Vulnerabilities > GE > Multilin D30 Firmware

DATE CVE VULNERABILITY TITLE RISK
2022-03-23 CVE-2021-27418 Cross-site Scripting vulnerability in GE products
GE UR firmware versions prior to version 8.1x supports web interface with read-only access.
network
ge CWE-79
4.3
2022-03-23 CVE-2021-27420 Improper Input Validation vulnerability in GE products
GE UR firmware versions prior to version 8.1x web server task does not properly handle receipt of unsupported HTTP verbs, resulting in the web server becoming temporarily unresponsive after receiving a series of unsupported HTTP requests.
network
low complexity
ge CWE-20
5.0
2022-03-23 CVE-2021-27422 Cleartext Transmission of Sensitive Information vulnerability in GE products
GE UR firmware versions prior to version 8.1x web server interface is supported on UR over HTTP protocol.
network
low complexity
ge CWE-319
7.5
2022-03-23 CVE-2021-27424 Exposure of Resource to Wrong Sphere vulnerability in GE products
GE UR firmware versions prior to version 8.1x shares MODBUS memory map as part of the communications guide.
network
low complexity
ge CWE-668
5.0
2022-03-23 CVE-2021-27426 Unspecified vulnerability in GE products
GE UR IED firmware versions prior to version 8.1x with “Basic” security variant does not allow the disabling of the “Factory Mode,” which is used for servicing the IED by a “Factory” user.
network
low complexity
ge
7.5
2022-03-23 CVE-2021-27428 Unrestricted Upload of File with Dangerous Type vulnerability in GE products
GE UR IED firmware versions prior to version 8.1x supports upgrading firmware using UR Setup configuration tool – Enervista UR Setup.
network
low complexity
ge CWE-434
7.5