CVE-2021-27430

Опубликовано: 23 мар. 2022

Источник: nvd

CVSS3: 8.4

CVSS3: 6.8

CVSS2: 4.6

EPSS Низкий

Описание

GE UR bootloader binary Version 7.00, 7.01 and 7.02 included unused hardcoded credentials. Additionally, a user with physical access to the UR IED can interrupt the boot sequence by rebooting the UR.

Ссылки

https://www.cisa.gov/uscert/ics/advisories/icsa-21-075-02
Mitigation
Third Party Advisory
US Government Resource
https://www.gegridsolutions.com/Passport/Login.aspx
Permissions Required
Vendor Advisory
https://www.cisa.gov/uscert/ics/advisories/icsa-21-075-02
Mitigation
Third Party Advisory
US Government Resource
https://www.gegridsolutions.com/Passport/Login.aspx
Permissions Required
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ge:ur_bootloader_binary:7.00:*:*:*:*:*:*:*

cpe:2.3:a:ge:ur_bootloader_binary:7.01:*:*:*:*:*:*:*

cpe:2.3:a:ge:ur_bootloader_binary:7.02:*:*:*:*:*:*:*

EPSS

Процентиль: 25%

0.00085

Низкий

8.4 High

CVSS3

6.8 Medium

CVSS3

4.6 Medium

CVSS2

Дефекты

CWE-798

Связанные уязвимости

GHSA-v3x3-gpvq-h27p

CVSS3: 6.8

github

почти 4 года назад

GE UR bootloader binary Version 7.00, 7.01 and 7.02 included unused hardcoded credentials. Additionally, a user with physical access to the UR IED can interrupt the boot sequence by rebooting the UR.

EPSS

Процентиль: 25%

0.00085

Низкий

8.4 High

CVSS3

6.8 Medium

CVSS3

4.6 Medium

CVSS2

Дефекты

CWE-798