Insecure Default Variable Initialization
CVE-2021-27426
Summary
GE UR IED firmware versions prior to version 8.1x with “Basic” security variant does not allow the disabling of the “Factory Mode,” which is used for servicing the IED by a “Factory” user.
- LOW
- NETWORK
- HIGH
- UNCHANGED
- NONE
- NONE
- HIGH
- HIGH
CWE-453 - Insecure Default Variable Initialization
The software, by default, initializes an internal variable with an insecure or less secure value than is possible.
References
Advisory Timeline
- Published
