CVE-2021-27426

high-risk
Published 2022-03-23

GE UR IED firmware versions prior to version 8.1x with “Basic” security variant does not allow the disabling of the “Factory Mode,” which is used for servicing the IED by a “Factory” user.

Do I need to act?

-
0.29% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (19)

Multilin B30 Firmware
Multilin B90 Firmware
Multilin C60 Firmware
Multilin C70 Firmware
Multilin C95 Firmware
Multilin D30 Firmware
Multilin D60 Firmware
Multilin F35 Firmware
Multilin F60 Firmware
Multilin G30 Firmware
Multilin G60 Firmware
Multilin L30 Firmware
Multilin L60 Firmware
Multilin L90 Firmware
Multilin M60 Firmware
Multilin N60 Firmware
Multilin T35 Firmware
Multilin T60 Firmware
Multilin C30 Firmware

Affected Vendors

Ge

References (4)

Mitigation https://www.cisa.gov/uscert/ics/advisories/icsa-21-075-02
Permissions Required https://www.gegridsolutions.com/Passport/Login.aspx
Mitigation https://www.cisa.gov/uscert/ics/advisories/icsa-21-075-02
Permissions Required https://www.gegridsolutions.com/Passport/Login.aspx
52
/ 100
high-risk
Severity 32/34 · Critical
Exploitability 1/34 · Minimal
Exposure 19/34 · Moderate