Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveIcscertCVE-2021-27418
HistoryMar 23, 2022 - 8:15 p.m.

CVE-2021-27418

2022-03-2320:15:08
CWE-20
CWE-79
icscert
web.nvd.nist.gov
77
cve-2021-27418
ge ur
firmware
web interface
cross-site scripting
xss
html encoding

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

6.5

Confidence

High

EPSS

0.001

Percentile

41.5%

JSON

GE UR firmware versions prior to version 8.1x supports web interface with read-only access. The device fails to properly validate user input, making it possible to perform cross-site scripting attacks, which may be used to send a malicious script. Also, UR Firmware web server does not perform HTML encoding of user-supplied strings.

Affected configurations

Nvd
Node
gemultilin_b30Match-
AND
gemultilin_b30_firmwareRange<8.10
Node
gemultilin_b90Match-
AND
gemultilin_b90_firmwareRange<8.10
Node
gemultilin_c60Match-
AND
gemultilin_c60_firmwareRange<8.10
Node
gemultilin_c70Match-
AND
gemultilin_c70_firmwareRange<8.10
Node
gemultilin_c95Match-
AND
gemultilin_c95_firmwareRange<8.10
Node
gemultilin_d30Match-
AND
gemultilin_d30_firmwareRange<8.10
Node
gemultilin_d60Match-
AND
gemultilin_d60_firmwareRange<8.10
Node
gemultilin_f35Match-
AND
gemultilin_f35_firmwareRange<8.10
Node
gemultilin_f60_firmwareRange<8.10
AND
gemultilin_f60Match-
Node
gemultilin_g30_firmwareRange<8.10
AND
gemultilin_g30Match-
Node
gemultilin_g60_firmwareRange<8.10
AND
gemultilin_g60Match-
Node
gemultilin_l30_firmwareRange<8.10
AND
gemultilin_l30Match-
Node
gemultilin_l60_firmwareRange<8.10
AND
gemultilin_l60Match-
Node
gemultilin_l90_firmwareRange<8.10
AND
gemultilin_l90Match-
Node
gemultilin_m60_firmwareRange<8.10
AND
gemultilin_m60Match-
Node
gemultilin_n60_firmwareRange<8.10
AND
gemultilin_n60Match-
Node
gemultilin_t35_firmwareRange<8.10
AND
gemultilin_t35Match-
Node
gemultilin_t60_firmwareRange<8.10
AND
gemultilin_t60Match-
Node
gemultilin_c30_firmwareRange<8.10
AND
gemultilin_c30Match-
VendorProductVersionCPE
gemultilin_b30-cpe:2.3:h:ge:multilin_b30:-:*:*:*:*:*:*:*
gemultilin_b30_firmware*cpe:2.3:o:ge:multilin_b30_firmware:*:*:*:*:*:*:*:*
gemultilin_b90-cpe:2.3:h:ge:multilin_b90:-:*:*:*:*:*:*:*
gemultilin_b90_firmware*cpe:2.3:o:ge:multilin_b90_firmware:*:*:*:*:*:*:*:*
gemultilin_c60-cpe:2.3:h:ge:multilin_c60:-:*:*:*:*:*:*:*
gemultilin_c60_firmware*cpe:2.3:o:ge:multilin_c60_firmware:*:*:*:*:*:*:*:*
gemultilin_c70-cpe:2.3:h:ge:multilin_c70:-:*:*:*:*:*:*:*
gemultilin_c70_firmware*cpe:2.3:o:ge:multilin_c70_firmware:*:*:*:*:*:*:*:*
gemultilin_c95-cpe:2.3:h:ge:multilin_c95:-:*:*:*:*:*:*:*
gemultilin_c95_firmware*cpe:2.3:o:ge:multilin_c95_firmware:*:*:*:*:*:*:*:*
Rows per page:
1-10 of 381

CNA Affected

[
  {
    "product": "UR family",
    "vendor": "GE",
    "versions": [
      {
        "lessThan": "8.1x",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

Related

prion 1
nvd 1
cvelist 1
thn 1
ics 1
prion
prion
Cross site scripting
2022-03-23 20:15:00
nvd
nvd
CVE-2021-27418
2022-03-23 20:15:08
cvelist
cvelist
CVE-2021-27418 GE UR family input validation
2022-03-23 19:46:23
thn
thn
Critical Flaws Affecting GE's Universal Relay Pose Threat to Electric Utilities
2021-03-23 11:24:00
ics
ics
GE UR family
2021-03-16 12:00:00

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

6.5

Confidence

High

EPSS

0.001

Percentile

41.5%

JSON
Related for CVE-2021-27418
prion1nvd1cvelist1thn1ics1