PT-2022-9817 · Ge · Ge Ur Ied

Published

2022-03-23

Updated

2022-04-01

CVE-2021-27428

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions GE UR IED firmware versions prior to 8.10

Description The issue allows an illegitimate user to upgrade firmware without appropriate privileges. The UR Setup tool is used for upgrading firmware and validates the authenticity and integrity of the firmware file before uploading it to the UR IED.

Recommendations For GE UR IED firmware versions prior to 8.10, update to firmware Version 8.10 to resolve the issue.

Fix

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2021-27428

Affected Products

Ge Ur Ied

PT-2022-9817 · Ge · Ge Ur Ied

CVE-2021-27428

Weakness Enumeration

Related Identifiers

Affected Products

References · 4