CVE-2025-9038 (GCVE-0-2025-9038)

Vulnerability from cvelistv5 – Published: 2025-09-22 14:49 – Updated: 2025-09-24 13:31
VLAI?
Summary
Improper Privilege Management vulnerability in GE Vernova S1 Agile Configuration Software on Windows allows Privilege Escalation.This issue affects S1 Agile Configuration Software: 3.1 and previous version.
Severity ?
7.5 (High)
CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/S:N
CWE
  • CWE-269 - Improper Privilege Management
Assigner
References
Impacted products
Vendor Product Version
GE Vernova S1 Agile Configuration Software Affected: 3.1 and previous version
Create a notification for this product.
Credits
Charit Misra from DNV, Netherlands
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-9038",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-09-22T16:54:16.367027Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-09-22T17:26:59.035Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "S1 Agile Configuration Software",
          "vendor": "GE Vernova",
          "versions": [
            {
              "status": "affected",
              "version": "3.1 and previous version"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Charit Misra from DNV, Netherlands"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Improper Privilege Management vulnerability in GE Vernova S1 Agile Configuration Software on Windows allows Privilege Escalation.This issue affects S1 Agile Configuration Software: 3.1 and previous version."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-233",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-233 Privilege Escalation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NEGLIGIBLE",
            "attackComplexity": "HIGH",
            "attackRequirements": "PRESENT",
            "attackVector": "LOCAL",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/S:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-269",
              "description": "CWE-269 Improper Privilege Management",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-24T13:31:23.806Z",
        "orgId": "2cf0fb33-79e2-44e0-beb8-826cc5ce3250",
        "shortName": "GE_Vernova"
      },
      "references": [
        {
          "url": "https://www.gevernova.com/grid-solutions/sites/default/files/resources/products/support/ges-2025-001.pdf"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "To resolve this issue and enhance security, during the S1 Agile application installation, we ensure \nonly privileged users can access various folders used by the S1 Agile application. This ensures \nthat S1 Agile files can not be edited or replaced by users without sufficient privileges on that \ncomputer. \u003cbr\u003e\u003cbr\u003e\nWe would like to assert that this attack, if successful, can give \u201cAdministrator\u201d privileges to the \nattacker on the computer, but the configured IEDs will not see any impact in their configuration or \nfunctionality. The RBAC (\u2018Role-Based Access Control\u2019) on the IED remains unimpacted. \n\n\u003cbr\u003e\u003cbr\u003e\n\nWe strongly recommend customers to upgrade to the latest software version available. \nSoftware version 3.1.1 is released for customer usage in January 2025. \n\n\u003cbr\u003e"
            }
          ],
          "value": "To resolve this issue and enhance security, during the S1 Agile application installation, we ensure \nonly privileged users can access various folders used by the S1 Agile application. This ensures \nthat S1 Agile files can not be edited or replaced by users without sufficient privileges on that \ncomputer. \n\n\nWe would like to assert that this attack, if successful, can give \u201cAdministrator\u201d privileges to the \nattacker on the computer, but the configured IEDs will not see any impact in their configuration or \nfunctionality. The RBAC (\u2018Role-Based Access Control\u2019) on the IED remains unimpacted. \n\n\n\n\n\nWe strongly recommend customers to upgrade to the latest software version available. \nSoftware version 3.1.1 is released for customer usage in January 2025."
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "S1 Agile Privilege Escalation",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "As a workaround, GE Vernova recommends having sufficient security controls in place on the \nworkstation where S1 Agile software is installed. This will ensure the attacker\u2019s remote \nconnection to the computer is not feasible. Harden the computer on which S1 Agile is installed. \nThe product deployment guide can be used to understand the guidelines around how the product \ncan be deployed in the end user\u2019s environment. \n\n\u003cbr\u003e"
            }
          ],
          "value": "As a workaround, GE Vernova recommends having sufficient security controls in place on the \nworkstation where S1 Agile software is installed. This will ensure the attacker\u2019s remote \nconnection to the computer is not feasible. Harden the computer on which S1 Agile is installed. \nThe product deployment guide can be used to understand the guidelines around how the product \ncan be deployed in the end user\u2019s environment."
        }
      ],
      "x_generator": {
        "engine": "cveClient/1.0.15"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2cf0fb33-79e2-44e0-beb8-826cc5ce3250",
    "assignerShortName": "GE_Vernova",
    "cveId": "CVE-2025-9038",
    "datePublished": "2025-09-22T14:49:38.805Z",
    "dateReserved": "2025-08-14T13:30:30.722Z",
    "dateUpdated": "2025-09-24T13:31:23.806Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-9038\",\"sourceIdentifier\":\"GEPowerCVD@ge.com\",\"published\":\"2025-09-22T15:15:40.423\",\"lastModified\":\"2025-09-22T21:22:33.590\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Improper Privilege Management vulnerability in GE Vernova S1 Agile Configuration Software on Windows allows Privilege Escalation.This issue affects S1 Agile Configuration Software: 3.1 and previous version.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"GEPowerCVD@ge.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"attackRequirements\":\"PRESENT\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NEGLIGIBLE\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}]},\"weaknesses\":[{\"source\":\"GEPowerCVD@ge.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-269\"}]}],\"references\":[{\"url\":\"https://www.gevernova.com/grid-solutions/sites/default/files/resources/products/support/ges-2025-001.pdf\",\"source\":\"GEPowerCVD@ge.com\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-9038\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-09-22T16:54:16.367027Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-09-22T16:54:21.367Z\"}}], \"cna\": {\"title\": \"S1 Agile Privilege Escalation\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"reporter\", \"value\": \"Charit Misra from DNV, Netherlands\"}], \"impacts\": [{\"capecId\": \"CAPEC-233\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-233 Privilege Escalation\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NEGLIGIBLE\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 7.5, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/S:N\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"attackRequirements\": \"PRESENT\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"HIGH\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"GE Vernova\", \"product\": \"S1 Agile Configuration Software\", \"versions\": [{\"status\": \"affected\", \"version\": \"3.1 and previous version\"}], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"To resolve this issue and enhance security, during the S1 Agile application installation, we ensure \\nonly privileged users can access various folders used by the S1 Agile application. This ensures \\nthat S1 Agile files can not be edited or replaced by users without sufficient privileges on that \\ncomputer. \\n\\n\\nWe would like to assert that this attack, if successful, can give \\u201cAdministrator\\u201d privileges to the \\nattacker on the computer, but the configured IEDs will not see any impact in their configuration or \\nfunctionality. The RBAC (\\u2018Role-Based Access Control\\u2019) on the IED remains unimpacted. \\n\\n\\n\\n\\n\\nWe strongly recommend customers to upgrade to the latest software version available. \\nSoftware version 3.1.1 is released for customer usage in January 2025.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"To resolve this issue and enhance security, during the S1 Agile application installation, we ensure \\nonly privileged users can access various folders used by the S1 Agile application. This ensures \\nthat S1 Agile files can not be edited or replaced by users without sufficient privileges on that \\ncomputer. \u003cbr\u003e\u003cbr\u003e\\nWe would like to assert that this attack, if successful, can give \\u201cAdministrator\\u201d privileges to the \\nattacker on the computer, but the configured IEDs will not see any impact in their configuration or \\nfunctionality. The RBAC (\\u2018Role-Based Access Control\\u2019) on the IED remains unimpacted. \\n\\n\u003cbr\u003e\u003cbr\u003e\\n\\nWe strongly recommend customers to upgrade to the latest software version available. \\nSoftware version 3.1.1 is released for customer usage in January 2025. \\n\\n\u003cbr\u003e\", \"base64\": false}]}], \"references\": [{\"url\": \"https://www.gevernova.com/grid-solutions/sites/default/files/resources/products/support/ges-2025-001.pdf\"}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"As a workaround, GE Vernova recommends having sufficient security controls in place on the \\nworkstation where S1 Agile software is installed. This will ensure the attacker\\u2019s remote \\nconnection to the computer is not feasible. Harden the computer on which S1 Agile is installed. \\nThe product deployment guide can be used to understand the guidelines around how the product \\ncan be deployed in the end user\\u2019s environment.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"As a workaround, GE Vernova recommends having sufficient security controls in place on the \\nworkstation where S1 Agile software is installed. This will ensure the attacker\\u2019s remote \\nconnection to the computer is not feasible. Harden the computer on which S1 Agile is installed. \\nThe product deployment guide can be used to understand the guidelines around how the product \\ncan be deployed in the end user\\u2019s environment. \\n\\n\u003cbr\u003e\", \"base64\": false}]}], \"x_generator\": {\"engine\": \"cveClient/1.0.15\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Improper Privilege Management vulnerability in GE Vernova S1 Agile Configuration Software on Windows allows Privilege Escalation.This issue affects S1 Agile Configuration Software: 3.1 and previous version.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-269\", \"description\": \"CWE-269 Improper Privilege Management\"}]}], \"providerMetadata\": {\"orgId\": \"2cf0fb33-79e2-44e0-beb8-826cc5ce3250\", \"shortName\": \"GE_Vernova\", \"dateUpdated\": \"2025-09-24T13:31:23.806Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-9038\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-09-24T13:31:23.806Z\", \"dateReserved\": \"2025-08-14T13:30:30.722Z\", \"assignerOrgId\": \"2cf0fb33-79e2-44e0-beb8-826cc5ce3250\", \"datePublished\": \"2025-09-22T14:49:38.805Z\", \"assignerShortName\": \"GE_Vernova\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.