cve-2021-27420
Vulnerability from cvelistv5
Published
2022-03-23 19:46
Modified
2024-08-03 20:48
Summary
GE UR family input validation
References
ics-cert@hq.dhs.govhttps://www.cisa.gov/uscert/ics/advisories/icsa-21-075-02Mitigation, Third Party Advisory, US Government Resource
ics-cert@hq.dhs.govhttps://www.gegridsolutions.com/Passport/Login.aspxPermissions Required, Vendor Advisory
Impacted products
GEUR family
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T20:48:17.154Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-075-02"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.gegridsolutions.com/Passport/Login.aspx"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "UR family",
          "vendor": "GE",
          "versions": [
            {
              "lessThan": "8.1x",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "SCADA-X, DOE\u2019s Cyber Testing for Resilient Industrial Control Systems (CyTRICS) program, Verve Industrial, and VuMetric reported these vulnerabilities to GE."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "GE UR firmware versions prior to version 8.1x web server task does not properly handle receipt of unsupported HTTP verbs, resulting in the web server becoming temporarily unresponsive after receiving a series of unsupported HTTP requests. When unresponsive, the web server is inaccessible. By itself, this is not particularly significant as the relay remains effective in all other functionality and communication channels."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-03-23T19:46:24",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-075-02"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.gegridsolutions.com/Passport/Login.aspx"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "GE strongly recommends users with impacted firmware versions update their UR devices to UR firmware Version 8.10, or greater to resolve these vulnerabilities. GE provides additional mitigations and information about these vulnerabilities in GE Publication Number: GES-2021-004 (login required)."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "GE UR family input validation",
      "workarounds": [
        {
          "lang": "en",
          "value": "GE recommends protecting UR IED by using network defense-in-depth practices. This includes, but is not limited to, placing UR IED inside the control system network security perimeter, and having access controls, monitoring (such as an Intrusion Detection System), and other mitigating technologies in place. \n\nGE recommends users refer to the UR Deployment guide for secure configuration of UR IED and system."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2021-27420",
          "STATE": "PUBLIC",
          "TITLE": "GE UR family input validation"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "UR family",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.1x"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "GE"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "SCADA-X, DOE\u2019s Cyber Testing for Resilient Industrial Control Systems (CyTRICS) program, Verve Industrial, and VuMetric reported these vulnerabilities to GE."
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "GE UR firmware versions prior to version 8.1x web server task does not properly handle receipt of unsupported HTTP verbs, resulting in the web server becoming temporarily unresponsive after receiving a series of unsupported HTTP requests. When unresponsive, the web server is inaccessible. By itself, this is not particularly significant as the relay remains effective in all other functionality and communication channels."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-20 Improper Input Validation"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-075-02",
              "refsource": "CONFIRM",
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-075-02"
            },
            {
              "name": "https://www.gegridsolutions.com/Passport/Login.aspx",
              "refsource": "CONFIRM",
              "url": "https://www.gegridsolutions.com/Passport/Login.aspx"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "GE strongly recommends users with impacted firmware versions update their UR devices to UR firmware Version 8.10, or greater to resolve these vulnerabilities. GE provides additional mitigations and information about these vulnerabilities in GE Publication Number: GES-2021-004 (login required)."
          }
        ],
        "source": {
          "discovery": "EXTERNAL"
        },
        "work_around": [
          {
            "lang": "en",
            "value": "GE recommends protecting UR IED by using network defense-in-depth practices. This includes, but is not limited to, placing UR IED inside the control system network security perimeter, and having access controls, monitoring (such as an Intrusion Detection System), and other mitigating technologies in place. \n\nGE recommends users refer to the UR Deployment guide for secure configuration of UR IED and system."
          }
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2021-27420",
    "datePublished": "2022-03-23T19:46:24",
    "dateReserved": "2021-02-19T00:00:00",
    "dateUpdated": "2024-08-03T20:48:17.154Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-27420\",\"sourceIdentifier\":\"ics-cert@hq.dhs.gov\",\"published\":\"2022-03-23T20:15:08.310\",\"lastModified\":\"2022-04-01T18:25:19.887\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"GE UR firmware versions prior to version 8.1x web server task does not properly handle receipt of unsupported HTTP verbs, resulting in the web server becoming temporarily unresponsive after receiving a series of unsupported HTTP requests. When unresponsive, the web server is inaccessible. By itself, this is not particularly significant as the relay remains effective in all other functionality and communication channels.\"},{\"lang\":\"es\",\"value\":\"GE UR versiones de firmware anteriores a versi\u00f3n 8.1x, de la tarea del servidor web no manejan apropiadamente la recepci\u00f3n de verbos HTTP no admitidos, resultando en que el servidor web deje de responder temporalmente tras recibir una serie de peticiones HTTP no admitidas. Cuando no responde, el servidor web es inaccesible. Por s\u00ed mismo, esto no es particularmente significativo, ya que el rel\u00e9 sigue siendo efectivo en todas las dem\u00e1s funcionalidades y canales de comunicaci\u00f3n\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4},{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\",\"baseScore\":5.0},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]},{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ge:multilin_b30_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"8.10\",\"matchCriteriaId\":\"971B98BB-125D-4D3F-8B54-09C6ECBEFC46\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ge:multilin_b30:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9AEAC84B-ED36-4D41-8CDC-84B30294667F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ge:multilin_b90_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"8.10\",\"matchCriteriaId\":\"F0DD7078-54B7-4908-B041-C389601FFE54\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ge:multilin_b90:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8F9FE28C-1F33-4ECA-9004-B46912A1D8D8\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ge:multilin_c60_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"8.10\",\"matchCriteriaId\":\"1A9D29A9-8351-48E0-BFCF-21945F586C51\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ge:multilin_c60:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F14E4B7C-E38E-4877-9EB6-BE496CFBB8D4\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ge:multilin_c70_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"8.10\",\"matchCriteriaId\":\"6AEDFEAA-FF6B-40AE-988D-96B37E6F7A15\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ge:multilin_c70:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5F2E81E6-B718-4809-8D30-3074B0FB7239\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ge:multilin_c95_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"8.10\",\"matchCriteriaId\":\"A6A8BC17-2B8A-4FCD-AED4-D60DBFA2CCAC\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ge:multilin_c95:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AFD919B5-753E-40A8-8B14-BD0BA28386C7\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ge:multilin_d30_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"8.10\",\"matchCriteriaId\":\"A3506446-AF0D-4AC4-8C0A-5616D27C267B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ge:multilin_d30:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9226C470-365B-4CFF-B1FF-326EA82E9C16\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ge:multilin_d60_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"8.10\",\"matchCriteriaId\":\"B0E5D2F8-AA89-44E3-9316-E28357E525D8\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ge:multilin_d60:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1CFC93A6-7FAB-4057-A962-6A9C8F0FD3DA\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ge:multilin_f35_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"8.10\",\"matchCriteriaId\":\"C86C0AEE-795B-45B1-A917-00A355EC25CD\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ge:multilin_f35:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B66B913C-6D8A-4B5E-92AF-0ABE67195C47\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ge:multilin_f60_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"8.10\",\"matchCriteriaId\":\"D151332D-37C7-4F7B-A30E-EB7F927B905D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ge:multilin_f60:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"313C6A1D-B50A-40C5-8553-68F21DFEDDDC\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ge:multilin_g30_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"8.10\",\"matchCriteriaId\":\"D2E9423B-F49D-4AF7-8275-3216D615F279\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ge:multilin_g30:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BC9965C1-9B3C-4B8A-8643-43678B5A6643\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ge:multilin_g60_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"8.10\",\"matchCriteriaId\":\"2447F208-815E-44D2-91BC-7BFCFC85C977\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ge:multilin_g60:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"20A13929-C8B5-49E0-9F5C-EA443413C584\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ge:multilin_l30_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"8.10\",\"matchCriteriaId\":\"2DE2725C-8778-479D-8743-F62B5763931D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ge:multilin_l30:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FF00D002-3C82-47B1-B585-DB91F33CEECC\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ge:multilin_l60_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"8.10\",\"matchCriteriaId\":\"34B1A2B8-B43B-4CCD-886A-0487C09E5279\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ge:multilin_l60:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0F716F53-3AC6-41C6-A894-9712A8AFE58C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ge:multilin_l90_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"8.10\",\"matchCriteriaId\":\"58A5CD1D-27C0-4D14-9FBE-A8C74BD9737B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ge:multilin_l90:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7BFF5085-6713-41FA-93D5-65AE4C8F8AD1\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ge:multilin_m60_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"8.10\",\"matchCriteriaId\":\"E0B3453A-1B71-4ADD-8AC3-5D5436EAD879\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ge:multilin_m60:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5431E320-7E3A-4BD3-B33A-3345CF20B20D\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ge:multilin_n60_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"8.10\",\"matchCriteriaId\":\"80DE8022-6349-4E53-B97B-AFAD1685E40E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ge:multilin_n60:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2217A440-FADD-40ED-A933-F3DBCF36E116\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ge:multilin_t35_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"8.10\",\"matchCriteriaId\":\"51F57944-8FDB-4541-A6ED-BF6D40916786\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ge:multilin_t35:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4B7B0753-62C7-4972-AD22-FC3E31A5218F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ge:multilin_t60_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"8.10\",\"matchCriteriaId\":\"B97E0654-4407-48CE-BC07-E2385E86B65A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ge:multilin_t60:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5E75BD31-3057-42F4-BD1B-C68C797F39DF\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ge:multilin_c30_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"8.10\",\"matchCriteriaId\":\"10F68AE0-E4FC-4357-A619-B0B990FDC708\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ge:multilin_c30:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"314AA92C-5B56-475A-B65F-CF597CEBFB38\"}]}]}],\"references\":[{\"url\":\"https://www.cisa.gov/uscert/ics/advisories/icsa-21-075-02\",\"source\":\"ics-cert@hq.dhs.gov\",\"tags\":[\"Mitigation\",\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://www.gegridsolutions.com/Passport/Login.aspx\",\"source\":\"ics-cert@hq.dhs.gov\",\"tags\":[\"Permissions Required\",\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...
  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.