Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for Enervista by GE Vernova

    CVE-2026-1763 (GCVE-0-2026-1763)

    Vulnerability from nvd – Published: 2026-02-10 20:06 – Updated: 2026-03-04 18:40
    VLAI
    Title
    Enervista UR Setup DLL Hijacking
    Summary
    Vulnerability in GE Vernova Enervista UR Setup on Windows.This issue affects Enervista: 8.6 and previous versions.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-35 - Path Traversal: '.../...//'
    Assigner
    Impacted products
    Vendor Product Version
    GE Vernova Enervista Affected: 8.6 and previous versions
    Create a notification for this product.
    Credits
    Reid Wightman
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-1763",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-10T20:29:35.281884Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-35",
                    "description": "CWE-35 Path Traversal: \u0027.../...//\u0027",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-27T14:54:23.671Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-048-03"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "UR Setup",
              "platforms": [
                "Windows"
              ],
              "product": "Enervista",
              "vendor": "GE Vernova",
              "versions": [
                {
                  "status": "affected",
                  "version": "8.6 and previous versions"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Reid Wightman"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Vulnerability in GE Vernova Enervista UR Setup on Windows.\u003cp\u003eThis issue affects Enervista: 8.6 and previous versions.\u003c/p\u003e"
                }
              ],
              "value": "Vulnerability in GE Vernova Enervista UR Setup on Windows.This issue affects Enervista: 8.6 and previous versions."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "NONE",
                "baseScore": 4.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-04T18:40:04.425Z",
            "orgId": "2cf0fb33-79e2-44e0-beb8-826cc5ce3250",
            "shortName": "GE_Vernova"
          },
          "references": [
            {
              "url": "https://www.gevernova.com/content/dam/cyber_security/global/en_US/pdfs/ges-2025-005.pdf"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The EnerVista URPC installation software versions prior to 8.70, used an incorrect method of \nloading the DLL (dynamic Link Library) file by referencing it relative to the location of the installation \nfolder. If the system in which the software is installed gets compromised, an attacker could exploit \nthis weakness and replace the legitimate DLL with a malicious file. \u003cbr\u003e\u003cbr\u003e\nThe EnerVista UR Setup software installation has been upgraded to address this vulnerability. \n\n\u003cbr\u003e"
                }
              ],
              "value": "The EnerVista URPC installation software versions prior to 8.70, used an incorrect method of \nloading the DLL (dynamic Link Library) file by referencing it relative to the location of the installation \nfolder. If the system in which the software is installed gets compromised, an attacker could exploit \nthis weakness and replace the legitimate DLL with a malicious file. \n\n\nThe EnerVista UR Setup software installation has been upgraded to address this vulnerability."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Enervista UR Setup DLL Hijacking",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "As a workaround, GE Vernova recommends having secure infrastructure in place, which can protect the \nsystem. We also recommend that customers protect their digital devices using a defense-in-depth \nstrategy. This includes, but is not limited to, placing digital devices inside the control system network \nsecurity perimeter, access controls, robust network monitoring (such as Intrusion Detection System) and \nother mitigation techniques in place. Please refer to the product secure deployment guide. \n\n\n\u003cbr\u003e\u003cbr\u003e\n\nIt is essential for organizations to prioritize cybersecurity measures, including regular vulnerability \nassessments and prompt application of security patches. \n\n\u003cbr\u003e"
                }
              ],
              "value": "As a workaround, GE Vernova recommends having secure infrastructure in place, which can protect the \nsystem. We also recommend that customers protect their digital devices using a defense-in-depth \nstrategy. This includes, but is not limited to, placing digital devices inside the control system network \nsecurity perimeter, access controls, robust network monitoring (such as Intrusion Detection System) and \nother mitigation techniques in place. Please refer to the product secure deployment guide. \n\n\n\n\n\n\nIt is essential for organizations to prioritize cybersecurity measures, including regular vulnerability \nassessments and prompt application of security patches."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2cf0fb33-79e2-44e0-beb8-826cc5ce3250",
        "assignerShortName": "GE_Vernova",
        "cveId": "CVE-2026-1763",
        "datePublished": "2026-02-10T20:06:12.992Z",
        "dateReserved": "2026-02-02T14:36:45.715Z",
        "dateUpdated": "2026-03-04T18:40:04.425Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-1762 (GCVE-0-2026-1762)

    Vulnerability from nvd – Published: 2026-02-10 20:06 – Updated: 2026-03-04 18:39
    VLAI
    Title
    Enervista UR Setup Directory Traversal Vulnerability
    Summary
    A vulnerability in GE Vernova Enervista UR Setup on Windows allows File Manipulation.This issue affects Enervista: 8.6 and prior versions.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    GE Vernova Enervista Affected: 8.6 and prior versions (Linux)
    Create a notification for this product.
    Credits
    Reid Wightman
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-1762",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-10T20:34:57.688134Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-10T20:37:25.289Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "UR Setup",
              "platforms": [
                "Windows"
              ],
              "product": "Enervista",
              "vendor": "GE Vernova",
              "versions": [
                {
                  "status": "affected",
                  "version": "8.6 and prior versions",
                  "versionType": "Linux"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Reid Wightman"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A vulnerability in GE Vernova Enervista UR Setup on Windows allows File Manipulation.\u003cp\u003eThis issue affects Enervista: 8.6 and prior versions.\u003c/p\u003e"
                }
              ],
              "value": "A vulnerability in GE Vernova Enervista UR Setup on Windows allows File Manipulation.This issue affects Enervista: 8.6 and prior versions."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-165",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-165 File Manipulation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "LOW",
                "baseScore": 2.9,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-23",
                  "description": "CWE-23",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-04T18:39:46.742Z",
            "orgId": "2cf0fb33-79e2-44e0-beb8-826cc5ce3250",
            "shortName": "GE_Vernova"
          },
          "references": [
            {
              "url": "https://www.gevernova.com/content/dam/cyber_security/global/en_US/pdfs/ges-2025-005.pdf"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "We strongly recommend that users with impacted firmware versions update their UR devices to UR \nfirmware version 8.70, released in November 2025, to resolve these vulnerabilities. We also recommend \nupgrading the EnerVista UR Setup configuration tool to version 8.70 or greater. \u003cbr\u003e\u003cbr\u003e\nEnervista UR Setup software is backward compatible, users can upgrade it to version 8.70, \nindependently of upgrading their UR IED to FW v870.\n\n\u003cbr\u003e"
                }
              ],
              "value": "We strongly recommend that users with impacted firmware versions update their UR devices to UR \nfirmware version 8.70, released in November 2025, to resolve these vulnerabilities. We also recommend \nupgrading the EnerVista UR Setup configuration tool to version 8.70 or greater. \n\n\nEnervista UR Setup software is backward compatible, users can upgrade it to version 8.70, \nindependently of upgrading their UR IED to FW v870."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Enervista UR Setup Directory Traversal Vulnerability",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "As a workaround, GE Vernova recommends having secure infrastructure in place, which can protect the \nsystem. We also recommend that customers protect their digital devices using a defense-in-depth \nstrategy. This includes, but is not limited to, placing digital devices inside the control system network \nsecurity perimeter, access controls, robust network monitoring (such as Intrusion Detection System) and \nother mitigation techniques in place. Please refer to the product secure deployment guide.\n\nIt is essential for organizations to prioritize cybersecurity measures, including regular vulnerability \nassessments and prompt application of security patches.\n\n \n\n\n\u003cbr\u003e"
                }
              ],
              "value": "As a workaround, GE Vernova recommends having secure infrastructure in place, which can protect the \nsystem. We also recommend that customers protect their digital devices using a defense-in-depth \nstrategy. This includes, but is not limited to, placing digital devices inside the control system network \nsecurity perimeter, access controls, robust network monitoring (such as Intrusion Detection System) and \nother mitigation techniques in place. Please refer to the product secure deployment guide.\n\nIt is essential for organizations to prioritize cybersecurity measures, including regular vulnerability \nassessments and prompt application of security patches."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2cf0fb33-79e2-44e0-beb8-826cc5ce3250",
        "assignerShortName": "GE_Vernova",
        "cveId": "CVE-2026-1762",
        "datePublished": "2026-02-10T20:06:00.213Z",
        "dateReserved": "2026-02-02T14:36:44.351Z",
        "dateUpdated": "2026-03-04T18:39:46.742Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-1763 (GCVE-0-2026-1763)

    Vulnerability from cvelistv5 – Published: 2026-02-10 20:06 – Updated: 2026-03-04 18:40
    VLAI
    Title
    Enervista UR Setup DLL Hijacking
    Summary
    Vulnerability in GE Vernova Enervista UR Setup on Windows.This issue affects Enervista: 8.6 and previous versions.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-35 - Path Traversal: '.../...//'
    Assigner
    Impacted products
    Vendor Product Version
    GE Vernova Enervista Affected: 8.6 and previous versions
    Create a notification for this product.
    Credits
    Reid Wightman
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-1763",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-10T20:29:35.281884Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-35",
                    "description": "CWE-35 Path Traversal: \u0027.../...//\u0027",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-27T14:54:23.671Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-048-03"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "UR Setup",
              "platforms": [
                "Windows"
              ],
              "product": "Enervista",
              "vendor": "GE Vernova",
              "versions": [
                {
                  "status": "affected",
                  "version": "8.6 and previous versions"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Reid Wightman"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Vulnerability in GE Vernova Enervista UR Setup on Windows.\u003cp\u003eThis issue affects Enervista: 8.6 and previous versions.\u003c/p\u003e"
                }
              ],
              "value": "Vulnerability in GE Vernova Enervista UR Setup on Windows.This issue affects Enervista: 8.6 and previous versions."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "NONE",
                "baseScore": 4.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-04T18:40:04.425Z",
            "orgId": "2cf0fb33-79e2-44e0-beb8-826cc5ce3250",
            "shortName": "GE_Vernova"
          },
          "references": [
            {
              "url": "https://www.gevernova.com/content/dam/cyber_security/global/en_US/pdfs/ges-2025-005.pdf"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The EnerVista URPC installation software versions prior to 8.70, used an incorrect method of \nloading the DLL (dynamic Link Library) file by referencing it relative to the location of the installation \nfolder. If the system in which the software is installed gets compromised, an attacker could exploit \nthis weakness and replace the legitimate DLL with a malicious file. \u003cbr\u003e\u003cbr\u003e\nThe EnerVista UR Setup software installation has been upgraded to address this vulnerability. \n\n\u003cbr\u003e"
                }
              ],
              "value": "The EnerVista URPC installation software versions prior to 8.70, used an incorrect method of \nloading the DLL (dynamic Link Library) file by referencing it relative to the location of the installation \nfolder. If the system in which the software is installed gets compromised, an attacker could exploit \nthis weakness and replace the legitimate DLL with a malicious file. \n\n\nThe EnerVista UR Setup software installation has been upgraded to address this vulnerability."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Enervista UR Setup DLL Hijacking",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "As a workaround, GE Vernova recommends having secure infrastructure in place, which can protect the \nsystem. We also recommend that customers protect their digital devices using a defense-in-depth \nstrategy. This includes, but is not limited to, placing digital devices inside the control system network \nsecurity perimeter, access controls, robust network monitoring (such as Intrusion Detection System) and \nother mitigation techniques in place. Please refer to the product secure deployment guide. \n\n\n\u003cbr\u003e\u003cbr\u003e\n\nIt is essential for organizations to prioritize cybersecurity measures, including regular vulnerability \nassessments and prompt application of security patches. \n\n\u003cbr\u003e"
                }
              ],
              "value": "As a workaround, GE Vernova recommends having secure infrastructure in place, which can protect the \nsystem. We also recommend that customers protect their digital devices using a defense-in-depth \nstrategy. This includes, but is not limited to, placing digital devices inside the control system network \nsecurity perimeter, access controls, robust network monitoring (such as Intrusion Detection System) and \nother mitigation techniques in place. Please refer to the product secure deployment guide. \n\n\n\n\n\n\nIt is essential for organizations to prioritize cybersecurity measures, including regular vulnerability \nassessments and prompt application of security patches."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2cf0fb33-79e2-44e0-beb8-826cc5ce3250",
        "assignerShortName": "GE_Vernova",
        "cveId": "CVE-2026-1763",
        "datePublished": "2026-02-10T20:06:12.992Z",
        "dateReserved": "2026-02-02T14:36:45.715Z",
        "dateUpdated": "2026-03-04T18:40:04.425Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-1762 (GCVE-0-2026-1762)

    Vulnerability from cvelistv5 – Published: 2026-02-10 20:06 – Updated: 2026-03-04 18:39
    VLAI
    Title
    Enervista UR Setup Directory Traversal Vulnerability
    Summary
    A vulnerability in GE Vernova Enervista UR Setup on Windows allows File Manipulation.This issue affects Enervista: 8.6 and prior versions.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    GE Vernova Enervista Affected: 8.6 and prior versions (Linux)
    Create a notification for this product.
    Credits
    Reid Wightman
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-1762",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-10T20:34:57.688134Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-10T20:37:25.289Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "UR Setup",
              "platforms": [
                "Windows"
              ],
              "product": "Enervista",
              "vendor": "GE Vernova",
              "versions": [
                {
                  "status": "affected",
                  "version": "8.6 and prior versions",
                  "versionType": "Linux"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Reid Wightman"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A vulnerability in GE Vernova Enervista UR Setup on Windows allows File Manipulation.\u003cp\u003eThis issue affects Enervista: 8.6 and prior versions.\u003c/p\u003e"
                }
              ],
              "value": "A vulnerability in GE Vernova Enervista UR Setup on Windows allows File Manipulation.This issue affects Enervista: 8.6 and prior versions."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-165",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-165 File Manipulation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "LOW",
                "baseScore": 2.9,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-23",
                  "description": "CWE-23",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-04T18:39:46.742Z",
            "orgId": "2cf0fb33-79e2-44e0-beb8-826cc5ce3250",
            "shortName": "GE_Vernova"
          },
          "references": [
            {
              "url": "https://www.gevernova.com/content/dam/cyber_security/global/en_US/pdfs/ges-2025-005.pdf"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "We strongly recommend that users with impacted firmware versions update their UR devices to UR \nfirmware version 8.70, released in November 2025, to resolve these vulnerabilities. We also recommend \nupgrading the EnerVista UR Setup configuration tool to version 8.70 or greater. \u003cbr\u003e\u003cbr\u003e\nEnervista UR Setup software is backward compatible, users can upgrade it to version 8.70, \nindependently of upgrading their UR IED to FW v870.\n\n\u003cbr\u003e"
                }
              ],
              "value": "We strongly recommend that users with impacted firmware versions update their UR devices to UR \nfirmware version 8.70, released in November 2025, to resolve these vulnerabilities. We also recommend \nupgrading the EnerVista UR Setup configuration tool to version 8.70 or greater. \n\n\nEnervista UR Setup software is backward compatible, users can upgrade it to version 8.70, \nindependently of upgrading their UR IED to FW v870."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Enervista UR Setup Directory Traversal Vulnerability",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "As a workaround, GE Vernova recommends having secure infrastructure in place, which can protect the \nsystem. We also recommend that customers protect their digital devices using a defense-in-depth \nstrategy. This includes, but is not limited to, placing digital devices inside the control system network \nsecurity perimeter, access controls, robust network monitoring (such as Intrusion Detection System) and \nother mitigation techniques in place. Please refer to the product secure deployment guide.\n\nIt is essential for organizations to prioritize cybersecurity measures, including regular vulnerability \nassessments and prompt application of security patches.\n\n \n\n\n\u003cbr\u003e"
                }
              ],
              "value": "As a workaround, GE Vernova recommends having secure infrastructure in place, which can protect the \nsystem. We also recommend that customers protect their digital devices using a defense-in-depth \nstrategy. This includes, but is not limited to, placing digital devices inside the control system network \nsecurity perimeter, access controls, robust network monitoring (such as Intrusion Detection System) and \nother mitigation techniques in place. Please refer to the product secure deployment guide.\n\nIt is essential for organizations to prioritize cybersecurity measures, including regular vulnerability \nassessments and prompt application of security patches."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2cf0fb33-79e2-44e0-beb8-826cc5ce3250",
        "assignerShortName": "GE_Vernova",
        "cveId": "CVE-2026-1762",
        "datePublished": "2026-02-10T20:06:00.213Z",
        "dateReserved": "2026-02-02T14:36:44.351Z",
        "dateUpdated": "2026-03-04T18:39:46.742Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }