Vulnerability Details : CVE-2021-27440
The software contains a hard-coded password it uses for its own inbound authentication or for outbound communication to external components on the Reason DR60 (all firmware versions prior to 02A04.1).
Exploit prediction scoring system (EPSS) score for CVE-2021-27440
Probability of exploitation activity in the next 30 days: 0.21%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 59 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2021-27440
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
|
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2021-27440
-
The product contains a hard-coded password, which it uses for its own inbound authentication or for outbound communication to external components.Assigned by: ics-cert@hq.dhs.gov (Secondary)
-
The product contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2021-27440
-
https://us-cert.cisa.gov/ics/advisories/icsa-21-082-03
GE Reason DR60 | CISAThird Party Advisory;US Government Resource
Products affected by CVE-2021-27440
- cpe:2.3:o:ge:reason_dr60_firmware:*:*:*:*:*:*:*:*