GE UR firmware versions prior to version 8.1x web server task does not properly handle receipt of unsupported HTTP verbs, resulting in the web server becoming temporarily unresponsive after receiving a series of unsupported HTTP requests. When unresponsive, the web server is inaccessible. By itself, this is not particularly significant as the relay remains effective in all other functionality and communication channels.
Conclusion & alert: CVE-2021-27420 is rated Moderate Risk (42.5/100): CVSS Medium severity, with medium exploitation likelihood (EPSS 1.02%). Mandatory action: Review affected assets and schedule remediation.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).
| # | Date | Old EPSS score | New EPSS score | Delta (New - Old) |
|---|---|---|---|---|
| 1 | 2026-06-15 | 0.23% | 1.02% | +0.79% |
| 2 | 2026-03-18 | 0.29% | 0.23% | -0.06% |
| 3 | 2025-11-21 | — | 0.29% | — |
Full EPSS history (12 records total)
CVSS metrics for this CVE.
| Base score | Version | Severity | Vector | Exploitability | Impact | Score source |
|---|---|---|---|---|---|---|
| 5.3 | 3.1 | MEDIUM |
|
3.9 | 1.4 | [email protected] |
| 5.3 | 3.1 | MEDIUM |
|
3.9 | 1.4 | [email protected] |
| 5.0 | 2.0 | MEDIUM |
|
10.0 | 2.9 | [email protected] |
| Vendor | Product | Version | Raw CPE |
|---|---|---|---|
| ge | multilin_b30_firmware | < 8.10 | cpe:2.3:o:ge:multilin_b30_firmware:*:*:*:*:*:*:*:* |
| ge | multilin_b90_firmware | < 8.10 | cpe:2.3:o:ge:multilin_b90_firmware:*:*:*:*:*:*:*:* |
| ge | multilin_c60_firmware | < 8.10 | cpe:2.3:o:ge:multilin_c60_firmware:*:*:*:*:*:*:*:* |
| ge | multilin_c70_firmware | < 8.10 | cpe:2.3:o:ge:multilin_c70_firmware:*:*:*:*:*:*:*:* |
| ge | multilin_c95_firmware | < 8.10 | cpe:2.3:o:ge:multilin_c95_firmware:*:*:*:*:*:*:*:* |
| ge | multilin_d30_firmware | < 8.10 | cpe:2.3:o:ge:multilin_d30_firmware:*:*:*:*:*:*:*:* |
| ge | multilin_d60_firmware | < 8.10 | cpe:2.3:o:ge:multilin_d60_firmware:*:*:*:*:*:*:*:* |
| ge | multilin_f35_firmware | < 8.10 | cpe:2.3:o:ge:multilin_f35_firmware:*:*:*:*:*:*:*:* |
| ge | multilin_f60_firmware | < 8.10 | cpe:2.3:o:ge:multilin_f60_firmware:*:*:*:*:*:*:*:* |
| ge | multilin_g30_firmware | < 8.10 | cpe:2.3:o:ge:multilin_g30_firmware:*:*:*:*:*:*:*:* |
| ge | multilin_g60_firmware | < 8.10 | cpe:2.3:o:ge:multilin_g60_firmware:*:*:*:*:*:*:*:* |
| ge | multilin_l30_firmware | < 8.10 | cpe:2.3:o:ge:multilin_l30_firmware:*:*:*:*:*:*:*:* |
| ge | multilin_l60_firmware | < 8.10 | cpe:2.3:o:ge:multilin_l60_firmware:*:*:*:*:*:*:*:* |
| ge | multilin_l90_firmware | < 8.10 | cpe:2.3:o:ge:multilin_l90_firmware:*:*:*:*:*:*:*:* |
| ge | multilin_m60_firmware | < 8.10 | cpe:2.3:o:ge:multilin_m60_firmware:*:*:*:*:*:*:*:* |
| ge | multilin_n60_firmware | < 8.10 | cpe:2.3:o:ge:multilin_n60_firmware:*:*:*:*:*:*:*:* |
| ge | multilin_t35_firmware | < 8.10 | cpe:2.3:o:ge:multilin_t35_firmware:*:*:*:*:*:*:*:* |
| ge | multilin_t60_firmware | < 8.10 | cpe:2.3:o:ge:multilin_t60_firmware:*:*:*:*:*:*:*:* |
| ge | multilin_c30_firmware | < 8.10 | cpe:2.3:o:ge:multilin_c30_firmware:*:*:*:*:*:*:*:* |
| URL | Tags |
|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-21-075-02 | Mitigation Third Party Advisory US Government Resource |
| https://www.gegridsolutions.com/Passport/Login.aspx | Permissions Required Vendor Advisory |