fkie_cve-2021-27420
Vulnerability from fkie_nvd
Published
2022-03-23 20:15
Modified
2024-11-21 05:57
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Summary
GE UR firmware versions prior to version 8.1x web server task does not properly handle receipt of unsupported HTTP verbs, resulting in the web server becoming temporarily unresponsive after receiving a series of unsupported HTTP requests. When unresponsive, the web server is inaccessible. By itself, this is not particularly significant as the relay remains effective in all other functionality and communication channels.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.cisa.gov/uscert/ics/advisories/icsa-21-075-02 | Mitigation, Third Party Advisory, US Government Resource | |
| ics-cert@hq.dhs.gov | https://www.gegridsolutions.com/Passport/Login.aspx | Permissions Required, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/uscert/ics/advisories/icsa-21-075-02 | Mitigation, Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.gegridsolutions.com/Passport/Login.aspx | Permissions Required, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ge:multilin_b30_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "971B98BB-125D-4D3F-8B54-09C6ECBEFC46",
"versionEndExcluding": "8.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ge:multilin_b30:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9AEAC84B-ED36-4D41-8CDC-84B30294667F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ge:multilin_b90_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F0DD7078-54B7-4908-B041-C389601FFE54",
"versionEndExcluding": "8.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ge:multilin_b90:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8F9FE28C-1F33-4ECA-9004-B46912A1D8D8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ge:multilin_c60_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1A9D29A9-8351-48E0-BFCF-21945F586C51",
"versionEndExcluding": "8.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ge:multilin_c60:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F14E4B7C-E38E-4877-9EB6-BE496CFBB8D4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ge:multilin_c70_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6AEDFEAA-FF6B-40AE-988D-96B37E6F7A15",
"versionEndExcluding": "8.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ge:multilin_c70:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5F2E81E6-B718-4809-8D30-3074B0FB7239",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ge:multilin_c95_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A6A8BC17-2B8A-4FCD-AED4-D60DBFA2CCAC",
"versionEndExcluding": "8.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ge:multilin_c95:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AFD919B5-753E-40A8-8B14-BD0BA28386C7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ge:multilin_d30_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A3506446-AF0D-4AC4-8C0A-5616D27C267B",
"versionEndExcluding": "8.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ge:multilin_d30:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9226C470-365B-4CFF-B1FF-326EA82E9C16",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ge:multilin_d60_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B0E5D2F8-AA89-44E3-9316-E28357E525D8",
"versionEndExcluding": "8.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ge:multilin_d60:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1CFC93A6-7FAB-4057-A962-6A9C8F0FD3DA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ge:multilin_f35_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C86C0AEE-795B-45B1-A917-00A355EC25CD",
"versionEndExcluding": "8.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ge:multilin_f35:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B66B913C-6D8A-4B5E-92AF-0ABE67195C47",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ge:multilin_f60_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D151332D-37C7-4F7B-A30E-EB7F927B905D",
"versionEndExcluding": "8.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ge:multilin_f60:-:*:*:*:*:*:*:*",
"matchCriteriaId": "313C6A1D-B50A-40C5-8553-68F21DFEDDDC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ge:multilin_g30_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D2E9423B-F49D-4AF7-8275-3216D615F279",
"versionEndExcluding": "8.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ge:multilin_g30:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BC9965C1-9B3C-4B8A-8643-43678B5A6643",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ge:multilin_g60_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2447F208-815E-44D2-91BC-7BFCFC85C977",
"versionEndExcluding": "8.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ge:multilin_g60:-:*:*:*:*:*:*:*",
"matchCriteriaId": "20A13929-C8B5-49E0-9F5C-EA443413C584",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ge:multilin_l30_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2DE2725C-8778-479D-8743-F62B5763931D",
"versionEndExcluding": "8.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ge:multilin_l30:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FF00D002-3C82-47B1-B585-DB91F33CEECC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ge:multilin_l60_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "34B1A2B8-B43B-4CCD-886A-0487C09E5279",
"versionEndExcluding": "8.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ge:multilin_l60:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0F716F53-3AC6-41C6-A894-9712A8AFE58C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ge:multilin_l90_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "58A5CD1D-27C0-4D14-9FBE-A8C74BD9737B",
"versionEndExcluding": "8.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ge:multilin_l90:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7BFF5085-6713-41FA-93D5-65AE4C8F8AD1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ge:multilin_m60_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E0B3453A-1B71-4ADD-8AC3-5D5436EAD879",
"versionEndExcluding": "8.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ge:multilin_m60:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5431E320-7E3A-4BD3-B33A-3345CF20B20D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ge:multilin_n60_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "80DE8022-6349-4E53-B97B-AFAD1685E40E",
"versionEndExcluding": "8.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ge:multilin_n60:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2217A440-FADD-40ED-A933-F3DBCF36E116",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ge:multilin_t35_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "51F57944-8FDB-4541-A6ED-BF6D40916786",
"versionEndExcluding": "8.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ge:multilin_t35:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B7B0753-62C7-4972-AD22-FC3E31A5218F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ge:multilin_t60_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B97E0654-4407-48CE-BC07-E2385E86B65A",
"versionEndExcluding": "8.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ge:multilin_t60:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5E75BD31-3057-42F4-BD1B-C68C797F39DF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ge:multilin_c30_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "10F68AE0-E4FC-4357-A619-B0B990FDC708",
"versionEndExcluding": "8.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ge:multilin_c30:-:*:*:*:*:*:*:*",
"matchCriteriaId": "314AA92C-5B56-475A-B65F-CF597CEBFB38",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GE UR firmware versions prior to version 8.1x web server task does not properly handle receipt of unsupported HTTP verbs, resulting in the web server becoming temporarily unresponsive after receiving a series of unsupported HTTP requests. When unresponsive, the web server is inaccessible. By itself, this is not particularly significant as the relay remains effective in all other functionality and communication channels."
},
{
"lang": "es",
"value": "GE UR versiones de firmware anteriores a versi\u00f3n 8.1x, de la tarea del servidor web no manejan apropiadamente la recepci\u00f3n de verbos HTTP no admitidos, resultando en que el servidor web deje de responder temporalmente tras recibir una serie de peticiones HTTP no admitidas. Cuando no responde, el servidor web es inaccesible. Por s\u00ed mismo, esto no es particularmente significativo, ya que el rel\u00e9 sigue siendo efectivo en todas las dem\u00e1s funcionalidades y canales de comunicaci\u00f3n"
}
],
"id": "CVE-2021-27420",
"lastModified": "2024-11-21T05:57:57.210",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-23T20:15:08.310",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Mitigation",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-075-02"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://www.gegridsolutions.com/Passport/Login.aspx"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-075-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://www.gegridsolutions.com/Passport/Login.aspx"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…