VDB
ICSA-21-075-02
ICSA-21-075-02
PUBLISHED
CVSS 7.5 HIGH
Successful exploitation of these vulnerabilities could allow an attacker to access sensitive information, reboot the UR, gain privileged access, or cause a denial-of-service condition.
Risk Scores
CVSS v3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| GE Veronva UR C70: <8.10 | ||
| GE Veronva UR G30: <8.10 | ||
| GE Veronva UR C95: <8.10 | ||
| GE Veronva UR G60: <8.10 | ||
| GE Veronva UR M60: <8.10 | ||
| Web server vulnerabilities: all versions prior to version 8.1x | ||
| Weakness in UR bootloader binary: all bootloader versions prior to 7.03/7.04 | ||
| GE Veronva UR N60: <8.10 | ||
| GE Veronva UR L60: <8.10 | ||
| Protection from unintended firmware upload: all versions prior to 8.1x with basic security option | ||
| GE Veronva UR F60: <8.10 | ||
| GE Veronva UR T60: <8.10 | ||
| GE Veronva UR L30: <8.10 | ||
| Provisions to disable Factory Mode: all versions prior to 8.1x with basic security option | ||
| GE Veronva UR C30: <8.10 | ||
| GE Veronva UR C60: <8.10 | ||
| GE Veronva UR L90: <8.10 | ||
| Vulnerabilities related to SSH Support: firmware versions 7.4x to 8.0x (CyberSentry option) | ||
| GE Veronva UR D60: <8.10 | ||
| GE Veronva UR F35: <8.10 |
…and 5 more
Timeline
- Mar 16, 2021 CVE Published
- Apr 11, 2025 PoC Published
- Apr 16, 2026 CVE Updated
References
- https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2021/icsa-21-075-02.json advisory
- https://www.cisa.gov/news-events/ics-advisories/icsa-21-075-02 advisory
- https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01 url
- https://www.cisa.gov/resources-tools/resources/ics-recommended-practices url
- https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf url
- https://www.cisa.gov/topics/industrial-control-systems url
- https://www.cisa.gov/news-events/ics-alerts/ics-alert-10-301-01 url
- https://www.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf url
- https://www.cisa.gov/news-events/news/targeted-cyber-intrusion-detection-and-mitigation-strategies-update-b url
- https://www.cisa.gov/secure-our-world/teach-employees-avoid-phishing url
- https://www.cisa.gov/news-events/news/avoiding-social-engineering-and-phishing-attacks url
- https://www.gegridsolutions.com/Passport/Login.aspx fix
- https://us-cert.cisa.gov/ics/alerts/ICS-ALERT-10-301-01 url
- https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf url
- https://us-cert.cisa.gov/ics/tips/ICS-TIP-12-146-01B url