Primary

Context

GE Vernova EnerVista UR Setup Privilege Escalation Vulnerability Due to Hard-Coded Credentials

Vulnerability

A vulnerability allowing privilege escalation has been identified in GE Vernova EnerVista UR Setup version 8.42. This issue arises from the use of hard-coded credentials, which encrypt the local user database with a password that can be extracted by analyzing the application code.

Impact

Exploitation of this vulnerability allows an attacker to bypass authentication, potentially leading to unauthorized access or privileges within the application.

Remediation

Users are advised to update the EnerVista UR Setup software to the latest released version.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

4.7

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

4.7

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

GE Vernova EnerVista UR Setup Privilege Escalation Vulnerability Due to Hard-Coded Credentials

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating