Firmware Upgrade Vulnerability in GE UR IED Versions Prior to 8.10

Firmware Upgrade Vulnerability in GE UR IED Versions Prior to 8.10

CVE-2021-27428 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

GE UR IED firmware versions prior to version 8.1x supports upgrading firmware using UR Setup configuration tool – Enervista UR Setup. This UR Setup tool validates the authenticity and integrity of firmware file before uploading the UR IED. An illegitimate user could upgrade firmware without appropriate privileges. The weakness is assessed, and mitigation is implemented in firmware Version 8.10.

Learn more about our User Device Pen Test.