CVE-2021-27422

GE UR firmware versions prior to version 8.1x web server interface is supported on UR over HTTP protocol. It allows sensitive information exposure without authentication.

CVSS v3.0 7.5 HIGH
CVSS v2.0 5.0 MEDIUM

7.5^/10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-21-075-02	Mitigation Third Party Advisory US Government Resource
https://www.gegridsolutions.com/Passport/Login.aspx	Permissions Required Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:ge:multilin_b30_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ge:multilin_b30:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:ge:multilin_b90_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ge:multilin_b90:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:ge:multilin_c60_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ge:multilin_c60:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:ge:multilin_c70_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ge:multilin_c70:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:ge:multilin_c95_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ge:multilin_c95:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:ge:multilin_d30_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ge:multilin_d30:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:ge:multilin_d60_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ge:multilin_d60:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:ge:multilin_f35_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ge:multilin_f35:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:ge:multilin_f60_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ge:multilin_f60:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:ge:multilin_g30_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ge:multilin_g30:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:ge:multilin_g60_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ge:multilin_g60:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:ge:multilin_l30_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ge:multilin_l30:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:ge:multilin_l60_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ge:multilin_l60:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:ge:multilin_l90_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ge:multilin_l90:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:ge:multilin_m60_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ge:multilin_m60:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:ge:multilin_n60_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ge:multilin_n60:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:ge:multilin_t35_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ge:multilin_t35:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND

cpe:2.3:o:ge:multilin_t60_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ge:multilin_t60:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND

cpe:2.3:o:ge:multilin_c30_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ge:multilin_c30:-:*:*:*:*:*:*:*

Information

Published : 2022-03-23 13:15

Updated : 2022-10-24 09:43

NVD link : CVE-2021-27422

Mitre link : CVE-2021-27422

JSON object : View

CWE

CWE-319

Cleartext Transmission of Sensitive Information

Products Affected

multilin_f60_firmware
multilin_l90_firmware
multilin_d30_firmware
multilin_t60
multilin_c30_firmware
multilin_b30
multilin_g60_firmware
multilin_l60
multilin_f35_firmware
multilin_c60
multilin_c95_firmware
multilin_l90
multilin_g60
multilin_d60_firmware
multilin_b90
multilin_c70
multilin_b30_firmware
multilin_g30
multilin_t35_firmware
multilin_c95
multilin_m60
multilin_c70_firmware
multilin_g30_firmware
multilin_l60_firmware
multilin_n60
multilin_n60_firmware
multilin_d30
multilin_c30
multilin_d60
multilin_t60_firmware
multilin_l30_firmware
multilin_b90_firmware
multilin_c60_firmware
multilin_f60
multilin_t35
multilin_l30
multilin_f35
multilin_m60_firmware

7.5 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

5.0 /10

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

JSON object

Attach tags to CVE-2021-27422

7.5^/10

5.0^/10

Attach tags to `CVE-2021-27422`