CVE-2021-27418

Name of the Vulnerable Software and Affected Versions GE UR firmware versions prior to 8.1x

Description The issue concerns the web interface of the GE UR firmware, which has read-only access but fails to properly validate user input. This failure makes it possible to perform cross-site scripting attacks, allowing malicious scripts to be sent. Additionally, the UR Firmware web server does not perform HTML encoding of user-supplied strings, further exacerbating the issue.

Recommendations For GE UR firmware versions prior to 8.1x, update to version 8.1x or later to resolve the issue. As a temporary workaround, consider restricting access to the web interface to minimize the risk of exploitation. Avoid using the web interface until the issue is resolved.