GCVE - cpe:2.3:a:ge_vernova:enervista_ur_setup:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:ge_vernova:enervista_ur_setup:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Ge Vernova (`84209006-d500-5b6f-91b0-31e3fee316bc`)
Product	Enervista Ur Setup (`7d2e90d3-35a9-5821-8e6b-415bba643bd9`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-27256`	vulnerable	2026-06-03 15:00:11.955683	Details available HIGH (8.3) Missing Authentication for Critical Function vulnerability in GE Vernova Enervista UR Setup application allows Authentication Bypass due to a missing SSH server authentication. Since the client connection is not authenticated, an attacker may perform a man-in-the-middle attack on the network. Published: 2025-03-10T09:05:25.962Z Updated: 2025-03-12T11:10:35.187Z Open on db.gcve.eu Reference links https://www.gevernova.com/grid-solutions/app/DownloadFile.aspx?prod=urfamily&type=21&file=76 https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-27256	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-27255`	vulnerable	2026-06-03 15:00:11.955398	Details available HIGH (8) Use of Hard-coded Credentials vulnerability in GE Vernova EnerVista UR Setup allows Privilege Escalation. The local user database is encrypted using an hardcoded password retrievable by an attacker analyzing the application code. Published: 2025-03-10T09:05:17.222Z Updated: 2025-03-12T11:10:21.030Z Open on db.gcve.eu Reference links https://www.gevernova.com/grid-solutions/app/DownloadFile.aspx?prod=urfamily&type=21&file=76 https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-27255	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-27254`	vulnerable	2026-06-03 15:00:11.954896	Details available HIGH (8) CWE-282 "Improper Ownership Management" in GE Vernova EnerVista UR Setup allows Authentication Bypass. The software's startup authentication can be disabled by altering a Windows registry setting that any user can modify. Published: 2025-03-10T09:05:08.963Z Updated: 2025-10-07T14:18:35.592Z Open on db.gcve.eu Reference links https://www.gevernova.com/grid-solutions/app/DownloadFile.aspx?prod=urfamily&type=21&file=76 https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-27254	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.