CVE-2021-27418

Published Mar 23, 2022
Last updated 3 years ago
CVSS medium 6.1
Overview

Description: GE UR firmware versions prior to version 8.1x supports web interface with read-only access. The device fails to properly validate user input, making it possible to perform cross-site scripting attacks, which may be used to send a malicious script. Also, UR Firmware web server does not perform HTML encoding of user-supplied strings.
Source: ics-cert@hq.dhs.gov
NVD status: Analyzed
Risk scores

CVSS 3.1

Type: Primary
Base score: 6.1
Impact score: 2.7
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Severity: MEDIUM
CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:P/A:N
Weaknesses

nvd@nist.gov: CWE-79
ics-cert@hq.dhs.gov: CWE-20
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:ge:multilin_b30:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "9AEAC84B-ED36-4D41-8CDC-84B30294667F"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:ge:multilin_b30_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "971B98BB-125D-4D3F-8B54-09C6ECBEFC46",
            "versionEndExcluding": "8.10"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:ge:multilin_b90:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "8F9FE28C-1F33-4ECA-9004-B46912A1D8D8"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:ge:multilin_b90_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F0DD7078-54B7-4908-B041-C389601FFE54",
            "versionEndExcluding": "8.10"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:ge:multilin_c60:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F14E4B7C-E38E-4877-9EB6-BE496CFBB8D4"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:ge:multilin_c60_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1A9D29A9-8351-48E0-BFCF-21945F586C51",
            "versionEndExcluding": "8.10"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:ge:multilin_c70:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "5F2E81E6-B718-4809-8D30-3074B0FB7239"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:ge:multilin_c70_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6AEDFEAA-FF6B-40AE-988D-96B37E6F7A15",
            "versionEndExcluding": "8.10"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:ge:multilin_c95:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "AFD919B5-753E-40A8-8B14-BD0BA28386C7"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:ge:multilin_c95_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A6A8BC17-2B8A-4FCD-AED4-D60DBFA2CCAC",
            "versionEndExcluding": "8.10"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:ge:multilin_d30:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "9226C470-365B-4CFF-B1FF-326EA82E9C16"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:ge:multilin_d30_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A3506446-AF0D-4AC4-8C0A-5616D27C267B",
            "versionEndExcluding": "8.10"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:ge:multilin_d60:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "1CFC93A6-7FAB-4057-A962-6A9C8F0FD3DA"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:ge:multilin_d60_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B0E5D2F8-AA89-44E3-9316-E28357E525D8",
            "versionEndExcluding": "8.10"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:ge:multilin_f35:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B66B913C-6D8A-4B5E-92AF-0ABE67195C47"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:ge:multilin_f35_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C86C0AEE-795B-45B1-A917-00A355EC25CD",
            "versionEndExcluding": "8.10"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:ge:multilin_f60_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D151332D-37C7-4F7B-A30E-EB7F927B905D",
            "versionEndExcluding": "8.10"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:ge:multilin_f60:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "313C6A1D-B50A-40C5-8553-68F21DFEDDDC"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:ge:multilin_g30_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D2E9423B-F49D-4AF7-8275-3216D615F279",
            "versionEndExcluding": "8.10"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:ge:multilin_g30:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "BC9965C1-9B3C-4B8A-8643-43678B5A6643"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:ge:multilin_g60_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2447F208-815E-44D2-91BC-7BFCFC85C977",
            "versionEndExcluding": "8.10"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:ge:multilin_g60:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "20A13929-C8B5-49E0-9F5C-EA443413C584"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:ge:multilin_l30_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2DE2725C-8778-479D-8743-F62B5763931D",
            "versionEndExcluding": "8.10"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:ge:multilin_l30:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "FF00D002-3C82-47B1-B585-DB91F33CEECC"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:ge:multilin_l60_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "34B1A2B8-B43B-4CCD-886A-0487C09E5279",
            "versionEndExcluding": "8.10"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:ge:multilin_l60:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "0F716F53-3AC6-41C6-A894-9712A8AFE58C"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:ge:multilin_l90_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "58A5CD1D-27C0-4D14-9FBE-A8C74BD9737B",
            "versionEndExcluding": "8.10"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:ge:multilin_l90:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "7BFF5085-6713-41FA-93D5-65AE4C8F8AD1"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:ge:multilin_m60_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E0B3453A-1B71-4ADD-8AC3-5D5436EAD879",
            "versionEndExcluding": "8.10"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:ge:multilin_m60:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "5431E320-7E3A-4BD3-B33A-3345CF20B20D"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:ge:multilin_n60_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "80DE8022-6349-4E53-B97B-AFAD1685E40E",
            "versionEndExcluding": "8.10"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:ge:multilin_n60:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "2217A440-FADD-40ED-A933-F3DBCF36E116"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:ge:multilin_t35_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "51F57944-8FDB-4541-A6ED-BF6D40916786",
            "versionEndExcluding": "8.10"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:ge:multilin_t35:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "4B7B0753-62C7-4972-AD22-FC3E31A5218F"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:ge:multilin_t60_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B97E0654-4407-48CE-BC07-E2385E86B65A",
            "versionEndExcluding": "8.10"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:ge:multilin_t60:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "5E75BD31-3057-42F4-BD1B-C68C797F39DF"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:ge:multilin_c30_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "10F68AE0-E4FC-4357-A619-B0B990FDC708",
            "versionEndExcluding": "8.10"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:ge:multilin_c30:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "314AA92C-5B56-475A-B65F-CF597CEBFB38"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]
Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References
