Lucene search
K

37 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 9:21 a.m.9 views

CVE-2021-27418

GE UR firmware versions prior to version 8.1x supports web interface with read-only access. The device fails to properly validate user input, making it possible to perform cross-site scripting attacks, which may be used to send a malicious script. Also, UR Firmware web server does not perform HTM...

6.1CVSS6.2AI score0.00585EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:53 a.m.8 views

CVE-2021-27430

GE UR bootloader binary Version 7.00, 7.01 and 7.02 included unused hardcoded credentials. Additionally, a user with physical access to the UR IED can interrupt the boot sequence by rebooting the UR...

8.4CVSS6.6AI score0.00239EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:53 a.m.5 views

CVE-2021-27422

GE UR firmware versions prior to version 8.1x web server interface is supported on UR over HTTP protocol. It allows sensitive information exposure without authentication...

7.5CVSS6.6AI score0.00641EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:53 a.m.5 views

CVE-2021-27426

GE UR IED firmware versions prior to version 8.1x with “Basic” security variant does not allow the disabling of the “Factory Mode,” which is used for servicing the IED by a “Factory” user...

9.8CVSS7AI score0.01163EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:53 a.m.4 views

CVE-2021-27428

GE UR IED firmware versions prior to version 8.1x supports upgrading firmware using UR Setup configuration tool – Enervista UR Setup. This UR Setup tool validates the authenticity and integrity of firmware file before uploading the UR IED. An illegitimate user could upgrade firmware without...

9.8CVSS6.9AI score0.01163EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-14178

Malware in sbrugna...

5.3CVSS5.7AI score0.00844EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2021-14174

Malware in sbrugna...

5.3CVSS5.7AI score0.0102EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/22 9:10 p.m.10 views

CVE-2021-27424

GE UR firmware versions prior to version 8.1x shares MODBUS memory map as part of the communications guide. GE was made aware a “Last-key pressed” MODBUS register can be used to gain unauthorized information...

5.3CVSS7.1AI score0.00844EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 7:31 p.m.7 views

CVE-2021-27420

GE UR firmware versions prior to version 8.1x web server task does not properly handle receipt of unsupported HTTP verbs, resulting in the web server becoming temporarily unresponsive after receiving a series of unsupported HTTP requests. When unresponsive, the web server is inaccessible. By...

5.3CVSS7AI score0.0102EPSS
Exploits0
NVD
NVD
added 2022/03/23 8:15 p.m.25 views

CVE-2021-27422

GE UR firmware versions prior to version 8.1x web server interface is supported on UR over HTTP protocol. It allows sensitive information exposure without authentication...

7.5CVSS0.00641EPSS
Exploits0References2
NVD
NVD
added 2022/03/23 8:15 p.m.22 views

CVE-2021-27428

GE UR IED firmware versions prior to version 8.1x supports upgrading firmware using UR Setup configuration tool – Enervista UR Setup. This UR Setup tool validates the authenticity and integrity of firmware file before uploading the UR IED. An illegitimate user could upgrade firmware without...

9.8CVSS0.01163EPSS
Exploits0References2
OSV
OSV
added 2022/03/23 8:15 p.m.3 views

CVE-2021-27418

GE UR firmware versions prior to version 8.1x supports web interface with read-only access. The device fails to properly validate user input, making it possible to perform cross-site scripting attacks, which may be used to send a malicious script. Also, UR Firmware web server does not perform HTM...

6.1CVSS6.5AI score0.00585EPSS
Exploits0References2
NVD
NVD
added 2022/03/23 8:15 p.m.16 views

CVE-2021-27420

GE UR firmware versions prior to version 8.1x web server task does not properly handle receipt of unsupported HTTP verbs, resulting in the web server becoming temporarily unresponsive after receiving a series of unsupported HTTP requests. When unresponsive, the web server is inaccessible. By...

5.3CVSS0.0102EPSS
Exploits0References2
NVD
NVD
added 2022/03/23 8:15 p.m.18 views

CVE-2021-27426

GE UR IED firmware versions prior to version 8.1x with “Basic” security variant does not allow the disabling of the “Factory Mode,” which is used for servicing the IED by a “Factory” user...

9.8CVSS0.01163EPSS
Exploits0References2
OSV
OSV
added 2022/03/23 8:15 p.m.5 views

CVE-2021-27424

GE UR firmware versions prior to version 8.1x shares MODBUS memory map as part of the communications guide. GE was made aware a “Last-key pressed” MODBUS register can be used to gain unauthorized information...

5.3CVSS6.2AI score0.00844EPSS
Exploits0References2
OSV
OSV
added 2022/03/23 8:15 p.m.4 views

CVE-2021-27420

GE UR firmware versions prior to version 8.1x web server task does not properly handle receipt of unsupported HTTP verbs, resulting in the web server becoming temporarily unresponsive after receiving a series of unsupported HTTP requests. When unresponsive, the web server is inaccessible. By...

5.3CVSS6.4AI score0.0102EPSS
Exploits0References2
Prion
Prion
added 2022/03/23 8:15 p.m.21 views

Information disclosure

GE UR firmware versions prior to version 8.1x shares MODBUS memory map as part of the communications guide. GE was made aware a “Last-key pressed” MODBUS register can be used to gain unauthorized information...

5CVSS6.5AI score0.00844EPSS
Exploits0References2Affected Software19
Prion
Prion
added 2022/03/23 8:15 p.m.24 views

Hardcoded credentials

GE UR bootloader binary Version 7.00, 7.01 and 7.02 included unused hardcoded credentials. Additionally, a user with physical access to the UR IED can interrupt the boot sequence by rebooting the UR...

4.6CVSS7.1AI score0.00239EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2022/03/23 8:15 p.m.18 views

Code injection

GE UR IED firmware versions prior to version 8.1x with “Basic” security variant does not allow the disabling of the “Factory Mode,” which is used for servicing the IED by a “Factory” user...

7.5CVSS9.4AI score0.01163EPSS
Exploits0References2Affected Software19
Cvelist
Cvelist
added 2022/03/23 7:46 p.m.22 views

CVE-2021-27422 GE UR family exposure of sensitive information to an unauthorized actor

GE UR firmware versions prior to version 8.1x web server interface is supported on UR over HTTP protocol. It allows sensitive information exposure without authentication...

7.5CVSS7.6AI score0.00641EPSS
Exploits0References2
Rows per page
Query Builder