fkie_nvd - fkie_cve-2021-27426

fkie_cve-2021-27426

Vulnerability from fkie_nvd

Published

2022-03-23 20:15

Modified

2024-11-21 05:57

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

GE UR IED firmware versions prior to version 8.1x with “Basic” security variant does not allow the disabling of the “Factory Mode,” which is used for servicing the IED by a “Factory” user.

References

URL	Tags
ics-cert@hq.dhs.gov	https://www.cisa.gov/uscert/ics/advisories/icsa-21-075-02	Mitigation, Third Party Advisory, US Government Resource
ics-cert@hq.dhs.gov	https://www.gegridsolutions.com/Passport/Login.aspx	Permissions Required, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.cisa.gov/uscert/ics/advisories/icsa-21-075-02	Mitigation, Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	https://www.gegridsolutions.com/Passport/Login.aspx	Permissions Required, Vendor Advisory

Impacted products

Vendor	Product	Version
ge	multilin_b30_firmware	*
ge	multilin_b30	-
ge	multilin_b90_firmware	*
ge	multilin_b90	-
ge	multilin_c60_firmware	*
ge	multilin_c60	-
ge	multilin_c70_firmware	*
ge	multilin_c70	-
ge	multilin_c95_firmware	*
ge	multilin_c95	-
ge	multilin_d30_firmware	*
ge	multilin_d30	-
ge	multilin_d60_firmware	*
ge	multilin_d60	-
ge	multilin_f35_firmware	*
ge	multilin_f35	-
ge	multilin_f60_firmware	*
ge	multilin_f60	-
ge	multilin_g30_firmware	*
ge	multilin_g30	-
ge	multilin_g60_firmware	*
ge	multilin_g60	-
ge	multilin_l30_firmware	*
ge	multilin_l30	-
ge	multilin_l60_firmware	*
ge	multilin_l60	-
ge	multilin_l90_firmware	*
ge	multilin_l90	-
ge	multilin_m60_firmware	*
ge	multilin_m60	-
ge	multilin_n60_firmware	*
ge	multilin_n60	-
ge	multilin_t35_firmware	*
ge	multilin_t35	-
ge	multilin_t60_firmware	*
ge	multilin_t60	-
ge	multilin_c30_firmware	*
ge	multilin_c30	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ge:multilin_b30_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "971B98BB-125D-4D3F-8B54-09C6ECBEFC46",
              "versionEndExcluding": "8.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ge:multilin_b30:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9AEAC84B-ED36-4D41-8CDC-84B30294667F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ge:multilin_b90_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0DD7078-54B7-4908-B041-C389601FFE54",
              "versionEndExcluding": "8.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ge:multilin_b90:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F9FE28C-1F33-4ECA-9004-B46912A1D8D8",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ge:multilin_c60_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A9D29A9-8351-48E0-BFCF-21945F586C51",
              "versionEndExcluding": "8.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ge:multilin_c60:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F14E4B7C-E38E-4877-9EB6-BE496CFBB8D4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ge:multilin_c70_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6AEDFEAA-FF6B-40AE-988D-96B37E6F7A15",
              "versionEndExcluding": "8.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ge:multilin_c70:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F2E81E6-B718-4809-8D30-3074B0FB7239",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ge:multilin_c95_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6A8BC17-2B8A-4FCD-AED4-D60DBFA2CCAC",
              "versionEndExcluding": "8.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ge:multilin_c95:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AFD919B5-753E-40A8-8B14-BD0BA28386C7",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ge:multilin_d30_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3506446-AF0D-4AC4-8C0A-5616D27C267B",
              "versionEndExcluding": "8.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ge:multilin_d30:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9226C470-365B-4CFF-B1FF-326EA82E9C16",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ge:multilin_d60_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0E5D2F8-AA89-44E3-9316-E28357E525D8",
              "versionEndExcluding": "8.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ge:multilin_d60:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1CFC93A6-7FAB-4057-A962-6A9C8F0FD3DA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ge:multilin_f35_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C86C0AEE-795B-45B1-A917-00A355EC25CD",
              "versionEndExcluding": "8.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ge:multilin_f35:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B66B913C-6D8A-4B5E-92AF-0ABE67195C47",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ge:multilin_f60_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D151332D-37C7-4F7B-A30E-EB7F927B905D",
              "versionEndExcluding": "8.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ge:multilin_f60:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "313C6A1D-B50A-40C5-8553-68F21DFEDDDC",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ge:multilin_g30_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2E9423B-F49D-4AF7-8275-3216D615F279",
              "versionEndExcluding": "8.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ge:multilin_g30:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC9965C1-9B3C-4B8A-8643-43678B5A6643",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ge:multilin_g60_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2447F208-815E-44D2-91BC-7BFCFC85C977",
              "versionEndExcluding": "8.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ge:multilin_g60:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "20A13929-C8B5-49E0-9F5C-EA443413C584",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ge:multilin_l30_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DE2725C-8778-479D-8743-F62B5763931D",
              "versionEndExcluding": "8.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ge:multilin_l30:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF00D002-3C82-47B1-B585-DB91F33CEECC",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ge:multilin_l60_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "34B1A2B8-B43B-4CCD-886A-0487C09E5279",
              "versionEndExcluding": "8.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ge:multilin_l60:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F716F53-3AC6-41C6-A894-9712A8AFE58C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ge:multilin_l90_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "58A5CD1D-27C0-4D14-9FBE-A8C74BD9737B",
              "versionEndExcluding": "8.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ge:multilin_l90:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7BFF5085-6713-41FA-93D5-65AE4C8F8AD1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ge:multilin_m60_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0B3453A-1B71-4ADD-8AC3-5D5436EAD879",
              "versionEndExcluding": "8.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ge:multilin_m60:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5431E320-7E3A-4BD3-B33A-3345CF20B20D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ge:multilin_n60_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "80DE8022-6349-4E53-B97B-AFAD1685E40E",
              "versionEndExcluding": "8.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ge:multilin_n60:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2217A440-FADD-40ED-A933-F3DBCF36E116",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ge:multilin_t35_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "51F57944-8FDB-4541-A6ED-BF6D40916786",
              "versionEndExcluding": "8.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ge:multilin_t35:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B7B0753-62C7-4972-AD22-FC3E31A5218F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ge:multilin_t60_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B97E0654-4407-48CE-BC07-E2385E86B65A",
              "versionEndExcluding": "8.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ge:multilin_t60:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E75BD31-3057-42F4-BD1B-C68C797F39DF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ge:multilin_c30_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "10F68AE0-E4FC-4357-A619-B0B990FDC708",
              "versionEndExcluding": "8.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ge:multilin_c30:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "314AA92C-5B56-475A-B65F-CF597CEBFB38",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "GE UR IED firmware versions prior to version 8.1x with \u201cBasic\u201d security variant does not allow the disabling of the \u201cFactory Mode,\u201d which is used for servicing the IED by a \u201cFactory\u201d user."
    },
    {
      "lang": "es",
      "value": "GE UR IED versiones de firmware anteriores a versi\u00f3n 8.1x con la variante de seguridad \"Basic\" no permiten deshabilitar el \"Factory Mode\", que es usado para el mantenimiento del IED por parte de un usuario \"Factory\""
    }
  ],
  "id": "CVE-2021-27426",
  "lastModified": "2024-11-21T05:57:57.930",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "ics-cert@hq.dhs.gov",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-03-23T20:15:08.473",
  "references": [
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Mitigation",
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-075-02"
    },
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Permissions Required",
        "Vendor Advisory"
      ],
      "url": "https://www.gegridsolutions.com/Passport/Login.aspx"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mitigation",
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-075-02"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required",
        "Vendor Advisory"
      ],
      "url": "https://www.gegridsolutions.com/Passport/Login.aspx"
    }
  ],
  "sourceIdentifier": "ics-cert@hq.dhs.gov",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-453"
        }
      ],
      "source": "ics-cert@hq.dhs.gov",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2021-27426 (GCVE-0-2021-27426)

Vulnerability from cvelistv5

Published

2022-03-23 19:46

Modified

2025-04-16 16:40

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-453 - Insecure Default Variable Initialization