19 matches found
CVE-2021-27418
GE UR firmware versions prior to version 8.1x supports web interface with read-only access. The device fails to properly validate user input, making it possible to perform cross-site scripting attacks, which may be used to send a malicious script. Also, UR Firmware web server does not perform HTM...
CVE-2021-27422
GE UR firmware versions prior to version 8.1x web server interface is supported on UR over HTTP protocol. It allows sensitive information exposure without authentication...
EUVD-2021-14178
Malware in sbrugna...
CVE-2021-27424
GE UR firmware versions prior to version 8.1x shares MODBUS memory map as part of the communications guide. GE was made aware a “Last-key pressed” MODBUS register can be used to gain unauthorized information...
CVE-2021-27420
GE UR firmware versions prior to version 8.1x web server task does not properly handle receipt of unsupported HTTP verbs, resulting in the web server becoming temporarily unresponsive after receiving a series of unsupported HTTP requests. When unresponsive, the web server is inaccessible. By...
CVE-2021-27420
GE UR firmware versions prior to version 8.1x web server task does not properly handle receipt of unsupported HTTP verbs, resulting in the web server becoming temporarily unresponsive after receiving a series of unsupported HTTP requests. When unresponsive, the web server is inaccessible. By...
CVE-2021-27422
GE UR firmware versions prior to version 8.1x web server interface is supported on UR over HTTP protocol. It allows sensitive information exposure without authentication...
CVE-2021-27420
GE UR firmware versions prior to version 8.1x web server task does not properly handle receipt of unsupported HTTP verbs, resulting in the web server becoming temporarily unresponsive after receiving a series of unsupported HTTP requests. When unresponsive, the web server is inaccessible. By...
CVE-2021-27418
GE UR firmware versions prior to version 8.1x supports web interface with read-only access. The device fails to properly validate user input, making it possible to perform cross-site scripting attacks, which may be used to send a malicious script. Also, UR Firmware web server does not perform HTM...
CVE-2021-27424
GE UR firmware versions prior to version 8.1x shares MODBUS memory map as part of the communications guide. GE was made aware a “Last-key pressed” MODBUS register can be used to gain unauthorized information...
CVE-2021-27424
GE UR firmware versions prior to version 8.1x shares MODBUS memory map as part of the communications guide. GE was made aware a “Last-key pressed” MODBUS register can be used to gain unauthorized information...
Cross site scripting
GE UR firmware versions prior to version 8.1x supports web interface with read-only access. The device fails to properly validate user input, making it possible to perform cross-site scripting attacks, which may be used to send a malicious script. Also, UR Firmware web server does not perform HTM...
CVE-2021-27422
GE UR firmware 8.1x or later mitigates a vulnerability (CVE-2021-27422) where the web server interface, exposed over HTTP, can disclose sensitive information without authentication. Affected: GE UR family relays with prior-to-8.1x web server. Root cause: HTTP web server exposure allowing unauthen...
CVE-2021-27424
GE UR family devices running firmware prior to 8.1x expose a Last-key pressed MODBUS register that can disclose unauthorized information. The issue affects UR firmware versions before 8.1x (web server, MODBUS memory map exposure as part of the communications guide) and is reflected in CVE-2021-27...
CVE-2021-27424 GE UR family exposure of sensitive information to an unauthorized actor
GE UR firmware versions prior to version 8.1x shares MODBUS memory map as part of the communications guide. GE was made aware a “Last-key pressed” MODBUS register can be used to gain unauthorized information...
CVE-2021-27420
CVE-2021-27420 affects GE UR firmware prior to 8.1x, where the web server improperly handles unsupported HTTP verbs, causing the web server to become temporarily unresponsive though the relay remains functional. The vulnerability is documented across multiple connected sources (e.g., Nessus plugi...
CVE-2021-27420 GE UR family input validation
GE UR firmware versions prior to version 8.1x web server task does not properly handle receipt of unsupported HTTP verbs, resulting in the web server becoming temporarily unresponsive after receiving a series of unsupported HTTP requests. When unresponsive, the web server is inaccessible. By...
CVE-2021-27418 GE UR family input validation
GE UR firmware versions prior to version 8.1x supports web interface with read-only access. The device fails to properly validate user input, making it possible to perform cross-site scripting attacks, which may be used to send a malicious script. Also, UR Firmware web server does not perform HTM...
PT-2022-9814 · Ge · Ge Ur
Name of the Vulnerable Software and Affected Versions: GE UR firmware versions prior to 8.1x Description: The issue allows sensitive information exposure without authentication. This occurs because the web server interface is supported over the HTTP protocol. Recommendations: For GE UR firmware...