Primary

Context

GE Vernova UR IED Family Improper Input Validation Vulnerability Allowing TCP Port Forwarding

Vulnerability

A vulnerability exists in GE Vernova UR IED family devices, specifically in versions 7.0 prior to 8.60, due to improper input validation. This flaw enables an attacker to establish a TCP connection through port forwarding by exploiting the lack of validation on IP addresses and ports. As a result, attackers may bypass firewall rules or introduce malicious traffic into the network.

Impact

Exploitation of this vulnerability could lead to bypassing firewall rules or sending malicious traffic over the network.

Remediation

Users are advised to update the firmware of affected devices to the latest version.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

4.9

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

4.9

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

GE Vernova UR IED Family Improper Input Validation Vulnerability Allowing TCP Port Forwarding

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating