Enervista UR Setup
by GE Vernova
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-27256 | Hig | 0.54 | 8.3 | 0.00 | Mar 10, 2025 | Missing Authentication for Critical Function vulnerability in GE Vernova Enervista UR Setup application allows Authentication Bypass due to a missing SSH server authentication. Since the client connection is not authenticated, an attacker may perform a man-in-the-middle attack… | ||
| CVE-2025-27255 | Hig | 0.52 | 8.0 | 0.00 | Mar 10, 2025 | Use of Hard-coded Credentials vulnerability in GE Vernova EnerVista UR Setup allows Privilege Escalation. The local user database is encrypted using an hardcoded password retrievable by an attacker analyzing the application code. | ||
| CVE-2025-27254 | Hig | 0.52 | 8.0 | 0.00 | Mar 10, 2025 | CWE-282 "Improper Ownership Management" in GE Vernova EnerVista UR Setup allows Authentication Bypass. The software's startup authentication can be disabled by altering a Windows registry setting that any user can modify. | ||
| CVE-2025-27257 | Med | 0.40 | 6.1 | 0.00 | Mar 10, 2025 | Insufficient Verification of Data Authenticity vulnerability in GE Vernova UR IED family devices allows an authenticated user to install a modified firmware. The firmware signature verification is enforced only on the client-side dedicated software Enervista UR Setup, allowing… | ||
| CVE-2026-1763 | Med | 0.30 | 4.6 | 0.00 | Feb 10, 2026 | Vulnerability in GE Vernova Enervista UR Setup on Windows.This issue affects Enervista: 8.6 and previous versions. | ||
| CVE-2026-1762 | Low | 0.19 | 2.9 | 0.00 | Feb 10, 2026 | A vulnerability in GE Vernova Enervista UR Setup on Windows allows File Manipulation.This issue affects Enervista: 8.6 and prior versions. |
- risk 0.54cvss 8.3epss 0.00
Missing Authentication for Critical Function vulnerability in GE Vernova Enervista UR Setup application allows Authentication Bypass due to a missing SSH server authentication. Since the client connection is not authenticated, an attacker may perform a man-in-the-middle attack…
- risk 0.52cvss 8.0epss 0.00
Use of Hard-coded Credentials vulnerability in GE Vernova EnerVista UR Setup allows Privilege Escalation. The local user database is encrypted using an hardcoded password retrievable by an attacker analyzing the application code.
- risk 0.52cvss 8.0epss 0.00
CWE-282 "Improper Ownership Management" in GE Vernova EnerVista UR Setup allows Authentication Bypass. The software's startup authentication can be disabled by altering a Windows registry setting that any user can modify.
- risk 0.40cvss 6.1epss 0.00
Insufficient Verification of Data Authenticity vulnerability in GE Vernova UR IED family devices allows an authenticated user to install a modified firmware. The firmware signature verification is enforced only on the client-side dedicated software Enervista UR Setup, allowing…
- risk 0.30cvss 4.6epss 0.00
Vulnerability in GE Vernova Enervista UR Setup on Windows.This issue affects Enervista: 8.6 and previous versions.
- risk 0.19cvss 2.9epss 0.00
A vulnerability in GE Vernova Enervista UR Setup on Windows allows File Manipulation.This issue affects Enervista: 8.6 and prior versions.