{ "id": "CVE-2021-27428", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2022-03-23T20:15:08.527", "lastModified": "2024-11-21T05:57:58.207", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", "value": "GE UR IED firmware versions prior to version 8.1x supports upgrading firmware using UR Setup configuration tool \u2013 Enervista UR Setup. This UR Setup tool validates the authenticity and integrity of firmware file before uploading the UR IED. An illegitimate user could upgrade firmware without appropriate privileges. The weakness is assessed, and mitigation is implemented in firmware Version 8.10." }, { "lang": "es", "value": "IED GE UR versiones de firmware anteriores a versi\u00f3n 8.1x, admiten la actualizaci\u00f3n del firmware mediante la herramienta de configuraci\u00f3n UR Setup - Enervista UR Setup. Esta herramienta UR Setup comprueba la autenticidad e integridad del archivo de firmware antes de cargar el IED UR. Un usuario no leg\u00edtimo podr\u00eda actualizar el firmware sin privilegios apropiados. Ha sido evaluada la debilidad y ha sido implementada una mitigaci\u00f3n en versi\u00f3n 8.10 del firmware" } ], "metrics": { "cvssMetricV31": [ { "source": "ics-cert@hq.dhs.gov", "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH" }, "exploitabilityScore": 3.9, "impactScore": 5.9 }, { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH" }, "exploitabilityScore": 3.9, "impactScore": 5.9 } ], "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "baseScore": 7.5, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL" }, "baseSeverity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false } ] }, "weaknesses": [ { "source": "ics-cert@hq.dhs.gov", "type": "Secondary", "description": [ { "lang": "en", "value": "CWE-434" } ] }, { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-434" } ] } ], "configurations": [ { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:ge:multilin_b30_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "8.10", "matchCriteriaId": "971B98BB-125D-4D3F-8B54-09C6ECBEFC46" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:ge:multilin_b30:-:*:*:*:*:*:*:*", "matchCriteriaId": "9AEAC84B-ED36-4D41-8CDC-84B30294667F" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:ge:multilin_b90_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "8.10", "matchCriteriaId": "F0DD7078-54B7-4908-B041-C389601FFE54" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:ge:multilin_b90:-:*:*:*:*:*:*:*", "matchCriteriaId": "8F9FE28C-1F33-4ECA-9004-B46912A1D8D8" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:ge:multilin_c60_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "8.10", "matchCriteriaId": "1A9D29A9-8351-48E0-BFCF-21945F586C51" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:ge:multilin_c60:-:*:*:*:*:*:*:*", "matchCriteriaId": "F14E4B7C-E38E-4877-9EB6-BE496CFBB8D4" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:ge:multilin_c70_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "8.10", "matchCriteriaId": "6AEDFEAA-FF6B-40AE-988D-96B37E6F7A15" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:ge:multilin_c70:-:*:*:*:*:*:*:*", "matchCriteriaId": "5F2E81E6-B718-4809-8D30-3074B0FB7239" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:ge:multilin_c95_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "8.10", "matchCriteriaId": "A6A8BC17-2B8A-4FCD-AED4-D60DBFA2CCAC" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:ge:multilin_c95:-:*:*:*:*:*:*:*", "matchCriteriaId": "AFD919B5-753E-40A8-8B14-BD0BA28386C7" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:ge:multilin_d30_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "8.10", "matchCriteriaId": "A3506446-AF0D-4AC4-8C0A-5616D27C267B" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:ge:multilin_d30:-:*:*:*:*:*:*:*", "matchCriteriaId": "9226C470-365B-4CFF-B1FF-326EA82E9C16" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:ge:multilin_d60_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "8.10", "matchCriteriaId": "B0E5D2F8-AA89-44E3-9316-E28357E525D8" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:ge:multilin_d60:-:*:*:*:*:*:*:*", "matchCriteriaId": "1CFC93A6-7FAB-4057-A962-6A9C8F0FD3DA" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:ge:multilin_f35_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "8.10", "matchCriteriaId": "C86C0AEE-795B-45B1-A917-00A355EC25CD" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:ge:multilin_f35:-:*:*:*:*:*:*:*", "matchCriteriaId": "B66B913C-6D8A-4B5E-92AF-0ABE67195C47" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:ge:multilin_f60_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "8.10", "matchCriteriaId": "D151332D-37C7-4F7B-A30E-EB7F927B905D" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:ge:multilin_f60:-:*:*:*:*:*:*:*", "matchCriteriaId": "313C6A1D-B50A-40C5-8553-68F21DFEDDDC" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:ge:multilin_g30_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "8.10", "matchCriteriaId": "D2E9423B-F49D-4AF7-8275-3216D615F279" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:ge:multilin_g30:-:*:*:*:*:*:*:*", "matchCriteriaId": "BC9965C1-9B3C-4B8A-8643-43678B5A6643" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:ge:multilin_g60_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "8.10", "matchCriteriaId": "2447F208-815E-44D2-91BC-7BFCFC85C977" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:ge:multilin_g60:-:*:*:*:*:*:*:*", "matchCriteriaId": "20A13929-C8B5-49E0-9F5C-EA443413C584" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:ge:multilin_l30_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "8.10", "matchCriteriaId": "2DE2725C-8778-479D-8743-F62B5763931D" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:ge:multilin_l30:-:*:*:*:*:*:*:*", "matchCriteriaId": "FF00D002-3C82-47B1-B585-DB91F33CEECC" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:ge:multilin_l60_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "8.10", "matchCriteriaId": "34B1A2B8-B43B-4CCD-886A-0487C09E5279" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:ge:multilin_l60:-:*:*:*:*:*:*:*", "matchCriteriaId": "0F716F53-3AC6-41C6-A894-9712A8AFE58C" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:ge:multilin_l90_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "8.10", "matchCriteriaId": "58A5CD1D-27C0-4D14-9FBE-A8C74BD9737B" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:ge:multilin_l90:-:*:*:*:*:*:*:*", "matchCriteriaId": "7BFF5085-6713-41FA-93D5-65AE4C8F8AD1" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:ge:multilin_m60_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "8.10", "matchCriteriaId": "E0B3453A-1B71-4ADD-8AC3-5D5436EAD879" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:ge:multilin_m60:-:*:*:*:*:*:*:*", "matchCriteriaId": "5431E320-7E3A-4BD3-B33A-3345CF20B20D" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:ge:multilin_n60_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "8.10", "matchCriteriaId": "80DE8022-6349-4E53-B97B-AFAD1685E40E" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:ge:multilin_n60:-:*:*:*:*:*:*:*", "matchCriteriaId": "2217A440-FADD-40ED-A933-F3DBCF36E116" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:ge:multilin_t35_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "8.10", "matchCriteriaId": "51F57944-8FDB-4541-A6ED-BF6D40916786" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:ge:multilin_t35:-:*:*:*:*:*:*:*", "matchCriteriaId": "4B7B0753-62C7-4972-AD22-FC3E31A5218F" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:ge:multilin_t60_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "8.10", "matchCriteriaId": "B97E0654-4407-48CE-BC07-E2385E86B65A" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:ge:multilin_t60:-:*:*:*:*:*:*:*", "matchCriteriaId": "5E75BD31-3057-42F4-BD1B-C68C797F39DF" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:ge:multilin_c30_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "8.10", "matchCriteriaId": "10F68AE0-E4FC-4357-A619-B0B990FDC708" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:ge:multilin_c30:-:*:*:*:*:*:*:*", "matchCriteriaId": "314AA92C-5B56-475A-B65F-CF597CEBFB38" } ] } ] } ], "references": [ { "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-075-02", "source": "ics-cert@hq.dhs.gov", "tags": [ "Mitigation", "Third Party Advisory", "US Government Resource" ] }, { "url": "https://www.gegridsolutions.com/Passport/Login.aspx", "source": "ics-cert@hq.dhs.gov", "tags": [ "Permissions Required", "Vendor Advisory" ] }, { "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-075-02", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mitigation", "Third Party Advisory", "US Government Resource" ] }, { "url": "https://www.gegridsolutions.com/Passport/Login.aspx", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Permissions Required", "Vendor Advisory" ] } ] }