GE Vernova Enervista UR Setup

Summary

Successful exploitation of these vulnerabilities may allow code execution with elevated privileges.

The following versions of GE Vernova Enervista UR Setup are affected:

Enervista UR Setup <8.70 (CVE-2026-1762, CVE-2026-1763)

CVSS	Vendor	Equipment	Vulnerabilities
v3 7.8	GE Vernova	GE Vernova Enervista UR Setup	Uncontrolled Search Path Element, Path Traversal: ‘…/…//’

Background

Critical Infrastructure Sectors: Critical Manufacturing, Energy, Water and Wastewater
Countries/Areas Deployed: Worldwide
Company Headquarters Location: United States

Vulnerabilities

Expand All +

CVE-2026-1762

The GE Vernova Enervista UR Setup Installer for versions prior to 8.70 are vulnerable to DLL hijacking. When running the installer in a location with unknown or untrusted DLLs, an attacker could obtain code execution with administrative privileges.

View CVE Details

Affected Products

GE Vernova Enervista UR Setup

Vendor:
GE Vernova

Product Version:
GE Vernova Enervista UR Setup: <8.70

Product Status:
known_affected

Remediations

Vendor fix
GE Vernova recommends affected users to use patched versions of Enervista UR Setup: Versions 8.70 or later (https://www.gevernova.com/grid-solutions/resources?prod=urfamily&type=7).
https://www.gevernova.com/grid-solutions/resources?prod=urfamily&type=7

Relevant CWE: CWE-427 Uncontrolled Search Path Element

Metrics

CVSS Version	Base Score	Base Severity	Vector String
3.1	7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2026-1763

GE Vernova Enervista UR Setup versions prior to 8.70 are vulnerable to directory traversal when opening certain firmware update files. This could allow an attacker to write to some files on the filesystem with the privileges of the logged-in user.

View CVE Details

Affected Products

GE Vernova Enervista UR Setup

Vendor:
GE Vernova

Product Version:
GE Vernova Enervista UR Setup: <8.70

Product Status:
known_affected

Remediations

Relevant CWE: CWE-35 Path Traversal: ‘…/…//’

Metrics

CVSS Version	Base Score	Base Severity	Vector String
3.1	3.3	LOW	This article has been indexed from All CISA Advisories Read the original article: GE Vernova Enervista UR Setup Share this: Facebook X LinkedIn Like this: Like Loading... Related Tags: All CISA Advisories EN Post navigation ← Siemens Simcenter Femap and Nastran Honeywell CCTV Products → Search for: Pages Advertising Contact Legal and Contact information Opt-out preferences Privacy Policy Social Media Telegram Channel Recent Posts IT Security News Hourly Summary 2026-02-17 21h : 10 posts February 17, 2026 SmartLoader hackers clone Oura MCP project to spread StealC malware February 17, 2026 A New Denial-of-Service Vector in React Server Components February 17, 2026 Securing the Software Supply Chain: A Federal Imperative for 2026 February 17, 2026 Chrome “preloading” could be leaking your data and causing problems in Browser Guard February 17, 2026 From BRICKSTORM to GRIMBOLT: UNC6201 Exploiting a Dell RecoverPoint for Virtual Machines Zero-Day February 17, 2026 Building an AI-Ready Cybersecurity Team February 17, 2026 Chrome “preloading” could be leaking your data and causing problems in Browser Guard February 17, 2026 SecOps Automation for Scalable AI Security Workflows February 17, 2026 Unify now or pay later: New research exposes the operational cost of a fragmented SOC February 17, 2026 Researchers Show Copilot and Grok Can Be Abused as Malware C2 Proxies February 17, 2026 Delta Electronics ASDA-Soft February 17, 2026 Honeywell CCTV Products February 17, 2026 GE Vernova Enervista UR Setup February 17, 2026 Siemens Simcenter Femap and Nastran February 17, 2026 QR Codes Used to Spread Phishing Attacks and Malicious Apps Across Mobile Devices February 17, 2026 How CISOs Can Prevent Incidents with the Right Threat Intelligence February 17, 2026 From Super Bowl to World Cup: How Akamai Delivers the Perfect Event February 17, 2026 Infostealers Target OpenClaw AI Configuration Files February 17, 2026 Inspector Satellites and Orbital Security Risks in Modern Space Infrastructure February 17, 2026 Copyright © 2026 IT Security News. All Rights Reserved. The Magazine Basic Theme by bavotasan.com. Manage Consent To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions. Functional Functional Always active The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network. Preferences Preferences The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user. Statistics Statistics The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you. Marketing Marketing The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes. Manage options Manage services Manage {vendor_count} vendors Read more about these purposes View preferences {title} {title} {title}

Summary

Background

Vulnerabilities

CVE-2026-1762

Affected Products

GE Vernova Enervista UR Setup

Remediations

Metrics

CVE-2026-1763

Affected Products

GE Vernova Enervista UR Setup

Remediations

Metrics

Read the original article:

Share this:

Like this:

Related

Post navigation