Unrated severityNVD Advisory· Published Mar 23, 2022· Updated Apr 16, 2025
GE UR family input validation
CVE-2021-27418
Description
GE UR firmware versions prior to version 8.1x supports web interface with read-only access. The device fails to properly validate user input, making it possible to perform cross-site scripting attacks, which may be used to send a malicious script. Also, UR Firmware web server does not perform HTML encoding of user-supplied strings.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <8.1x
- GE/UR familyv5Range: unspecified
Patches
Vulnerability mechanics
References
2- www.cisa.gov/uscert/ics/advisories/icsa-21-075-02mitrex_refsource_CONFIRM
- www.gegridsolutions.com/Passport/Login.aspxmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.