CVE-2021-27426
Critical
Published: 23 March 2022
Published
23 March 2022
Modified
21 November 2024
KEV Added
—
Patch
—
CVSS Score v3.1
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
0.0029
52.8th percentile
Risk Priority
20
60% EPSS · 20% KEV · 20% CVSS
Summary
CVE-2021-27426 is a critical-severity Insecure Default Variable Initialization (CWE-453) vulnerability in Ge Multilin B30 Firmware. Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 47.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2021-14180
Vulnerability details
GE UR IED firmware versions prior to version 8.1x with “Basic” security variant does not allow the disabling of the “Factory Mode,” which is used for servicing the IED by a “Factory” user.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
ge
multilin b30 firmware
≤ 8.10
ge
multilin b90 firmware
≤ 8.10
ge
multilin c60 firmware
≤ 8.10
ge
multilin c70 firmware
≤ 8.10
ge
multilin c95 firmware
≤ 8.10
ge
multilin d30 firmware
≤ 8.10
ge
multilin d60 firmware
≤ 8.10
ge
multilin f35 firmware
≤ 8.10
ge
multilin f60 firmware
≤ 8.10
ge
multilin g30 firmware
≤ 8.10
+9 more product configuration(s) — see NVD for full list
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.