Lucene search
K

128 matches found

CVE
CVE
added 2022/03/23 7:46 p.m.98 views

CVE-2021-27426

CVE-2021-27426 affects GE UR family UR IEDs; prior to firmware 8.1x with Basic security, the device does not allow disabling Factory Mode, enabling servicing by factory users. Root cause is an insecure default variable initialization (CWE-453). Impact per sources includes potential bypass of acce...

9.8CVSS9.6AI score0.01163EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/03/23 7:46 p.m.25 views

CVE-2021-27426 GE UR family insecure default variable initialization

GE UR IED firmware versions prior to version 8.1x with “Basic” security variant does not allow the disabling of the “Factory Mode,” which is used for servicing the IED by a “Factory” user...

9.8CVSS9.6AI score0.01163EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2022/03/23 7:46 p.m.6 views

CVE-2021-27430 GE UR family hardcoded credentials

GE UR bootloader binary Version 7.00, 7.01 and 7.02 included unused hardcoded credentials. Additionally, a user with physical access to the UR IED can interrupt the boot sequence by rebooting the UR...

8.4CVSS8.2AI score0.00239EPSS
Exploits0References2
CVE
CVE
added 2022/03/23 7:46 p.m.99 views

CVE-2021-27430

GE UR bootloader binary versions 7.00–7.02 include unused hardcoded credentials. With physical access to the UR Intelligent Electronic Device, an attacker can interrupt the boot sequence by rebooting the UR. The issue is fixed by upgrading UR firmware to 8.10 or newer (GE publication GES-2021-004...

8.4CVSS7.2AI score0.00239EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/03/23 7:46 p.m.29 views

CVE-2021-27430 GE UR family hardcoded credentials

GE UR bootloader binary Version 7.00, 7.01 and 7.02 included unused hardcoded credentials. Additionally, a user with physical access to the UR IED can interrupt the boot sequence by rebooting the UR...

8.4CVSS8.3AI score0.00239EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2022/03/23 7:46 p.m.10 views

CVE-2021-27424 GE UR family exposure of sensitive information to an unauthorized actor

GE UR firmware versions prior to version 8.1x shares MODBUS memory map as part of the communications guide. GE was made aware a “Last-key pressed” MODBUS register can be used to gain unauthorized information...

5.3CVSS5.4AI score0.00844EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2022/03/23 7:46 p.m.5 views

CVE-2021-27428 GE UR family Unrestricted Upload of File with Dangerous Type

GE UR IED firmware versions prior to version 8.1x supports upgrading firmware using UR Setup configuration tool – Enervista UR Setup. This UR Setup tool validates the authenticity and integrity of firmware file before uploading the UR IED. An illegitimate user could upgrade firmware without...

9.8CVSS9.4AI score0.01163EPSS
Exploits0References2
CVE
CVE
added 2022/03/23 7:46 p.m.99 views

CVE-2021-27428

CVE-2021-27428 affects GE UR family UR IED firmware prior to 8.1x, where the UR Setup (Enervista UR Setup) firmware upgrade flow does not enforce appropriate privileges, allowing an illegitimate user to upgrade firmware. The weakness centers on Unrestricted Upload of a Dangerous Type; the vulnera...

9.8CVSS9.5AI score0.01163EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/03/23 7:46 p.m.29 views

CVE-2021-27424 GE UR family exposure of sensitive information to an unauthorized actor

GE UR firmware versions prior to version 8.1x shares MODBUS memory map as part of the communications guide. GE was made aware a “Last-key pressed” MODBUS register can be used to gain unauthorized information...

5.3CVSS5.7AI score0.00844EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/03/23 7:46 p.m.31 views

CVE-2021-27428 GE UR family Unrestricted Upload of File with Dangerous Type

GE UR IED firmware versions prior to version 8.1x supports upgrading firmware using UR Setup configuration tool – Enervista UR Setup. This UR Setup tool validates the authenticity and integrity of firmware file before uploading the UR IED. An illegitimate user could upgrade firmware without...

9.8CVSS9.6AI score0.01163EPSS
Exploits0References2
CVE
CVE
added 2022/03/23 7:46 p.m.122 views

CVE-2021-27424

GE UR family devices running firmware prior to 8.1x expose a Last-key pressed MODBUS register that can disclose unauthorized information. The issue affects UR firmware versions before 8.1x (web server, MODBUS memory map exposure as part of the communications guide) and is reflected in CVE-2021-27...

5.3CVSS5.8AI score0.00844EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2022/03/23 7:46 p.m.8 views

CVE-2021-27420 GE UR family input validation

GE UR firmware versions prior to version 8.1x web server task does not properly handle receipt of unsupported HTTP verbs, resulting in the web server becoming temporarily unresponsive after receiving a series of unsupported HTTP requests. When unresponsive, the web server is inaccessible. By...

5.3CVSS5.3AI score0.0102EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/03/23 7:46 p.m.17 views

CVE-2021-27420 GE UR family input validation

GE UR firmware versions prior to version 8.1x web server task does not properly handle receipt of unsupported HTTP verbs, resulting in the web server becoming temporarily unresponsive after receiving a series of unsupported HTTP requests. When unresponsive, the web server is inaccessible. By...

5.3CVSS5.6AI score0.0102EPSS
Exploits0References2
CVE
CVE
added 2022/03/23 7:46 p.m.106 views

CVE-2021-27420

CVE-2021-27420 affects GE UR firmware prior to 8.1x, where the web server improperly handles unsupported HTTP verbs, causing the web server to become temporarily unresponsive though the relay remains functional. The vulnerability is documented across multiple connected sources (e.g., Nessus plugi...

5.3CVSS5.8AI score0.0102EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2022/03/23 7:46 p.m.11 views

CVE-2021-27418 GE UR family input validation

GE UR firmware versions prior to version 8.1x supports web interface with read-only access. The device fails to properly validate user input, making it possible to perform cross-site scripting attacks, which may be used to send a malicious script. Also, UR Firmware web server does not perform HTM...

5.3CVSS6AI score0.00585EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/03/23 7:46 p.m.21 views

CVE-2021-27418 GE UR family input validation

GE UR firmware versions prior to version 8.1x supports web interface with read-only access. The device fails to properly validate user input, making it possible to perform cross-site scripting attacks, which may be used to send a malicious script. Also, UR Firmware web server does not perform HTM...

5.3CVSS6.2AI score0.00585EPSS
Exploits0References2
CVE
CVE
added 2022/03/23 7:46 p.m.104 views

CVE-2021-27418

GE UR firmware prior to 8.1x exposes a web interface with read‑only access that does not properly validate user input and fails to HTML-encode user-supplied strings, enabling cross‑site scripting (CVE-2021-27418). Red Hat, NVD/NIST, and ICS references corroborate a web server input‑validation wea...

6.1CVSS5.8AI score0.00585EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2022/03/23 12:0 a.m.5 views

PT-2022-9814 · Ge · Ge Ur

Name of the Vulnerable Software and Affected Versions: GE UR firmware versions prior to 8.1x Description: The issue allows sensitive information exposure without authentication. This occurs because the web server interface is supported over the HTTP protocol. Recommendations: For GE UR firmware...

7.5CVSS6.1AI score0.00641EPSS
Exploits0References4
Openbugbounty
Openbugbounty
added 2021/09/26 3:33 p.m.16 views

ur-biowooeb.cirad.fr Cross Site Scripting vulnerability OBB-2150011

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

Exploits0
ThreatPost
ThreatPost
added 2021/03/22 8:39 p.m.61 views

CISA Warns of Security Flaws in GE Power Management Devices

The U.S. Cybersecurity & Infrastructure Security Agency CISA is warning of critical-severity security flaws in GE’s Universal Relay UR family of power management devices. GE’s UR devices are the “basis of simplified power management for the protection of critical assets,” according to the company...

0.8AI score0.01163EPSS
Exploits0References14
Rows per page
Query Builder