GE Vernova
Products
4- 6 CVEs
- 5 CVEs
- 2 CVEs
- 1 CVE
Recent CVEs
13| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-3222 | Cri | 0.60 | — | 0.00 | Nov 7, 2025 | Improper Authentication vulnerability in GE Vernova Smallworld on Windows, Linux allows Authentication Abuse.This issue affects Smallworld: 5.3.3 and prior versions for Linux, and 5.3.4. and prior versions for Windows. | ||
| CVE-2025-27256 | Hig | 0.54 | 8.3 | 0.00 | Mar 10, 2025 | Missing Authentication for Critical Function vulnerability in GE Vernova Enervista UR Setup application allows Authentication Bypass due to a missing SSH server authentication. Since the client connection is not authenticated, an attacker may perform a man-in-the-middle attack… | ||
| CVE-2025-27255 | Hig | 0.52 | 8.0 | 0.00 | Mar 10, 2025 | Use of Hard-coded Credentials vulnerability in GE Vernova EnerVista UR Setup allows Privilege Escalation. The local user database is encrypted using an hardcoded password retrievable by an attacker analyzing the application code. | ||
| CVE-2025-27254 | Hig | 0.52 | 8.0 | 0.00 | Mar 10, 2025 | CWE-282 "Improper Ownership Management" in GE Vernova EnerVista UR Setup allows Authentication Bypass. The software's startup authentication can be disabled by altering a Windows registry setting that any user can modify. | ||
| CVE-2025-9038 | Hig | 0.49 | — | 0.00 | Sep 22, 2025 | Improper Privilege Management vulnerability in GE Vernova S1 Agile Configuration Software on Windows allows Privilege Escalation.This issue affects S1 Agile Configuration Software: 3.1 and previous version. | ||
| CVE-2025-27257 | Med | 0.40 | 6.1 | 0.00 | Mar 10, 2025 | Insufficient Verification of Data Authenticity vulnerability in GE Vernova UR IED family devices allows an authenticated user to install a modified firmware. The firmware signature verification is enforced only on the client-side dedicated software Enervista UR Setup, allowing… | ||
| CVE-2025-27253 | Med | 0.40 | 6.1 | 0.00 | Mar 10, 2025 | A CWE-15 "External Control of System or Configuration Setting" in GE Vernova UR IED family devices from version 7.0 up to 8.60 allows an attacker to provide input that establishes a TCP connection through a port forwarding. The lack of the IP address and port validation may… | ||
| CVE-2025-7719 | Med | 0.34 | — | 0.00 | Nov 7, 2025 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in GE Vernova Smallworld on Windows, Linux allows File Manipulation.This issue affects Smallworld: 5.3.5. and previous versions. | ||
| CVE-2026-1763 | Med | 0.30 | 4.6 | 0.00 | Feb 10, 2026 | Vulnerability in GE Vernova Enervista UR Setup on Windows.This issue affects Enervista: 8.6 and previous versions. | ||
| CVE-2026-1762 | Low | 0.19 | 2.9 | 0.00 | Feb 10, 2026 | A vulnerability in GE Vernova Enervista UR Setup on Windows allows File Manipulation.This issue affects Enervista: 8.6 and prior versions. | ||
| CVE-2021-27426 | 0.00 | — | 0.01 | Mar 23, 2022 | GE UR IED firmware versions prior to version 8.1x with “Basic” security variant does not allow the disabling of the “Factory Mode,” which is used for servicing the IED by a “Factory” user. | |||
| CVE-2021-27430 | 0.00 | — | 0.00 | Mar 23, 2022 | GE UR bootloader binary Version 7.00, 7.01 and 7.02 included unused hardcoded credentials. Additionally, a user with physical access to the UR IED can interrupt the boot sequence by rebooting the UR. | |||
| CVE-2021-27428 | 0.00 | — | 0.01 | Mar 23, 2022 | GE UR IED firmware versions prior to version 8.1x supports upgrading firmware using UR Setup configuration tool – Enervista UR Setup. This UR Setup tool validates the authenticity and integrity of firmware file before uploading the UR IED. An illegitimate user could upgrade… |
- risk 0.60cvss —epss 0.00
Improper Authentication vulnerability in GE Vernova Smallworld on Windows, Linux allows Authentication Abuse.This issue affects Smallworld: 5.3.3 and prior versions for Linux, and 5.3.4. and prior versions for Windows.
- risk 0.54cvss 8.3epss 0.00
Missing Authentication for Critical Function vulnerability in GE Vernova Enervista UR Setup application allows Authentication Bypass due to a missing SSH server authentication. Since the client connection is not authenticated, an attacker may perform a man-in-the-middle attack…
- risk 0.52cvss 8.0epss 0.00
Use of Hard-coded Credentials vulnerability in GE Vernova EnerVista UR Setup allows Privilege Escalation. The local user database is encrypted using an hardcoded password retrievable by an attacker analyzing the application code.
- risk 0.52cvss 8.0epss 0.00
CWE-282 "Improper Ownership Management" in GE Vernova EnerVista UR Setup allows Authentication Bypass. The software's startup authentication can be disabled by altering a Windows registry setting that any user can modify.
- risk 0.49cvss —epss 0.00
Improper Privilege Management vulnerability in GE Vernova S1 Agile Configuration Software on Windows allows Privilege Escalation.This issue affects S1 Agile Configuration Software: 3.1 and previous version.
- risk 0.40cvss 6.1epss 0.00
Insufficient Verification of Data Authenticity vulnerability in GE Vernova UR IED family devices allows an authenticated user to install a modified firmware. The firmware signature verification is enforced only on the client-side dedicated software Enervista UR Setup, allowing…
- risk 0.40cvss 6.1epss 0.00
A CWE-15 "External Control of System or Configuration Setting" in GE Vernova UR IED family devices from version 7.0 up to 8.60 allows an attacker to provide input that establishes a TCP connection through a port forwarding. The lack of the IP address and port validation may…
- risk 0.34cvss —epss 0.00
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in GE Vernova Smallworld on Windows, Linux allows File Manipulation.This issue affects Smallworld: 5.3.5. and previous versions.
- risk 0.30cvss 4.6epss 0.00
Vulnerability in GE Vernova Enervista UR Setup on Windows.This issue affects Enervista: 8.6 and previous versions.
- risk 0.19cvss 2.9epss 0.00
A vulnerability in GE Vernova Enervista UR Setup on Windows allows File Manipulation.This issue affects Enervista: 8.6 and prior versions.
- CVE-2021-27426Mar 23, 2022risk 0.00cvss —epss 0.01
GE UR IED firmware versions prior to version 8.1x with “Basic” security variant does not allow the disabling of the “Factory Mode,” which is used for servicing the IED by a “Factory” user.
- CVE-2021-27430Mar 23, 2022risk 0.00cvss —epss 0.00
GE UR bootloader binary Version 7.00, 7.01 and 7.02 included unused hardcoded credentials. Additionally, a user with physical access to the UR IED can interrupt the boot sequence by rebooting the UR.
- CVE-2021-27428Mar 23, 2022risk 0.00cvss —epss 0.01
GE UR IED firmware versions prior to version 8.1x supports upgrading firmware using UR Setup configuration tool – Enervista UR Setup. This UR Setup tool validates the authenticity and integrity of firmware file before uploading the UR IED. An illegitimate user could upgrade…