1. Home
  2. CVE Database
  3. CVE-2021-27424
MEDIUM · 5.3

CVE-2021-27424

GE UR firmware versions prior to version 8.1x shares MODBUS memory map as part of the communications guide. GE was made aware a “Last-key pressed” MODBUS register can be used to gain unauthorized info...

Vulnerability Description

GE UR firmware versions prior to version 8.1x shares MODBUS memory map as part of the communications guide. GE was made aware a “Last-key pressed” MODBUS register can be used to gain unauthorized information.

CVSS Score

5.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
NONE
Availability
NONE

Affected Products

VendorProductVersions
GeMultilin B30 Firmware< 8.10
GeMultilin B30-
GeMultilin B90 Firmware< 8.10
GeMultilin B90-
GeMultilin C60 Firmware< 8.10
GeMultilin C60-
GeMultilin C70 Firmware< 8.10
GeMultilin C70-
GeMultilin C95 Firmware< 8.10
GeMultilin C95-
GeMultilin D30 Firmware< 8.10
GeMultilin D30-
GeMultilin D60 Firmware< 8.10
GeMultilin D60-
GeMultilin F35 Firmware< 8.10
GeMultilin F35-
GeMultilin F60 Firmware< 8.10
GeMultilin F60-
GeMultilin G30 Firmware< 8.10
GeMultilin G30-

Related Weaknesses (CWE)

CWE-668CWE-200

References

FAQ

What is CVE-2021-27424?

CVE-2021-27424 is a vulnerability with a CVSS score of 5.3 (MEDIUM). GE UR firmware versions prior to version 8.1x shares MODBUS memory map as part of the communications guide. GE was made aware a “Last-key pressed” MODBUS register can be used to gain unauthorized info...

How severe is CVE-2021-27424?

CVE-2021-27424 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-27424?

Check the references section above for vendor advisories and patch information. Affected products include: Ge Multilin B30 Firmware, Ge Multilin B30, Ge Multilin B90 Firmware, Ge Multilin B90, Ge Multilin C60 Firmware.