Primary

Context

GE Vernova Smallworld Path Traversal Vulnerability Allowing Arbitrary File Manipulation

Vulnerability

A path traversal vulnerability has been identified in GE Vernova Smallworld Master File Server (SWMFS) versions through 5.3.5 on Windows and Linux. This vulnerability allows users to arbitrarily manipulate files on the server, including retrieving, modifying, uploading, or deleting critical files. The issue can only be exploited by users with knowledge of the system.

Impact

Exploitation of this vulnerability could lead to unauthorized file manipulation on the server, with potential to disrupt critical operations by altering or deleting essential files.

Remediation

GE Vernova has released a patch in SWMFS version 5.3.6. Users are advised to upgrade to this version and follow the Secure Deployment Guide instructions available in the Smallworld Documentation. To obtain the latest version, contact your local support representative at Customer Center.

Added: Nov 7, 2025, 5:22 PM

Updated: Nov 7, 2025, 5:22 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

5.2

remediation

7.7

relevance

1.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

5.2

remediation

7.7

relevance

1.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

GE Vernova Smallworld Path Traversal Vulnerability Allowing Arbitrary File Manipulation

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating