CVE-2026-1762 (GCVE-0-2026-1762)

Vulnerability from cvelistv5 – Published: 2026-02-10 20:06 – Updated: 2026-02-10 20:37
VLAI?
Title
Enervista UR Setup Directory Traversal Vulnerability
Summary
A vulnerability in GE Vernova Enervista UR Setup on Windows allows File Manipulation.This issue affects Enervista: 8.6 and prior versions.
Severity ?
2.9 (Low)
CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L
CWE
Assigner
References
Impacted products
Vendor Product Version
GE Vernova Enervista Affected: 8.6 and prior versions (Linux)
Create a notification for this product.
Credits
Reid Wightman
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-1762",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-10T20:34:57.688134Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-10T20:37:25.289Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageName": "UR Setup",
          "platforms": [
            "Windows"
          ],
          "product": "Enervista",
          "vendor": "GE Vernova",
          "versions": [
            {
              "status": "affected",
              "version": "8.6 and prior versions",
              "versionType": "Linux"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Reid Wightman"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A vulnerability in GE Vernova Enervista UR Setup on Windows allows File Manipulation.\u003cp\u003eThis issue affects Enervista: 8.6 and prior versions.\u003c/p\u003e"
            }
          ],
          "value": "A vulnerability in GE Vernova Enervista UR Setup on Windows allows File Manipulation.This issue affects Enervista: 8.6 and prior versions."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-165",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-165 File Manipulation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "LOW",
            "baseScore": 2.9,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-23",
              "description": "CWE-23",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-10T20:06:00.213Z",
        "orgId": "2cf0fb33-79e2-44e0-beb8-826cc5ce3250",
        "shortName": "GE_Vernova"
      },
      "references": [
        {
          "url": "https://www.gevernova.com/grid-solutions/resources?prod=urfamily\u0026type=21\u0026node_id=4987\u0026check_logged_in=1"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "We strongly recommend that users with impacted firmware versions update their UR devices to UR \nfirmware version 8.70, released in November 2025, to resolve these vulnerabilities. We also recommend \nupgrading the EnerVista UR Setup configuration tool to version 8.70 or greater. \u003cbr\u003e\u003cbr\u003e\nEnervista UR Setup software is backward compatible, users can upgrade it to version 8.70, \nindependently of upgrading their UR IED to FW v870.\n\n\u003cbr\u003e"
            }
          ],
          "value": "We strongly recommend that users with impacted firmware versions update their UR devices to UR \nfirmware version 8.70, released in November 2025, to resolve these vulnerabilities. We also recommend \nupgrading the EnerVista UR Setup configuration tool to version 8.70 or greater. \n\n\nEnervista UR Setup software is backward compatible, users can upgrade it to version 8.70, \nindependently of upgrading their UR IED to FW v870."
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Enervista UR Setup Directory Traversal Vulnerability",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "As a workaround, GE Vernova recommends having secure infrastructure in place, which can protect the \nsystem. We also recommend that customers protect their digital devices using a defense-in-depth \nstrategy. This includes, but is not limited to, placing digital devices inside the control system network \nsecurity perimeter, access controls, robust network monitoring (such as Intrusion Detection System) and \nother mitigation techniques in place. Please refer to the product secure deployment guide.\n\nIt is essential for organizations to prioritize cybersecurity measures, including regular vulnerability \nassessments and prompt application of security patches.\n\n \n\n\n\u003cbr\u003e"
            }
          ],
          "value": "As a workaround, GE Vernova recommends having secure infrastructure in place, which can protect the \nsystem. We also recommend that customers protect their digital devices using a defense-in-depth \nstrategy. This includes, but is not limited to, placing digital devices inside the control system network \nsecurity perimeter, access controls, robust network monitoring (such as Intrusion Detection System) and \nother mitigation techniques in place. Please refer to the product secure deployment guide.\n\nIt is essential for organizations to prioritize cybersecurity measures, including regular vulnerability \nassessments and prompt application of security patches."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2cf0fb33-79e2-44e0-beb8-826cc5ce3250",
    "assignerShortName": "GE_Vernova",
    "cveId": "CVE-2026-1762",
    "datePublished": "2026-02-10T20:06:00.213Z",
    "dateReserved": "2026-02-02T14:36:44.351Z",
    "dateUpdated": "2026-02-10T20:37:25.289Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-1762\",\"sourceIdentifier\":\"GEPowerCVD@ge.com\",\"published\":\"2026-02-10T20:16:52.940\",\"lastModified\":\"2026-02-10T21:51:48.077\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability in GE Vernova Enervista UR Setup on Windows allows File Manipulation.This issue affects Enervista: 8.6 and prior versions.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"GEPowerCVD@ge.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L\",\"baseScore\":2.9,\"baseSeverity\":\"LOW\",\"attackVector\":\"PHYSICAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":0.3,\"impactScore\":2.5}]},\"weaknesses\":[{\"source\":\"GEPowerCVD@ge.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-23\"}]}],\"references\":[{\"url\":\"https://www.gevernova.com/grid-solutions/resources?prod=urfamily\u0026type=21\u0026node_id=4987\u0026check_logged_in=1\",\"source\":\"GEPowerCVD@ge.com\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-1762\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-02-10T20:34:57.688134Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-02-10T20:37:20.530Z\"}}], \"cna\": {\"title\": \"Enervista UR Setup Directory Traversal Vulnerability\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Reid Wightman\"}], \"impacts\": [{\"capecId\": \"CAPEC-165\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-165 File Manipulation\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 2.9, \"attackVector\": \"PHYSICAL\", \"baseSeverity\": \"LOW\", \"vectorString\": \"CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"NONE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"GE Vernova\", \"product\": \"Enervista\", \"versions\": [{\"status\": \"affected\", \"version\": \"8.6 and prior versions\", \"versionType\": \"Linux\"}], \"platforms\": [\"Windows\"], \"packageName\": \"UR Setup\", \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"We strongly recommend that users with impacted firmware versions update their UR devices to UR \\nfirmware version 8.70, released in November 2025, to resolve these vulnerabilities. We also recommend \\nupgrading the EnerVista UR Setup configuration tool to version 8.70 or greater. \\n\\n\\nEnervista UR Setup software is backward compatible, users can upgrade it to version 8.70, \\nindependently of upgrading their UR IED to FW v870.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"We strongly recommend that users with impacted firmware versions update their UR devices to UR \\nfirmware version 8.70, released in November 2025, to resolve these vulnerabilities. We also recommend \\nupgrading the EnerVista UR Setup configuration tool to version 8.70 or greater. \u003cbr\u003e\u003cbr\u003e\\nEnervista UR Setup software is backward compatible, users can upgrade it to version 8.70, \\nindependently of upgrading their UR IED to FW v870.\\n\\n\u003cbr\u003e\", \"base64\": false}]}], \"references\": [{\"url\": \"https://www.gevernova.com/grid-solutions/resources?prod=urfamily\u0026type=21\u0026node_id=4987\u0026check_logged_in=1\"}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"As a workaround, GE Vernova recommends having secure infrastructure in place, which can protect the \\nsystem. We also recommend that customers protect their digital devices using a defense-in-depth \\nstrategy. This includes, but is not limited to, placing digital devices inside the control system network \\nsecurity perimeter, access controls, robust network monitoring (such as Intrusion Detection System) and \\nother mitigation techniques in place. Please refer to the product secure deployment guide.\\n\\nIt is essential for organizations to prioritize cybersecurity measures, including regular vulnerability \\nassessments and prompt application of security patches.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"As a workaround, GE Vernova recommends having secure infrastructure in place, which can protect the \\nsystem. We also recommend that customers protect their digital devices using a defense-in-depth \\nstrategy. This includes, but is not limited to, placing digital devices inside the control system network \\nsecurity perimeter, access controls, robust network monitoring (such as Intrusion Detection System) and \\nother mitigation techniques in place. Please refer to the product secure deployment guide.\\n\\nIt is essential for organizations to prioritize cybersecurity measures, including regular vulnerability \\nassessments and prompt application of security patches.\\n\\n \\n\\n\\n\u003cbr\u003e\", \"base64\": false}]}], \"x_generator\": {\"engine\": \"Vulnogram 0.5.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability in GE Vernova Enervista UR Setup on Windows allows File Manipulation.This issue affects Enervista: 8.6 and prior versions.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"A vulnerability in GE Vernova Enervista UR Setup on Windows allows File Manipulation.\u003cp\u003eThis issue affects Enervista: 8.6 and prior versions.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-23\", \"description\": \"CWE-23\"}]}], \"providerMetadata\": {\"orgId\": \"2cf0fb33-79e2-44e0-beb8-826cc5ce3250\", \"shortName\": \"GE_Vernova\", \"dateUpdated\": \"2026-02-10T20:06:00.213Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-1762\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-02-10T20:37:25.289Z\", \"dateReserved\": \"2026-02-02T14:36:44.351Z\", \"assignerOrgId\": \"2cf0fb33-79e2-44e0-beb8-826cc5ce3250\", \"datePublished\": \"2026-02-10T20:06:00.213Z\", \"assignerShortName\": \"GE_Vernova\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.