CVE-2021-27430

Name of the Vulnerable Software and Affected Versions GE UR bootloader binary versions 7.00 through 7.02

Description The issue concerns unused hardcoded credentials in the bootloader binary. A user with physical access to the UR IED can interrupt the boot sequence by rebooting the UR.

Recommendations For versions 7.00 through 7.02, consider restricting physical access to the UR IED to minimize the risk of exploitation. As a temporary workaround, consider implementing additional security measures to prevent unauthorized rebooting of the UR IED until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.