Vulnerabilities > GE > Multilin T35 Firmware > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-23 | CVE-2021-27418 | Cross-site Scripting vulnerability in GE products GE UR firmware versions prior to version 8.1x supports web interface with read-only access. | 4.3 |
| 2022-03-23 | CVE-2021-27420 | Improper Input Validation vulnerability in GE products GE UR firmware versions prior to version 8.1x web server task does not properly handle receipt of unsupported HTTP verbs, resulting in the web server becoming temporarily unresponsive after receiving a series of unsupported HTTP requests. | 5.0 |
| 2022-03-23 | CVE-2021-27424 | Exposure of Resource to Wrong Sphere vulnerability in GE products GE UR firmware versions prior to version 8.1x shares MODBUS memory map as part of the communications guide. | 5.0 |