Ge Ur Family
6 CVEs affecting Ge Ur Family. Latest disclosed: 2022-03-23. Critical: 2, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2021-27426 | Critical | 9.8 | 2022-03-23 | GE UR IED firmware versions prior to version 8.1x with “Basic” security variant does not allow the disabling of the “Factory Mode,” which is used for servicing… |
CVE-2021-27428 | Critical | 9.8 | 2022-03-23 | GE UR IED firmware versions prior to version 8.1x supports upgrading firmware using UR Setup configuration tool – Enervista UR Setup. This UR Setup tool valida… |
CVE-2021-27422 | High | 7.5 | 2022-03-23 | GE UR firmware versions prior to version 8.1x web server interface is supported on UR over HTTP protocol. It allows sensitive information exposure without auth… |
CVE-2021-27424 | Medium | 5.3 | 2022-03-23 | GE UR firmware versions prior to version 8.1x shares MODBUS memory map as part of the communications guide. GE was made aware a “Last-key pressed” MODBUS regis… |
CVE-2021-27420 | Medium | 5.3 | 2022-03-23 | GE UR firmware versions prior to version 8.1x web server task does not properly handle receipt of unsupported HTTP verbs, resulting in the web server becoming… |
CVE-2021-27418 | Medium | 5.3 | 2022-03-23 | GE UR firmware versions prior to version 8.1x supports web interface with read-only access. The device fails to properly validate user input, making it possibl… |