FKIE_CVE-2021-27424
Vulnerability from fkie_nvd - Published: 2022-03-23 20:15 - Updated: 2024-11-21 05:57
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
GE UR firmware versions prior to version 8.1x shares MODBUS memory map as part of the communications guide. GE was made aware a “Last-key pressed” MODBUS register can be used to gain unauthorized information.
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.cisa.gov/uscert/ics/advisories/icsa-21-075-02 | Mitigation, Third Party Advisory, US Government Resource | |
| ics-cert@hq.dhs.gov | https://www.gegridsolutions.com/Passport/Login.aspx | Permissions Required, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/uscert/ics/advisories/icsa-21-075-02 | Mitigation, Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.gegridsolutions.com/Passport/Login.aspx | Permissions Required, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ge:multilin_b30_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "971B98BB-125D-4D3F-8B54-09C6ECBEFC46",
"versionEndExcluding": "8.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ge:multilin_b30:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9AEAC84B-ED36-4D41-8CDC-84B30294667F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ge:multilin_b90_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F0DD7078-54B7-4908-B041-C389601FFE54",
"versionEndExcluding": "8.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ge:multilin_b90:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8F9FE28C-1F33-4ECA-9004-B46912A1D8D8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ge:multilin_c60_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1A9D29A9-8351-48E0-BFCF-21945F586C51",
"versionEndExcluding": "8.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ge:multilin_c60:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F14E4B7C-E38E-4877-9EB6-BE496CFBB8D4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ge:multilin_c70_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6AEDFEAA-FF6B-40AE-988D-96B37E6F7A15",
"versionEndExcluding": "8.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ge:multilin_c70:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5F2E81E6-B718-4809-8D30-3074B0FB7239",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ge:multilin_c95_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A6A8BC17-2B8A-4FCD-AED4-D60DBFA2CCAC",
"versionEndExcluding": "8.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ge:multilin_c95:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AFD919B5-753E-40A8-8B14-BD0BA28386C7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ge:multilin_d30_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A3506446-AF0D-4AC4-8C0A-5616D27C267B",
"versionEndExcluding": "8.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ge:multilin_d30:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9226C470-365B-4CFF-B1FF-326EA82E9C16",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ge:multilin_d60_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B0E5D2F8-AA89-44E3-9316-E28357E525D8",
"versionEndExcluding": "8.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ge:multilin_d60:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1CFC93A6-7FAB-4057-A962-6A9C8F0FD3DA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ge:multilin_f35_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C86C0AEE-795B-45B1-A917-00A355EC25CD",
"versionEndExcluding": "8.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ge:multilin_f35:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B66B913C-6D8A-4B5E-92AF-0ABE67195C47",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ge:multilin_f60_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D151332D-37C7-4F7B-A30E-EB7F927B905D",
"versionEndExcluding": "8.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ge:multilin_f60:-:*:*:*:*:*:*:*",
"matchCriteriaId": "313C6A1D-B50A-40C5-8553-68F21DFEDDDC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ge:multilin_g30_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D2E9423B-F49D-4AF7-8275-3216D615F279",
"versionEndExcluding": "8.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ge:multilin_g30:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BC9965C1-9B3C-4B8A-8643-43678B5A6643",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ge:multilin_g60_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2447F208-815E-44D2-91BC-7BFCFC85C977",
"versionEndExcluding": "8.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ge:multilin_g60:-:*:*:*:*:*:*:*",
"matchCriteriaId": "20A13929-C8B5-49E0-9F5C-EA443413C584",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ge:multilin_l30_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2DE2725C-8778-479D-8743-F62B5763931D",
"versionEndExcluding": "8.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ge:multilin_l30:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FF00D002-3C82-47B1-B585-DB91F33CEECC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ge:multilin_l60_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "34B1A2B8-B43B-4CCD-886A-0487C09E5279",
"versionEndExcluding": "8.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ge:multilin_l60:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0F716F53-3AC6-41C6-A894-9712A8AFE58C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ge:multilin_l90_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "58A5CD1D-27C0-4D14-9FBE-A8C74BD9737B",
"versionEndExcluding": "8.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ge:multilin_l90:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7BFF5085-6713-41FA-93D5-65AE4C8F8AD1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ge:multilin_m60_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E0B3453A-1B71-4ADD-8AC3-5D5436EAD879",
"versionEndExcluding": "8.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ge:multilin_m60:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5431E320-7E3A-4BD3-B33A-3345CF20B20D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ge:multilin_n60_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "80DE8022-6349-4E53-B97B-AFAD1685E40E",
"versionEndExcluding": "8.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ge:multilin_n60:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2217A440-FADD-40ED-A933-F3DBCF36E116",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ge:multilin_t35_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "51F57944-8FDB-4541-A6ED-BF6D40916786",
"versionEndExcluding": "8.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ge:multilin_t35:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B7B0753-62C7-4972-AD22-FC3E31A5218F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ge:multilin_t60_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B97E0654-4407-48CE-BC07-E2385E86B65A",
"versionEndExcluding": "8.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ge:multilin_t60:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5E75BD31-3057-42F4-BD1B-C68C797F39DF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ge:multilin_c30_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "10F68AE0-E4FC-4357-A619-B0B990FDC708",
"versionEndExcluding": "8.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ge:multilin_c30:-:*:*:*:*:*:*:*",
"matchCriteriaId": "314AA92C-5B56-475A-B65F-CF597CEBFB38",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GE UR firmware versions prior to version 8.1x shares MODBUS memory map as part of the communications guide. GE was made aware a \u201cLast-key pressed\u201d MODBUS register can be used to gain unauthorized information."
},
{
"lang": "es",
"value": "GE UR versiones de firmware anteriores a versi\u00f3n 8.1x, comparten el mapa de memoria MODBUS como parte de la gu\u00eda de comunicaciones. GE se dio cuenta de que un registro MODBUS de \"\u00faltima tecla pulsada\" puede usarse para obtener informaci\u00f3n no autorizada"
}
],
"id": "CVE-2021-27424",
"lastModified": "2024-11-21T05:57:57.660",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-23T20:15:08.417",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Mitigation",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-075-02"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://www.gegridsolutions.com/Passport/Login.aspx"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-075-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://www.gegridsolutions.com/Passport/Login.aspx"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-668"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…