What is CVE-2021-27426?

CVE-2021-27426 is a critical-severity vulnerability in Ge Ur Family, classified under CWE-453. CVSS score: 9.8/10. Published 2022-03-23.

How severe is CVE-2021-27426?

Critical severity. CVSS v3 base score is 9.8 out of 10.

Vulnerability in Ge Ur Family

CVE-2021-27426

GE UR IED firmware versions prior to version 8.1x with “Basic” security variant does not allow the disabling of the “Factory Mode,” which is used for servicing the IED by a “Factory” user.

EPSS: 0.003 (52.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Ge Ur Family — versions unspecified

Weakness classification (CWE)

CWE-453

References

www.cisa.gov/uscert/ics/advisories/icsa-21-075-02 (x_refsource_CONFIRM)
www.gegridsolutions.com/Passport/Login.aspx (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2021-27426?: CVE-2021-27426 is a critical-severity vulnerability in Ge Ur Family, classified under CWE-453. CVSS score: 9.8/10. Published 2022-03-23.
How severe is CVE-2021-27426?: Critical severity. CVSS v3 base score is 9.8 out of 10.