VYPR

UR IED

by GE Vernova

CVEs (5)

  • CVE-2025-27257MedMar 10, 2025
    risk 0.40cvss 6.1epss 0.00

    Insufficient Verification of Data Authenticity vulnerability in GE Vernova UR IED family devices allows an authenticated user to install a modified firmware. The firmware signature verification is enforced only on the client-side dedicated software Enervista UR Setup, allowing…

  • CVE-2025-27253MedMar 10, 2025
    risk 0.40cvss 6.1epss 0.00

    A CWE-15 "External Control of System or Configuration Setting" in GE Vernova UR IED family devices from version 7.0 up to 8.60 allows an attacker to provide input that establishes a TCP connection through a port forwarding. The lack of the IP address and port validation may…

  • CVE-2021-27426Mar 23, 2022
    risk 0.00cvss epss 0.01

    GE UR IED firmware versions prior to version 8.1x with “Basic” security variant does not allow the disabling of the “Factory Mode,” which is used for servicing the IED by a “Factory” user.

  • CVE-2021-27430Mar 23, 2022
    risk 0.00cvss epss 0.00

    GE UR bootloader binary Version 7.00, 7.01 and 7.02 included unused hardcoded credentials. Additionally, a user with physical access to the UR IED can interrupt the boot sequence by rebooting the UR.

  • CVE-2021-27428Mar 23, 2022
    risk 0.00cvss epss 0.01

    GE UR IED firmware versions prior to version 8.1x supports upgrading firmware using UR Setup configuration tool – Enervista UR Setup. This UR Setup tool validates the authenticity and integrity of firmware file before uploading the UR IED. An illegitimate user could upgrade…