CVE-2021-27422

moderate-risk

Published 2022-03-23

GE UR firmware versions prior to version 8.1x web server interface is supported on UR over HTTP protocol. It allows sensitive information exposure without authentication.

Do I need to act?

0.10% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.5/10 High

NETWORK / LOW complexity

Affected Products (19)

Multilin B30 Firmware

Multilin B90 Firmware

Multilin C60 Firmware

Multilin C70 Firmware

Multilin C95 Firmware

Multilin D30 Firmware

Multilin D60 Firmware

Multilin F35 Firmware

Multilin F60 Firmware

Multilin G30 Firmware

Multilin G60 Firmware

Multilin L30 Firmware

Multilin L60 Firmware

Multilin L90 Firmware

Multilin M60 Firmware

Multilin N60 Firmware

Multilin T35 Firmware

Multilin T60 Firmware

Multilin C30 Firmware

Affected Vendors

References (4)

Mitigation https://www.cisa.gov/uscert/ics/advisories/icsa-21-075-02

Permissions Required https://www.gegridsolutions.com/Passport/Login.aspx

Mitigation https://www.cisa.gov/uscert/ics/advisories/icsa-21-075-02

Permissions Required https://www.gegridsolutions.com/Passport/Login.aspx

/ 100

moderate-risk

Severity 26/34 · High

Exploitability 0/34 · Minimal

Exposure 19/34 · Moderate