CVE-2021-27424

MEDIUM

GE UR <8.1x - Info Disclosure

Title source: llm

Description

GE UR firmware versions prior to version 8.1x shares MODBUS memory map as part of the communications guide. GE was made aware a “Last-key pressed” MODBUS register can be used to gain unauthorized information.

References (2)

[Mitigation, Third Party Advisory, US Government Resource] https://www.cisa.gov/uscert/ics/advisories/icsa-21-075-02

[Permissions Required, Vendor Advisory] https://www.gegridsolutions.com/Passport/Login.aspx

Scores

CVSS v3 5.3

EPSS 0.0026

EPSS Percentile 49.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Classification

CWE

CWE-200 CWE-668

Status published

Affected Products (19)

ge/multilin_b30_firmware < 8.10

ge/multilin_b90_firmware < 8.10

ge/multilin_c60_firmware < 8.10

ge/multilin_c70_firmware < 8.10

ge/multilin_c95_firmware < 8.10

ge/multilin_d30_firmware < 8.10

ge/multilin_d60_firmware < 8.10

ge/multilin_f35_firmware < 8.10

ge/multilin_f60_firmware < 8.10

ge/multilin_g30_firmware < 8.10

ge/multilin_g60_firmware < 8.10

ge/multilin_l30_firmware < 8.10

ge/multilin_l60_firmware < 8.10

ge/multilin_l90_firmware < 8.10

ge/multilin_m60_firmware < 8.10

... and 4 more

Timeline

Published Mar 23, 2022

Tracked Since Feb 18, 2026