Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
GE UR family Unrestricted Upload of File with Dangerous Type
Vulnerability Description
GE UR IED firmware versions prior to version 8.1x supports upgrading firmware using UR Setup configuration tool – Enervista UR Setup. This UR Setup tool validates the authenticity and integrity of firmware file before uploading the UR IED. An illegitimate user could upgrade firmware without appropriate privileges. The weakness is assessed, and mitigation is implemented in firmware Version 8.10.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
危险类型文件的不加限制上传
Vulnerability Title
GE Grid Solutions UR 代码问题漏洞
Vulnerability Description
GE Grid Solutions UR是法国 (GE Grid Solutions)公司的一个嵌入式操作系统。提供高性能保护,可扩展的I / O,集成的监视和计量,高速通信以及广泛的编程和配置功能。 GE Grid Solutions UR 存在代码问题漏洞,该漏洞允许非法用户可以在没有适当特权的情况下升级固件。
CVSS Information
N/A
Vulnerability Type
N/A