{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ge:multilin_b30_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "971B98BB-125D-4D3F-8B54-09C6ECBEFC46", "versionEndExcluding": "8.10", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ge:multilin_b30:-:*:*:*:*:*:*:*", "matchCriteriaId": "9AEAC84B-ED36-4D41-8CDC-84B30294667F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ge:multilin_b90_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "F0DD7078-54B7-4908-B041-C389601FFE54", "versionEndExcluding": "8.10", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ge:multilin_b90:-:*:*:*:*:*:*:*", "matchCriteriaId": "8F9FE28C-1F33-4ECA-9004-B46912A1D8D8", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ge:multilin_c60_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "1A9D29A9-8351-48E0-BFCF-21945F586C51", "versionEndExcluding": "8.10", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ge:multilin_c60:-:*:*:*:*:*:*:*", "matchCriteriaId": "F14E4B7C-E38E-4877-9EB6-BE496CFBB8D4", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ge:multilin_c70_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6AEDFEAA-FF6B-40AE-988D-96B37E6F7A15", "versionEndExcluding": "8.10", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ge:multilin_c70:-:*:*:*:*:*:*:*", "matchCriteriaId": "5F2E81E6-B718-4809-8D30-3074B0FB7239", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ge:multilin_c95_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "A6A8BC17-2B8A-4FCD-AED4-D60DBFA2CCAC", "versionEndExcluding": "8.10", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ge:multilin_c95:-:*:*:*:*:*:*:*", "matchCriteriaId": "AFD919B5-753E-40A8-8B14-BD0BA28386C7", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ge:multilin_d30_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "A3506446-AF0D-4AC4-8C0A-5616D27C267B", "versionEndExcluding": "8.10", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ge:multilin_d30:-:*:*:*:*:*:*:*", "matchCriteriaId": "9226C470-365B-4CFF-B1FF-326EA82E9C16", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ge:multilin_d60_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B0E5D2F8-AA89-44E3-9316-E28357E525D8", "versionEndExcluding": "8.10", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ge:multilin_d60:-:*:*:*:*:*:*:*", "matchCriteriaId": "1CFC93A6-7FAB-4057-A962-6A9C8F0FD3DA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ge:multilin_f35_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C86C0AEE-795B-45B1-A917-00A355EC25CD", "versionEndExcluding": "8.10", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ge:multilin_f35:-:*:*:*:*:*:*:*", "matchCriteriaId": "B66B913C-6D8A-4B5E-92AF-0ABE67195C47", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ge:multilin_f60_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D151332D-37C7-4F7B-A30E-EB7F927B905D", "versionEndExcluding": "8.10", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ge:multilin_f60:-:*:*:*:*:*:*:*", "matchCriteriaId": "313C6A1D-B50A-40C5-8553-68F21DFEDDDC", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ge:multilin_g30_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D2E9423B-F49D-4AF7-8275-3216D615F279", "versionEndExcluding": "8.10", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ge:multilin_g30:-:*:*:*:*:*:*:*", "matchCriteriaId": "BC9965C1-9B3C-4B8A-8643-43678B5A6643", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ge:multilin_g60_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "2447F208-815E-44D2-91BC-7BFCFC85C977", "versionEndExcluding": "8.10", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ge:multilin_g60:-:*:*:*:*:*:*:*", "matchCriteriaId": "20A13929-C8B5-49E0-9F5C-EA443413C584", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ge:multilin_l30_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "2DE2725C-8778-479D-8743-F62B5763931D", "versionEndExcluding": "8.10", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ge:multilin_l30:-:*:*:*:*:*:*:*", "matchCriteriaId": "FF00D002-3C82-47B1-B585-DB91F33CEECC", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ge:multilin_l60_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "34B1A2B8-B43B-4CCD-886A-0487C09E5279", "versionEndExcluding": "8.10", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ge:multilin_l60:-:*:*:*:*:*:*:*", "matchCriteriaId": "0F716F53-3AC6-41C6-A894-9712A8AFE58C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ge:multilin_l90_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "58A5CD1D-27C0-4D14-9FBE-A8C74BD9737B", "versionEndExcluding": "8.10", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ge:multilin_l90:-:*:*:*:*:*:*:*", "matchCriteriaId": "7BFF5085-6713-41FA-93D5-65AE4C8F8AD1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ge:multilin_m60_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E0B3453A-1B71-4ADD-8AC3-5D5436EAD879", "versionEndExcluding": "8.10", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ge:multilin_m60:-:*:*:*:*:*:*:*", "matchCriteriaId": "5431E320-7E3A-4BD3-B33A-3345CF20B20D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ge:multilin_n60_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "80DE8022-6349-4E53-B97B-AFAD1685E40E", "versionEndExcluding": "8.10", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ge:multilin_n60:-:*:*:*:*:*:*:*", "matchCriteriaId": "2217A440-FADD-40ED-A933-F3DBCF36E116", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ge:multilin_t35_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "51F57944-8FDB-4541-A6ED-BF6D40916786", "versionEndExcluding": "8.10", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ge:multilin_t35:-:*:*:*:*:*:*:*", "matchCriteriaId": "4B7B0753-62C7-4972-AD22-FC3E31A5218F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ge:multilin_t60_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B97E0654-4407-48CE-BC07-E2385E86B65A", "versionEndExcluding": "8.10", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ge:multilin_t60:-:*:*:*:*:*:*:*", "matchCriteriaId": "5E75BD31-3057-42F4-BD1B-C68C797F39DF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ge:multilin_c30_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "10F68AE0-E4FC-4357-A619-B0B990FDC708", "versionEndExcluding": "8.10", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ge:multilin_c30:-:*:*:*:*:*:*:*", "matchCriteriaId": "314AA92C-5B56-475A-B65F-CF597CEBFB38", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "GE UR firmware versions prior to version 8.1x supports web interface with read-only access. The device fails to properly validate user input, making it possible to perform cross-site scripting attacks, which may be used to send a malicious script. Also, UR Firmware web server does not perform HTML encoding of user-supplied strings."}, {"lang": "es", "value": "GE UR versiones de firmware anteriores a versi\u00f3n 8.1x, admiten la interfaz web con acceso de s\u00f3lo lectura. El dispositivo no comprueba correctamente la entrada del usuario, haciendo posible llevar a cabo ataques de tipo cross-site scripting, que pueden ser usados para enviar un script malicioso. Adem\u00e1s, el servidor web de UR Firmware no lleva a cabo la codificaci\u00f3n HTML de las cadenas suministradas por el usuario"}], "id": "CVE-2021-27418", "lastModified": "2022-04-01T18:26:05.900", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}, "published": "2022-03-23T20:15:08.247", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Mitigation", "Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-075-02"}, {"source": "ics-cert@hq.dhs.gov", "tags": ["Permissions Required", "Vendor Advisory"], "url": "https://www.gegridsolutions.com/Passport/Login.aspx"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-20"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}
MITRE Information
NVD Information
Redhat Information