Vulnerability Description
The software contains a hard-coded password it uses for its own inbound authentication or for outbound communication to external components on the Reason DR60 (all firmware versions prior to 02A04.1).
CVSS Score
8.8
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ge | Reason Dr60 Firmware | < 02a04.1 |
| Ge | Reason Dr60 | - |
Related Weaknesses (CWE)
References
- https://us-cert.cisa.gov/ics/advisories/icsa-21-082-03Third Party AdvisoryUS Government Resource
- https://us-cert.cisa.gov/ics/advisories/icsa-21-082-03Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2021-27438?
CVE-2021-27438 is a vulnerability with a CVSS score of 8.8 (HIGH). The software contains a hard-coded password it uses for its own inbound authentication or for outbound communication to external components on the Reason DR60 (all firmware versions prior to 02A04.1).
How severe is CVE-2021-27438?
CVE-2021-27438 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-27438?
Check the references section above for vendor advisories and patch information. Affected products include: Ge Reason Dr60 Firmware, Ge Reason Dr60.