Primary

Context

GE Vernova EnerVista UR Setup Missing Authentication Vulnerability Allowing Man-in-the-Middle Attacks

Vulnerability

A vulnerability exists in the GE Vernova EnerVista UR Setup application, specifically versions 7.0 through 8.60. This vulnerability allows authentication bypass due to the absence of SSH server authentication. As a result, an attacker could exploit this flaw to perform a man-in-the-middle attack on the network, potentially intercepting credentials or injecting malicious traffic.

Impact

Exploitation of this vulnerability could lead to a man-in-the-middle attack, allowing interception of credentials or injection of malicious traffic.

Remediation

Users are advised to update the EnerVista UR Setup software to the latest version.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.6

exploitability

4.2

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.6

exploitability

4.2

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

GE Vernova EnerVista UR Setup Missing Authentication Vulnerability Allowing Man-in-the-Middle Attacks

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating