02",
        "trust": 0.8
      },
      {
        "db": "JVN",
        "id": "JVNVU98539192",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-001291",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2021-24019",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.1005",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202103-1365",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-27454",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-24019"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-27454"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-001291"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-27454"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202103-1365"
      }
    ]
  },
  "id": "VAR-202103-0916",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-24019"
      }
    ],
    "trust": 1.31428573
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "IoT"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-24019"
      }
    ]
  },
  "last_update_date": "2023-12-18T12:42:30.993000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "GES-2021-002 (Login required)  General\u00a0Electric",
        "trust": 0.8,
        "url": "https://www.gegridsolutions.com/app/viewfiles.aspx?prod=dr60\u0026type=21"
      },
      {
        "title": "Patch for GE Reason DR60 Improper Permission Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/255301"
      },
      {
        "title": "Grid Solutions GE Reason DR60 Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=145530"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-24019"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-001291"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202103-1365"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-269",
        "trust": 1.0
      },
      {
        "problemtype": "Execution with unnecessary privileges (CWE-250) [IPA Evaluation ]",
        "trust": 0.8
      },
      {
        "problemtype": " Use hard-coded passwords (CWE-259) [IPA Evaluation ]",
        "trust": 0.8
      },
      {
        "problemtype": " Inadequate encryption strength (CWE-326) [IPA Evaluation ]",
        "trust": 0.8
      },
      {
        "problemtype": " Code injection (CWE-94) [IPA Evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-001291"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-27454"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.7,
        "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-082-03"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu98539192"
      },
      {
        "trust": 0.8,
        "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-082-02"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.1005"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/269.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-24019"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-27454"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-001291"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-27454"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202103-1365"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-24019"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-27454"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-001291"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-27454"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202103-1365"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-03-31T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2021-24019"
      },
      {
        "date": "2021-03-25T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-27454"
      },
      {
        "date": "2021-03-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-001291"
      },
      {
        "date": "2021-03-25T20:15:13.303000",
        "db": "NVD",
        "id": "CVE-2021-27454"
      },
      {
        "date": "2021-03-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202103-1365"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-03-31T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2021-24019"
      },
      {
        "date": "2021-03-30T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-27454"
      },
      {
        "date": "2021-03-25T07:23:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-001291"
      },
      {
        "date": "2021-03-30T17:21:04.840000",
        "db": "NVD",
        "id": "CVE-2021-27454"
      },
      {
        "date": "2021-03-31T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202103-1365"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202103-1365"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural \u00a0General\u00a0Electric\u00a0 Multiple vulnerabilities in the product",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-001291"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202103-1365"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2021-27454 (GCVE-0-2021-27454)

CNVD-2021-24019

FKIE_CVE-2021-27454

GHSA-PC3X-H9M3-QRCQ

GSD-2021-27454

ICSA-21-082-03

VAR-202103-0916

Tags

Sightings

Nomenclature