Primary

Context

GE Vernova UR IED Family Insufficient Data Authenticity Verification Vulnerability Allowing Unauthorized Firmware Installation

Vulnerability

A vulnerability exists in the GE Vernova UR IED family of devices, specifically versions 7.0 through 8.60, due to insufficient verification of data authenticity. This flaw enables an authenticated user to install modified firmware. The issue arises because firmware signature verification is only applied on the client-side through the Enervista UR Setup software, allowing the integration check to be bypassed.

Impact

Exploitation of this vulnerability allows an authenticated user to install malicious firmware on the affected device, potentially leading to unauthorized modifications or functionality changes.

Remediation

Users are advised to update the firmware of affected devices to the latest released version.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.0

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.0

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

GE Vernova UR IED Family Insufficient Data Authenticity Verification Vulnerability Allowing Unauthorized Firmware Installation

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating