CVE-2021-27426

GE UR family insecure default variable initialization

CVSS 9.8 CRITICALEPSS 1.2%CWE-453

GE UR IED firmware versions prior to version 8.1x with “Basic” security variant does not allow the disabling of the “Factory Mode,” which is used for servicing the IED by a “Factory” user.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

GE · UR family

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.cisa.gov/uscert/ics/advisories/icsa-21-075-02 https://www.gegridsolutions.com/Passport/Login.aspx