CVE-2021-27420 (GCVE-0-2021-27420)

Vulnerability from cvelistv5 – Published: 2022-03-23 19:46 – Updated: 2025-04-16 16:40
VLAI?
Summary
GE UR firmware versions prior to version 8.1x web server task does not properly handle receipt of unsupported HTTP verbs, resulting in the web server becoming temporarily unresponsive after receiving a series of unsupported HTTP requests. When unresponsive, the web server is inaccessible. By itself, this is not particularly significant as the relay remains effective in all other functionality and communication channels.
Severity ?
5.3 (Medium)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CWE
  • CWE-20 - Improper Input Validation
Assigner
References
Impacted products
Vendor Product Version
GE UR family Affected: unspecified , < 8.1x (custom)
Create a notification for this product.
Credits
SCADA-X, DOE’s Cyber Testing for Resilient Industrial Control Systems (CyTRICS) program, Verve Industrial, and VuMetric reported these vulnerabilities to GE.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T20:48:17.154Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-075-02"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.gegridsolutions.com/Passport/Login.aspx"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-27420",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-16T15:59:13.965738Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-16T16:40:57.091Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "UR family",
          "vendor": "GE",
          "versions": [
            {
              "lessThan": "8.1x",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "SCADA-X, DOE\u2019s Cyber Testing for Resilient Industrial Control Systems (CyTRICS) program, Verve Industrial, and VuMetric reported these vulnerabilities to GE."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "GE UR firmware versions prior to version 8.1x web server task does not properly handle receipt of unsupported HTTP verbs, resulting in the web server becoming temporarily unresponsive after receiving a series of unsupported HTTP requests. When unresponsive, the web server is inaccessible. By itself, this is not particularly significant as the relay remains effective in all other functionality and communication channels."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-03-23T19:46:24.000Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-075-02"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.gegridsolutions.com/Passport/Login.aspx"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "GE strongly recommends users with impacted firmware versions update their UR devices to UR firmware Version 8.10, or greater to resolve these vulnerabilities. GE provides additional mitigations and information about these vulnerabilities in GE Publication Number: GES-2021-004 (login required)."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "GE UR family input validation",
      "workarounds": [
        {
          "lang": "en",
          "value": "GE recommends protecting UR IED by using network defense-in-depth practices. This includes, but is not limited to, placing UR IED inside the control system network security perimeter, and having access controls, monitoring (such as an Intrusion Detection System), and other mitigating technologies in place. \n\nGE recommends users refer to the UR Deployment guide for secure configuration of UR IED and system."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2021-27420",
          "STATE": "PUBLIC",
          "TITLE": "GE UR family input validation"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "UR family",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.1x"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "GE"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "SCADA-X, DOE\u2019s Cyber Testing for Resilient Industrial Control Systems (CyTRICS) program, Verve Industrial, and VuMetric reported these vulnerabilities to GE."
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "GE UR firmware versions prior to version 8.1x web server task does not properly handle receipt of unsupported HTTP verbs, resulting in the web server becoming temporarily unresponsive after receiving a series of unsupported HTTP requests. When unresponsive, the web server is inaccessible. By itself, this is not particularly significant as the relay remains effective in all other functionality and communication channels."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-20 Improper Input Validation"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-075-02",
              "refsource": "CONFIRM",
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-075-02"
            },
            {
              "name": "https://www.gegridsolutions.com/Passport/Login.aspx",
              "refsource": "CONFIRM",
              "url": "https://www.gegridsolutions.com/Passport/Login.aspx"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "GE strongly recommends users with impacted firmware versions update their UR devices to UR firmware Version 8.10, or greater to resolve these vulnerabilities. GE provides additional mitigations and information about these vulnerabilities in GE Publication Number: GES-2021-004 (login required)."
          }
        ],
        "source": {
          "discovery": "EXTERNAL"
        },
        "work_around": [
          {
            "lang": "en",
            "value": "GE recommends protecting UR IED by using network defense-in-depth practices. This includes, but is not limited to, placing UR IED inside the control system network security perimeter, and having access controls, monitoring (such as an Intrusion Detection System), and other mitigating technologies in place. \n\nGE recommends users refer to the UR Deployment guide for secure configuration of UR IED and system."
          }
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2021-27420",
    "datePublished": "2022-03-23T19:46:24.000Z",
    "dateReserved": "2021-02-19T00:00:00.000Z",
    "dateUpdated": "2025-04-16T16:40:57.091Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:ge:multilin_b30_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"8.10\", \"matchCriteriaId\": \"971B98BB-125D-4D3F-8B54-09C6ECBEFC46\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:ge:multilin_b30:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9AEAC84B-ED36-4D41-8CDC-84B30294667F\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:ge:multilin_b90_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"8.10\", \"matchCriteriaId\": \"F0DD7078-54B7-4908-B041-C389601FFE54\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:ge:multilin_b90:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8F9FE28C-1F33-4ECA-9004-B46912A1D8D8\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:ge:multilin_c60_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"8.10\", \"matchCriteriaId\": \"1A9D29A9-8351-48E0-BFCF-21945F586C51\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:ge:multilin_c60:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F14E4B7C-E38E-4877-9EB6-BE496CFBB8D4\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:ge:multilin_c70_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"8.10\", \"matchCriteriaId\": \"6AEDFEAA-FF6B-40AE-988D-96B37E6F7A15\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:ge:multilin_c70:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5F2E81E6-B718-4809-8D30-3074B0FB7239\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:ge:multilin_c95_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"8.10\", \"matchCriteriaId\": \"A6A8BC17-2B8A-4FCD-AED4-D60DBFA2CCAC\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:ge:multilin_c95:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AFD919B5-753E-40A8-8B14-BD0BA28386C7\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:ge:multilin_d30_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"8.10\", \"matchCriteriaId\": \"A3506446-AF0D-4AC4-8C0A-5616D27C267B\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:ge:multilin_d30:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9226C470-365B-4CFF-B1FF-326EA82E9C16\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:ge:multilin_d60_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"8.10\", \"matchCriteriaId\": \"B0E5D2F8-AA89-44E3-9316-E28357E525D8\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:ge:multilin_d60:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1CFC93A6-7FAB-4057-A962-6A9C8F0FD3DA\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:ge:multilin_f35_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"8.10\", \"matchCriteriaId\": \"C86C0AEE-795B-45B1-A917-00A355EC25CD\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:ge:multilin_f35:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B66B913C-6D8A-4B5E-92AF-0ABE67195C47\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:ge:multilin_f60_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"8.10\", \"matchCriteriaId\": \"D151332D-37C7-4F7B-A30E-EB7F927B905D\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:ge:multilin_f60:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"313C6A1D-B50A-40C5-8553-68F21DFEDDDC\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:ge:multilin_g30_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"8.10\", \"matchCriteriaId\": \"D2E9423B-F49D-4AF7-8275-3216D615F279\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:ge:multilin_g30:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BC9965C1-9B3C-4B8A-8643-43678B5A6643\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:ge:multilin_g60_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"8.10\", \"matchCriteriaId\": \"2447F208-815E-44D2-91BC-7BFCFC85C977\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:ge:multilin_g60:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"20A13929-C8B5-49E0-9F5C-EA443413C584\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:ge:multilin_l30_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"8.10\", \"matchCriteriaId\": \"2DE2725C-8778-479D-8743-F62B5763931D\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:ge:multilin_l30:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FF00D002-3C82-47B1-B585-DB91F33CEECC\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:ge:multilin_l60_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"8.10\", \"matchCriteriaId\": \"34B1A2B8-B43B-4CCD-886A-0487C09E5279\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:ge:multilin_l60:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0F716F53-3AC6-41C6-A894-9712A8AFE58C\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:ge:multilin_l90_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"8.10\", \"matchCriteriaId\": \"58A5CD1D-27C0-4D14-9FBE-A8C74BD9737B\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:ge:multilin_l90:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7BFF5085-6713-41FA-93D5-65AE4C8F8AD1\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:ge:multilin_m60_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"8.10\", \"matchCriteriaId\": \"E0B3453A-1B71-4ADD-8AC3-5D5436EAD879\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:ge:multilin_m60:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5431E320-7E3A-4BD3-B33A-3345CF20B20D\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:ge:multilin_n60_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"8.10\", \"matchCriteriaId\": \"80DE8022-6349-4E53-B97B-AFAD1685E40E\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:ge:multilin_n60:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2217A440-FADD-40ED-A933-F3DBCF36E116\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:ge:multilin_t35_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"8.10\", \"matchCriteriaId\": \"51F57944-8FDB-4541-A6ED-BF6D40916786\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:ge:multilin_t35:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4B7B0753-62C7-4972-AD22-FC3E31A5218F\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:ge:multilin_t60_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"8.10\", \"matchCriteriaId\": \"B97E0654-4407-48CE-BC07-E2385E86B65A\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:ge:multilin_t60:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5E75BD31-3057-42F4-BD1B-C68C797F39DF\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:ge:multilin_c30_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"8.10\", \"matchCriteriaId\": \"10F68AE0-E4FC-4357-A619-B0B990FDC708\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:ge:multilin_c30:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"314AA92C-5B56-475A-B65F-CF597CEBFB38\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"GE UR firmware versions prior to version 8.1x web server task does not properly handle receipt of unsupported HTTP verbs, resulting in the web server becoming temporarily unresponsive after receiving a series of unsupported HTTP requests. When unresponsive, the web server is inaccessible. By itself, this is not particularly significant as the relay remains effective in all other functionality and communication channels.\"}, {\"lang\": \"es\", \"value\": \"GE UR versiones de firmware anteriores a versi\\u00f3n 8.1x, de la tarea del servidor web no manejan apropiadamente la recepci\\u00f3n de verbos HTTP no admitidos, resultando en que el servidor web deje de responder temporalmente tras recibir una serie de peticiones HTTP no admitidas. Cuando no responde, el servidor web es inaccesible. Por s\\u00ed mismo, esto no es particularmente significativo, ya que el rel\\u00e9 sigue siendo efectivo en todas las dem\\u00e1s funcionalidades y canales de comunicaci\\u00f3n\"}]",
      "id": "CVE-2021-27420",
      "lastModified": "2024-11-21T05:57:57.210",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"ics-cert@hq.dhs.gov\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\", \"baseScore\": 5.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 1.4}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\", \"baseScore\": 5.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 1.4}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:N/A:P\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2022-03-23T20:15:08.310",
      "references": "[{\"url\": \"https://www.cisa.gov/uscert/ics/advisories/icsa-21-075-02\", \"source\": \"ics-cert@hq.dhs.gov\", \"tags\": [\"Mitigation\", \"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"https://www.gegridsolutions.com/Passport/Login.aspx\", \"source\": \"ics-cert@hq.dhs.gov\", \"tags\": [\"Permissions Required\", \"Vendor Advisory\"]}, {\"url\": \"https://www.cisa.gov/uscert/ics/advisories/icsa-21-075-02\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mitigation\", \"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"https://www.gegridsolutions.com/Passport/Login.aspx\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Permissions Required\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "ics-cert@hq.dhs.gov",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"ics-cert@hq.dhs.gov\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-27420\",\"sourceIdentifier\":\"ics-cert@hq.dhs.gov\",\"published\":\"2022-03-23T20:15:08.310\",\"lastModified\":\"2024-11-21T05:57:57.210\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"GE UR firmware versions prior to version 8.1x web server task does not properly handle receipt of unsupported HTTP verbs, resulting in the web server becoming temporarily unresponsive after receiving a series of unsupported HTTP requests. When unresponsive, the web server is inaccessible. By itself, this is not particularly significant as the relay remains effective in all other functionality and communication channels.\"},{\"lang\":\"es\",\"value\":\"GE UR versiones de firmware anteriores a versi\u00f3n 8.1x, de la tarea del servidor web no manejan apropiadamente la recepci\u00f3n de verbos HTTP no admitidos, resultando en que el servidor web deje de responder temporalmente tras recibir una serie de peticiones HTTP no admitidas. Cuando no responde, el servidor web es inaccesible. Por s\u00ed mismo, esto no es particularmente significativo, ya que el rel\u00e9 sigue siendo efectivo en todas las dem\u00e1s funcionalidades y canales de comunicaci\u00f3n\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ge:multilin_b30_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"8.10\",\"matchCriteriaId\":\"971B98BB-125D-4D3F-8B54-09C6ECBEFC46\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ge:multilin_b30:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9AEAC84B-ED36-4D41-8CDC-84B30294667F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ge:multilin_b90_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"8.10\",\"matchCriteriaId\":\"F0DD7078-54B7-4908-B041-C389601FFE54\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ge:multilin_b90:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8F9FE28C-1F33-4ECA-9004-B46912A1D8D8\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ge:multilin_c60_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"8.10\",\"matchCriteriaId\":\"1A9D29A9-8351-48E0-BFCF-21945F586C51\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ge:multilin_c60:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F14E4B7C-E38E-4877-9EB6-BE496CFBB8D4\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ge:multilin_c70_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"8.10\",\"matchCriteriaId\":\"6AEDFEAA-FF6B-40AE-988D-96B37E6F7A15\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ge:multilin_c70:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5F2E81E6-B718-4809-8D30-3074B0FB7239\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ge:multilin_c95_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"8.10\",\"matchCriteriaId\":\"A6A8BC17-2B8A-4FCD-AED4-D60DBFA2CCAC\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ge:multilin_c95:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AFD919B5-753E-40A8-8B14-BD0BA28386C7\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ge:multilin_d30_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"8.10\",\"matchCriteriaId\":\"A3506446-AF0D-4AC4-8C0A-5616D27C267B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ge:multilin_d30:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9226C470-365B-4CFF-B1FF-326EA82E9C16\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ge:multilin_d60_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"8.10\",\"matchCriteriaId\":\"B0E5D2F8-AA89-44E3-9316-E28357E525D8\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ge:multilin_d60:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1CFC93A6-7FAB-4057-A962-6A9C8F0FD3DA\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ge:multilin_f35_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"8.10\",\"matchCriteriaId\":\"C86C0AEE-795B-45B1-A917-00A355EC25CD\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ge:multilin_f35:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B66B913C-6D8A-4B5E-92AF-0ABE67195C47\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ge:multilin_f60_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"8.10\",\"matchCriteriaId\":\"D151332D-37C7-4F7B-A30E-EB7F927B905D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ge:multilin_f60:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"313C6A1D-B50A-40C5-8553-68F21DFEDDDC\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ge:multilin_g30_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"8.10\",\"matchCriteriaId\":\"D2E9423B-F49D-4AF7-8275-3216D615F279\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ge:multilin_g30:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BC9965C1-9B3C-4B8A-8643-43678B5A6643\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ge:multilin_g60_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"8.10\",\"matchCriteriaId\":\"2447F208-815E-44D2-91BC-7BFCFC85C977\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ge:multilin_g60:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"20A13929-C8B5-49E0-9F5C-EA443413C584\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ge:multilin_l30_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"8.10\",\"matchCriteriaId\":\"2DE2725C-8778-479D-8743-F62B5763931D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ge:multilin_l30:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FF00D002-3C82-47B1-B585-DB91F33CEECC\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ge:multilin_l60_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"8.10\",\"matchCriteriaId\":\"34B1A2B8-B43B-4CCD-886A-0487C09E5279\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ge:multilin_l60:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0F716F53-3AC6-41C6-A894-9712A8AFE58C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ge:multilin_l90_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"8.10\",\"matchCriteriaId\":\"58A5CD1D-27C0-4D14-9FBE-A8C74BD9737B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ge:multilin_l90:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7BFF5085-6713-41FA-93D5-65AE4C8F8AD1\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ge:multilin_m60_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"8.10\",\"matchCriteriaId\":\"E0B3453A-1B71-4ADD-8AC3-5D5436EAD879\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ge:multilin_m60:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5431E320-7E3A-4BD3-B33A-3345CF20B20D\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ge:multilin_n60_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"8.10\",\"matchCriteriaId\":\"80DE8022-6349-4E53-B97B-AFAD1685E40E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ge:multilin_n60:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2217A440-FADD-40ED-A933-F3DBCF36E116\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ge:multilin_t35_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"8.10\",\"matchCriteriaId\":\"51F57944-8FDB-4541-A6ED-BF6D40916786\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ge:multilin_t35:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4B7B0753-62C7-4972-AD22-FC3E31A5218F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ge:multilin_t60_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"8.10\",\"matchCriteriaId\":\"B97E0654-4407-48CE-BC07-E2385E86B65A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ge:multilin_t60:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5E75BD31-3057-42F4-BD1B-C68C797F39DF\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ge:multilin_c30_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"8.10\",\"matchCriteriaId\":\"10F68AE0-E4FC-4357-A619-B0B990FDC708\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ge:multilin_c30:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"314AA92C-5B56-475A-B65F-CF597CEBFB38\"}]}]}],\"references\":[{\"url\":\"https://www.cisa.gov/uscert/ics/advisories/icsa-21-075-02\",\"source\":\"ics-cert@hq.dhs.gov\",\"tags\":[\"Mitigation\",\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://www.gegridsolutions.com/Passport/Login.aspx\",\"source\":\"ics-cert@hq.dhs.gov\",\"tags\":[\"Permissions Required\",\"Vendor Advisory\"]},{\"url\":\"https://www.cisa.gov/uscert/ics/advisories/icsa-21-075-02\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://www.gegridsolutions.com/Passport/Login.aspx\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Permissions Required\",\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.cisa.gov/uscert/ics/advisories/icsa-21-075-02\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://www.gegridsolutions.com/Passport/Login.aspx\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T20:48:17.154Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2021-27420\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-16T15:59:13.965738Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-04-16T15:59:15.471Z\"}}], \"cna\": {\"title\": \"GE UR family input validation\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"value\": \"SCADA-X, DOE\\u2019s Cyber Testing for Resilient Industrial Control Systems (CyTRICS) program, Verve Industrial, and VuMetric reported these vulnerabilities to GE.\"}], \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"GE\", \"product\": \"UR family\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"8.1x\", \"versionType\": \"custom\"}]}], \"solutions\": [{\"lang\": \"en\", \"value\": \"GE strongly recommends users with impacted firmware versions update their UR devices to UR firmware Version 8.10, or greater to resolve these vulnerabilities. GE provides additional mitigations and information about these vulnerabilities in GE Publication Number: GES-2021-004 (login required).\"}], \"references\": [{\"url\": \"https://www.cisa.gov/uscert/ics/advisories/icsa-21-075-02\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://www.gegridsolutions.com/Passport/Login.aspx\", \"tags\": [\"x_refsource_CONFIRM\"]}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"GE recommends protecting UR IED by using network defense-in-depth practices. This includes, but is not limited to, placing UR IED inside the control system network security perimeter, and having access controls, monitoring (such as an Intrusion Detection System), and other mitigating technologies in place. \\n\\nGE recommends users refer to the UR Deployment guide for secure configuration of UR IED and system.\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.0.9\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"GE UR firmware versions prior to version 8.1x web server task does not properly handle receipt of unsupported HTTP verbs, resulting in the web server becoming temporarily unresponsive after receiving a series of unsupported HTTP requests. When unresponsive, the web server is inaccessible. By itself, this is not particularly significant as the relay remains effective in all other functionality and communication channels.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-20\", \"description\": \"CWE-20 Improper Input Validation\"}]}], \"providerMetadata\": {\"orgId\": \"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6\", \"shortName\": \"icscert\", \"dateUpdated\": \"2022-03-23T19:46:24.000Z\"}, \"x_legacyV4Record\": {\"credit\": [{\"lang\": \"eng\", \"value\": \"SCADA-X, DOE\\u2019s Cyber Testing for Resilient Industrial Control Systems (CyTRICS) program, Verve Industrial, and VuMetric reported these vulnerabilities to GE.\"}], \"impact\": {\"cvss\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}, \"source\": {\"discovery\": \"EXTERNAL\"}, \"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"8.1x\", \"version_affected\": \"\u003c\"}]}, \"product_name\": \"UR family\"}]}, \"vendor_name\": \"GE\"}]}}, \"solution\": [{\"lang\": \"en\", \"value\": \"GE strongly recommends users with impacted firmware versions update their UR devices to UR firmware Version 8.10, or greater to resolve these vulnerabilities. GE provides additional mitigations and information about these vulnerabilities in GE Publication Number: GES-2021-004 (login required).\"}], \"data_type\": \"CVE\", \"generator\": {\"engine\": \"Vulnogram 0.0.9\"}, \"references\": {\"reference_data\": [{\"url\": \"https://www.cisa.gov/uscert/ics/advisories/icsa-21-075-02\", \"name\": \"https://www.cisa.gov/uscert/ics/advisories/icsa-21-075-02\", \"refsource\": \"CONFIRM\"}, {\"url\": \"https://www.gegridsolutions.com/Passport/Login.aspx\", \"name\": \"https://www.gegridsolutions.com/Passport/Login.aspx\", \"refsource\": \"CONFIRM\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"GE UR firmware versions prior to version 8.1x web server task does not properly handle receipt of unsupported HTTP verbs, resulting in the web server becoming temporarily unresponsive after receiving a series of unsupported HTTP requests. When unresponsive, the web server is inaccessible. By itself, this is not particularly significant as the relay remains effective in all other functionality and communication channels.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"CWE-20 Improper Input Validation\"}]}]}, \"work_around\": [{\"lang\": \"en\", \"value\": \"GE recommends protecting UR IED by using network defense-in-depth practices. This includes, but is not limited to, placing UR IED inside the control system network security perimeter, and having access controls, monitoring (such as an Intrusion Detection System), and other mitigating technologies in place. \\n\\nGE recommends users refer to the UR Deployment guide for secure configuration of UR IED and system.\"}], \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2021-27420\", \"STATE\": \"PUBLIC\", \"TITLE\": \"GE UR family input validation\", \"ASSIGNER\": \"ics-cert@hq.dhs.gov\"}}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2021-27420\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-04-16T16:40:57.091Z\", \"dateReserved\": \"2021-02-19T00:00:00.000Z\", \"assignerOrgId\": \"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6\", \"datePublished\": \"2022-03-23T19:46:24.000Z\", \"assignerShortName\": \"icscert\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.