VYPR
Vendor

GE Vernova

Products
8
CVEs
11
Across products
12
Status
Private

Products

8

Recent CVEs

11
  • CVE-2025-3222CriNov 7, 2025
    risk 0.60cvss epss 0.00

    Improper Authentication vulnerability in GE Vernova Smallworld on Windows, Linux allows Authentication Abuse.This issue affects Smallworld: 5.3.3 and prior versions for Linux, and 5.3.4. and prior versions for Windows.

  • CVE-2025-27256HigMar 10, 2025
    risk 0.54cvss 8.3epss 0.00

    Missing Authentication for Critical Function vulnerability in GE Vernova Enervista UR Setup application allows Authentication Bypass due to a missing SSH server authentication. Since the client connection is not authenticated, an attacker may perform a man-in-the-middle attack…

  • CVE-2025-27255HigMar 10, 2025
    risk 0.52cvss 8.0epss 0.00

    Use of Hard-coded Credentials vulnerability in GE Vernova EnerVista UR Setup allows Privilege Escalation. The local user database is encrypted using an hardcoded password retrievable by an attacker analyzing the application code.

  • CVE-2025-27254HigMar 10, 2025
    risk 0.52cvss 8.0epss 0.00

    CWE-282 "Improper Ownership Management" in GE Vernova EnerVista UR Setup allows Authentication Bypass.  The software's startup authentication can be disabled by altering a Windows registry setting that any user can modify.

  • CVE-2025-9038HigSep 22, 2025
    risk 0.49cvss epss 0.00

    Improper Privilege Management vulnerability in GE Vernova S1 Agile Configuration Software on Windows allows Privilege Escalation.This issue affects S1 Agile Configuration Software: 3.1 and previous version.

  • CVE-2025-27257MedMar 10, 2025
    risk 0.40cvss 6.1epss 0.00

    Insufficient Verification of Data Authenticity vulnerability in GE Vernova UR IED family devices allows an authenticated user to install a modified firmware. The firmware signature verification is enforced only on the client-side dedicated software Enervista UR Setup, allowing…

  • CVE-2025-27253MedMar 10, 2025
    risk 0.40cvss 6.1epss 0.00

    A CWE-15 "External Control of System or Configuration Setting" in GE Vernova UR IED family devices from version 7.0 up to 8.60 allows an attacker to provide input that establishes a TCP connection through a port forwarding. The lack of the IP address and port validation may…

  • CVE-2025-3223MedMay 19, 2025
    risk 0.38cvss 5.9epss 0.00

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in GE Vernova WorkstationST on Windows (EGD Configuration Server modules) allows Path Traversal.This issue affects WorkstationST: WorkstationST V07.10.10C and earlier.

  • CVE-2025-7719MedNov 7, 2025
    risk 0.34cvss epss 0.00

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in GE Vernova Smallworld on Windows, Linux allows File Manipulation.This issue affects Smallworld: 5.3.5. and previous versions.

  • CVE-2026-1763MedFeb 10, 2026
    risk 0.30cvss 4.6epss 0.00

    Vulnerability in GE Vernova Enervista UR Setup on Windows.This issue affects Enervista: 8.6 and previous versions.

  • CVE-2026-1762LowFeb 10, 2026
    risk 0.19cvss 2.9epss 0.00

    A vulnerability in GE Vernova Enervista UR Setup on Windows allows File Manipulation.This issue affects Enervista: 8.6 and prior versions.