Details of VAR-202103-0914

ID

VAR-202103-0914

CVE

CVE-2021-27450

TITLE

GE MU320E Insufficient Encryption Strength Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2021-24022

DESCRIPTION

SSH server configuration file does not implement some best practices. This could lead to a weakening of the SSH protocol strength, which could lead to additional misconfiguration or be leveraged as part of a larger attack on the MU320E (all firmware versions prior to v04A00.1). MU320E is a process interface unit with integrated analog and digital combined interface introduced by GE. The firmware of GE MU320E 04A00.1 version has insufficient encryption strength vulnerability. Attackers can use this vulnerability to cause other misconfigurations or launch further attacks

Trust: 1.53

sources: NVD: CVE-2021-27450 // CNVD: CNVD-2021-24022 // VULMON: CVE-2021-27450

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-24022

AFFECTED PRODUCTS

vendor:	ge	model:	mu320e	scope:	lt	version:	04a00.1	Trust: 1.0
vendor:	ge	model:	mu320e <04a00.1	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2021-24022 // NVD: CVE-2021-27450

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-27450
value:	HIGH
Trust: 1.0
CNVD:	CNVD-2021-24022
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202103-1310
value:	HIGH
Trust: 0.6
VULMON:	CVE-2021-27450
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-27450
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
CNVD:	CNVD-2021-24022
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-27450
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2021-24022 // VULMON: CVE-2021-27450 // CNNVD: CNNVD-202103-1310 // NVD: CVE-2021-27450

PROBLEMTYPE DATA

problemtype:

CWE-326

Trust: 1.0

sources: NVD: CVE-2021-27450

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202103-1310

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-202103-1310

PATCH

title:	Patch for GE MU320E Insufficient Encryption Strength Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/255316	Trust: 0.6
title:	Grid Solutions GE MU320E Fixes for encryption problem vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=145665	Trust: 0.6

sources: CNVD: CNVD-2021-24022 // CNNVD: CNNVD-202103-1310

EXTERNAL IDS

db:	ICS CERT	id:	ICSA-21-082-02	Trust: 2.3
db:	NVD	id:	CVE-2021-27450	Trust: 2.3
db:	CNVD	id:	CNVD-2021-24022	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.1006	Trust: 0.6
db:	CNNVD	id:	CNNVD-202103-1310	Trust: 0.6
db:	VULMON	id:	CVE-2021-27450	Trust: 0.1

sources: CNVD: CNVD-2021-24022 // VULMON: CVE-2021-27450 // CNNVD: CNNVD-202103-1310 // NVD: CVE-2021-27450

REFERENCES

url:	https://us-cert.cisa.gov/ics/advisories/icsa-21-082-02	Trust: 2.9
url:	https://www.auscert.org.au/bulletins/esb-2021.1006	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/326.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2021-24022 // VULMON: CVE-2021-27450 // CNNVD: CNNVD-202103-1310 // NVD: CVE-2021-27450

SOURCES

db:	CNVD	id:	CNVD-2021-24022
db:	VULMON	id:	CVE-2021-27450
db:	CNNVD	id:	CNNVD-202103-1310
db:	NVD	id:	CVE-2021-27450

LAST UPDATE DATE

2024-11-23T21:50:56.819000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-24022	date:	2021-03-31T00:00:00
db:	VULMON	id:	CVE-2021-27450	date:	2021-03-29T00:00:00
db:	CNNVD	id:	CNNVD-202103-1310	date:	2021-03-30T00:00:00
db:	NVD	id:	CVE-2021-27450	date:	2024-11-21T05:58:00.800

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-24022	date:	2021-03-31T00:00:00
db:	VULMON	id:	CVE-2021-27450	date:	2021-03-25T00:00:00
db:	CNNVD	id:	CNNVD-202103-1310	date:	2021-03-23T00:00:00
db:	NVD	id:	CVE-2021-27450	date:	2021-03-25T20:15:13.163