ghsa-f7x4-vpfj-xmrc
Vulnerability from github
Published
2022-03-24 00:00
Modified
2022-04-02 00:00
Severity
Details
GE UR IED firmware versions prior to version 8.1x supports upgrading firmware using UR Setup configuration tool – Enervista UR Setup. This UR Setup tool validates the authenticity and integrity of firmware file before uploading the UR IED. An illegitimate user could upgrade firmware without appropriate privileges. The weakness is assessed, and mitigation is implemented in firmware Version 8.10.
{ "affected": [], "aliases": [ "CVE-2021-27428" ], "database_specific": { "cwe_ids": [ "CWE-434" ], "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2022-03-23T20:15:00Z", "severity": "CRITICAL" }, "details": "GE UR IED firmware versions prior to version 8.1x supports upgrading firmware using UR Setup configuration tool \u2013 Enervista UR Setup. This UR Setup tool validates the authenticity and integrity of firmware file before uploading the UR IED. An illegitimate user could upgrade firmware without appropriate privileges. The weakness is assessed, and mitigation is implemented in firmware Version 8.10.", "id": "GHSA-f7x4-vpfj-xmrc", "modified": "2022-04-02T00:00:31Z", "published": "2022-03-24T00:00:19Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27428" }, { "type": "WEB", "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-075-02" }, { "type": "WEB", "url": "https://www.gegridsolutions.com/Passport/Login.aspx" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" } ] }
Loading...