CVE-2021-27420

GE UR firmware versions prior to version 8.1x web server task does not properly handle receipt of unsupported HTTP verbs, resulting in the web server becoming temporarily unresponsive after receiving a series of unsupported HTTP requests. When unresponsive, the web server is inaccessible. By itself, this is not particularly significant as the relay remains effective in all other functionality and communication channels.
References
Link Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-21-075-02 Mitigation Third Party Advisory US Government Resource
https://www.gegridsolutions.com/Passport/Login.aspx Permissions Required Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:ge:multilin_b30_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ge:multilin_b30:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:ge:multilin_b90_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ge:multilin_b90:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:ge:multilin_c60_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ge:multilin_c60:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:ge:multilin_c70_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ge:multilin_c70:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:ge:multilin_c95_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ge:multilin_c95:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:ge:multilin_d30_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ge:multilin_d30:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:ge:multilin_d60_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ge:multilin_d60:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:ge:multilin_f35_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ge:multilin_f35:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:ge:multilin_f60_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ge:multilin_f60:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:ge:multilin_g30_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ge:multilin_g30:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:ge:multilin_g60_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ge:multilin_g60:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:ge:multilin_l30_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ge:multilin_l30:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:ge:multilin_l60_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ge:multilin_l60:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:ge:multilin_l90_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ge:multilin_l90:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:ge:multilin_m60_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ge:multilin_m60:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
cpe:2.3:o:ge:multilin_n60_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ge:multilin_n60:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND
cpe:2.3:o:ge:multilin_t35_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ge:multilin_t35:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND
cpe:2.3:o:ge:multilin_t60_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ge:multilin_t60:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND
cpe:2.3:o:ge:multilin_c30_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ge:multilin_c30:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2022-03-23 20:15

Updated : 2024-02-28 19:09


NVD link : CVE-2021-27420

Mitre link : CVE-2021-27420

CVE.ORG link : CVE-2021-27420


JSON object : View

Products Affected

ge

  • multilin_t35
  • multilin_c60_firmware
  • multilin_c30_firmware
  • multilin_g30
  • multilin_t35_firmware
  • multilin_g60
  • multilin_m60
  • multilin_l60
  • multilin_b30_firmware
  • multilin_c60
  • multilin_f60
  • multilin_g60_firmware
  • multilin_d30
  • multilin_l30
  • multilin_l90_firmware
  • multilin_c70
  • multilin_l60_firmware
  • multilin_d60_firmware
  • multilin_d30_firmware
  • multilin_c95
  • multilin_f60_firmware
  • multilin_m60_firmware
  • multilin_t60_firmware
  • multilin_l90
  • multilin_n60_firmware
  • multilin_c30
  • multilin_n60
  • multilin_d60
  • multilin_l30_firmware
  • multilin_b90_firmware
  • multilin_c95_firmware
  • multilin_t60
  • multilin_b90
  • multilin_f35
  • multilin_g30_firmware
  • multilin_b30
  • multilin_f35_firmware
  • multilin_c70_firmware
CWE
CWE-20

Improper Input Validation