VYPR
Vendor

GE Vernova

Products
4
CVEs
13
Across products
14
Status
Private

Products

4

Recent CVEs

13
  • CVE-2025-3222CriNov 7, 2025
    risk 0.60cvss epss 0.00

    Improper Authentication vulnerability in GE Vernova Smallworld on Windows, Linux allows Authentication Abuse.This issue affects Smallworld: 5.3.3 and prior versions for Linux, and 5.3.4. and prior versions for Windows.

  • CVE-2025-27256HigMar 10, 2025
    risk 0.54cvss 8.3epss 0.00

    Missing Authentication for Critical Function vulnerability in GE Vernova Enervista UR Setup application allows Authentication Bypass due to a missing SSH server authentication. Since the client connection is not authenticated, an attacker may perform a man-in-the-middle attack…

  • CVE-2025-27255HigMar 10, 2025
    risk 0.52cvss 8.0epss 0.00

    Use of Hard-coded Credentials vulnerability in GE Vernova EnerVista UR Setup allows Privilege Escalation. The local user database is encrypted using an hardcoded password retrievable by an attacker analyzing the application code.

  • CVE-2025-27254HigMar 10, 2025
    risk 0.52cvss 8.0epss 0.00

    CWE-282 "Improper Ownership Management" in GE Vernova EnerVista UR Setup allows Authentication Bypass.  The software's startup authentication can be disabled by altering a Windows registry setting that any user can modify.

  • CVE-2025-9038HigSep 22, 2025
    risk 0.49cvss epss 0.00

    Improper Privilege Management vulnerability in GE Vernova S1 Agile Configuration Software on Windows allows Privilege Escalation.This issue affects S1 Agile Configuration Software: 3.1 and previous version.

  • CVE-2025-27257MedMar 10, 2025
    risk 0.40cvss 6.1epss 0.00

    Insufficient Verification of Data Authenticity vulnerability in GE Vernova UR IED family devices allows an authenticated user to install a modified firmware. The firmware signature verification is enforced only on the client-side dedicated software Enervista UR Setup, allowing…

  • CVE-2025-27253MedMar 10, 2025
    risk 0.40cvss 6.1epss 0.00

    A CWE-15 "External Control of System or Configuration Setting" in GE Vernova UR IED family devices from version 7.0 up to 8.60 allows an attacker to provide input that establishes a TCP connection through a port forwarding. The lack of the IP address and port validation may…

  • CVE-2025-7719MedNov 7, 2025
    risk 0.34cvss epss 0.00

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in GE Vernova Smallworld on Windows, Linux allows File Manipulation.This issue affects Smallworld: 5.3.5. and previous versions.

  • CVE-2026-1763MedFeb 10, 2026
    risk 0.30cvss 4.6epss 0.00

    Vulnerability in GE Vernova Enervista UR Setup on Windows.This issue affects Enervista: 8.6 and previous versions.

  • CVE-2026-1762LowFeb 10, 2026
    risk 0.19cvss 2.9epss 0.00

    A vulnerability in GE Vernova Enervista UR Setup on Windows allows File Manipulation.This issue affects Enervista: 8.6 and prior versions.

  • CVE-2021-27426Mar 23, 2022
    risk 0.00cvss epss 0.01

    GE UR IED firmware versions prior to version 8.1x with “Basic” security variant does not allow the disabling of the “Factory Mode,” which is used for servicing the IED by a “Factory” user.

  • CVE-2021-27430Mar 23, 2022
    risk 0.00cvss epss 0.00

    GE UR bootloader binary Version 7.00, 7.01 and 7.02 included unused hardcoded credentials. Additionally, a user with physical access to the UR IED can interrupt the boot sequence by rebooting the UR.

  • CVE-2021-27428Mar 23, 2022
    risk 0.00cvss epss 0.01

    GE UR IED firmware versions prior to version 8.1x supports upgrading firmware using UR Setup configuration tool – Enervista UR Setup. This UR Setup tool validates the authenticity and integrity of firmware file before uploading the UR IED. An illegitimate user could upgrade…