Unrated severityNVD Advisory· Published Mar 23, 2022· Updated Apr 16, 2025
GE UR family Unrestricted Upload of File with Dangerous Type
CVE-2021-27428
Description
GE UR IED firmware versions prior to version 8.1x supports upgrading firmware using UR Setup configuration tool – Enervista UR Setup. This UR Setup tool validates the authenticity and integrity of firmware file before uploading the UR IED. An illegitimate user could upgrade firmware without appropriate privileges. The weakness is assessed, and mitigation is implemented in firmware Version 8.10.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <8.10
- GE/UR familyv5Range: unspecified
Patches
Vulnerability mechanics
References
2- www.cisa.gov/uscert/ics/advisories/icsa-21-075-02mitrex_refsource_CONFIRM
- www.gegridsolutions.com/Passport/Login.aspxmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.