github - ghsa-qv9v-x5p8-5h5p

GHSA-QV9V-X5P8-5H5P

Vulnerability from github – Published: 2025-09-22 21:30 – Updated: 2025-09-22 21:30

Details

Improper Privilege Management vulnerability in GE Vernova S1 Agile Configuration Software on Windows allows Privilege Escalation.This issue affects S1 Agile Configuration Software: 3.1 and previous version.

Severity ?

7.5 (High)


                  
                    CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/S:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-9038"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-22T15:15:40Z",
    "severity": "HIGH"
  },
  "details": "Improper Privilege Management vulnerability in GE Vernova S1 Agile Configuration Software on Windows allows Privilege Escalation.This issue affects S1 Agile Configuration Software: 3.1 and previous version.",
  "id": "GHSA-qv9v-x5p8-5h5p",
  "modified": "2025-09-22T21:30:21Z",
  "published": "2025-09-22T21:30:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9038"
    },
    {
      "type": "WEB",
      "url": "https://www.gevernova.com/grid-solutions/sites/default/files/resources/products/support/ges-2025-001.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

CVE-2025-9038 (GCVE-0-2025-9038)

Vulnerability from cvelistv5 – Published: 2025-09-22 14:49 – Updated: 2025-09-24 13:31

Summary

Severity ?

7.5 (High)


                        
                          CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/S:N

CWE

CWE-269 - Improper Privilege Management

Assigner

GE_Vernova

References

URL

Tags

https://www.gevernova.com/grid-solutions/sites/de…

Impacted products

	Vendor	Product	Version
	GE Vernova	S1 Agile Configuration Software	Affected: 3.1 and previous version

Credits

Charit Misra from DNV, Netherlands

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-9038",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-09-22T16:54:16.367027Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-09-22T17:26:59.035Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "S1 Agile Configuration Software",
          "vendor": "GE Vernova",
          "versions": [
            {
              "status": "affected",
              "version": "3.1 and previous version"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Charit Misra from DNV, Netherlands"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Improper Privilege Management vulnerability in GE Vernova S1 Agile Configuration Software on Windows allows Privilege Escalation.This issue affects S1 Agile Configuration Software: 3.1 and previous version."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-233",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-233 Privilege Escalation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NEGLIGIBLE",
            "attackComplexity": "HIGH",
            "attackRequirements": "PRESENT",
            "attackVector": "LOCAL",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/S:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-269",
              "description": "CWE-269 Improper Privilege Management",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-24T13:31:23.806Z",
        "orgId": "2cf0fb33-79e2-44e0-beb8-826cc5ce3250",
        "shortName": "GE_Vernova"
      },
      "references": [
        {
          "url": "https://www.gevernova.com/grid-solutions/sites/default/files/resources/products/support/ges-2025-001.pdf"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "To resolve this issue and enhance security, during the S1 Agile application installation, we ensure \nonly privileged users can access various folders used by the S1 Agile application. This ensures \nthat S1 Agile files can not be edited or replaced by users without sufficient privileges on that \ncomputer. \u003cbr\u003e\u003cbr\u003e\nWe would like to assert that this attack, if successful, can give \u201cAdministrator\u201d privileges to the \nattacker on the computer, but the configured IEDs will not see any impact in their configuration or \nfunctionality. The RBAC (\u2018Role-Based Access Control\u2019) on the IED remains unimpacted. \n\n\u003cbr\u003e\u003cbr\u003e\n\nWe strongly recommend customers to upgrade to the latest software version available. \nSoftware version 3.1.1 is released for customer usage in January 2025. \n\n\u003cbr\u003e"
            }
          ],
          "value": "To resolve this issue and enhance security, during the S1 Agile application installation, we ensure \nonly privileged users can access various folders used by the S1 Agile application. This ensures \nthat S1 Agile files can not be edited or replaced by users without sufficient privileges on that \ncomputer. \n\n\nWe would like to assert that this attack, if successful, can give \u201cAdministrator\u201d privileges to the \nattacker on the computer, but the configured IEDs will not see any impact in their configuration or \nfunctionality. The RBAC (\u2018Role-Based Access Control\u2019) on the IED remains unimpacted. \n\n\n\n\n\nWe strongly recommend customers to upgrade to the latest software version available. \nSoftware version 3.1.1 is released for customer usage in January 2025."
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "S1 Agile Privilege Escalation",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "As a workaround, GE Vernova recommends having sufficient security controls in place on the \nworkstation where S1 Agile software is installed. This will ensure the attacker\u2019s remote \nconnection to the computer is not feasible. Harden the computer on which S1 Agile is installed. \nThe product deployment guide can be used to understand the guidelines around how the product \ncan be deployed in the end user\u2019s environment. \n\n\u003cbr\u003e"
            }
          ],
          "value": "As a workaround, GE Vernova recommends having sufficient security controls in place on the \nworkstation where S1 Agile software is installed. This will ensure the attacker\u2019s remote \nconnection to the computer is not feasible. Harden the computer on which S1 Agile is installed. \nThe product deployment guide can be used to understand the guidelines around how the product \ncan be deployed in the end user\u2019s environment."
        }
      ],
      "x_generator": {
        "engine": "cveClient/1.0.15"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2cf0fb33-79e2-44e0-beb8-826cc5ce3250",
    "assignerShortName": "GE_Vernova",
    "cveId": "CVE-2025-9038",
    "datePublished": "2025-09-22T14:49:38.805Z",
    "dateReserved": "2025-08-14T13:30:30.722Z",
    "dateUpdated": "2025-09-24T13:31:23.806Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

GHSA-QV9V-X5P8-5H5P

CVE-2025-9038 (GCVE-0-2025-9038)

Tags

Sightings

Nomenclature