CVE-2021-27430

{"id": "CVE-2021-27430", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.4, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.5}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.9}]}, "published": "2022-03-23T20:15:08.587", "references": [{"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-075-02", "tags": ["Mitigation", "Third Party Advisory", "US Government Resource"], "source": "ics-cert@hq.dhs.gov"}, {"url": "https://www.gegridsolutions.com/Passport/Login.aspx", "tags": ["Permissions Required", "Vendor Advisory"], "source": "ics-cert@hq.dhs.gov"}, {"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-075-02", "tags": ["Mitigation", "Third Party Advisory", "US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.gegridsolutions.com/Passport/Login.aspx", "tags": ["Permissions Required", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-798"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-798"}]}], "descriptions": [{"lang": "en", "value": "GE UR bootloader binary Version 7.00, 7.01 and 7.02 included unused hardcoded credentials. Additionally, a user with physical access to the UR IED can interrupt the boot sequence by rebooting the UR."}, {"lang": "es", "value": "Las versiones 7.00, 7.01 y 7.02 del binario del cargador de arranque GE UR inclu\u00edan credenciales embebidas no usadas. Adem\u00e1s, un usuario con acceso f\u00edsico al IED de la UR puede interrumpir la secuencia de arranque al reiniciar la UR"}], "lastModified": "2024-11-21T05:57:58.487", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ge:ur_bootloader_binary:7.00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "22714AED-DF46-46A3-B2E4-F12067B98D31"}, {"criteria": "cpe:2.3:a:ge:ur_bootloader_binary:7.01:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "27CA69B0-2830-4867-A471-65B3F411D3FA"}, {"criteria": "cpe:2.3:a:ge:ur_bootloader_binary:7.02:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "74EAD676-32C8-443B-88B0-CC8EE8B15E95"}], "operator": "OR"}]}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}