VYPR

Enervista UR Setup

by GE Vernova

CVEs (6)

  • CVE-2025-27256HigMar 10, 2025
    risk 0.54cvss 8.3epss 0.00

    Missing Authentication for Critical Function vulnerability in GE Vernova Enervista UR Setup application allows Authentication Bypass due to a missing SSH server authentication. Since the client connection is not authenticated, an attacker may perform a man-in-the-middle attack…

  • CVE-2025-27255HigMar 10, 2025
    risk 0.52cvss 8.0epss 0.00

    Use of Hard-coded Credentials vulnerability in GE Vernova EnerVista UR Setup allows Privilege Escalation. The local user database is encrypted using an hardcoded password retrievable by an attacker analyzing the application code.

  • CVE-2025-27254HigMar 10, 2025
    risk 0.52cvss 8.0epss 0.00

    CWE-282 "Improper Ownership Management" in GE Vernova EnerVista UR Setup allows Authentication Bypass.  The software's startup authentication can be disabled by altering a Windows registry setting that any user can modify.

  • CVE-2025-27257MedMar 10, 2025
    risk 0.40cvss 6.1epss 0.00

    Insufficient Verification of Data Authenticity vulnerability in GE Vernova UR IED family devices allows an authenticated user to install a modified firmware. The firmware signature verification is enforced only on the client-side dedicated software Enervista UR Setup, allowing…

  • CVE-2026-1763MedFeb 10, 2026
    risk 0.30cvss 4.6epss 0.00

    Vulnerability in GE Vernova Enervista UR Setup on Windows.This issue affects Enervista: 8.6 and previous versions.

  • CVE-2026-1762LowFeb 10, 2026
    risk 0.19cvss 2.9epss 0.00

    A vulnerability in GE Vernova Enervista UR Setup on Windows allows File Manipulation.This issue affects Enervista: 8.6 and prior versions.