CVE-2021-27428

Description

GE UR IED firmware versions prior to version 8.1x supports upgrading firmware using UR Setup configuration tool – Enervista UR Setup. This UR Setup tool validates the authenticity and integrity of firmware file before uploading the UR IED. An illegitimate user could upgrade firmware without appropriate privileges. The weakness is assessed, and mitigation is implemented in firmware Version 8.10.

References

https://www.gegridsolutions.com/Passport/Login.aspx

https://www.cisa.gov/uscert/ics/advisories/icsa-21-075-02

Details

Source: Mitre, NVD

Risk Information

CVSS v2

CVSS v3

EPSS