Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

EnerVista UR Setup

Source -

CNA

CNA CVEs -

3

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
3Vulnerabilities found
CVE-2025-27256
Assigner-Nozomi Networks Inc.
ShareView Details
Assigner-Nozomi Networks Inc.
CVSS Score-8.3||HIGH
EPSS-0.04% / 11.21%
||
7 Day CHG~0.00%
Published-10 Mar, 2025 | 09:05
Updated-12 Mar, 2025 | 12:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Missing Authentication for Critical Function vulnerability in GE Vernova Enervista UR Setup application allows Authentication Bypass due to a missing SSH server authentication. Since the client connection is not authenticated, an attacker may perform a man-in-the-middle attack on the network.

Action-Not Available
Vendor-GE Vernova
Product-EnerVista UR Setup
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2025-27255
Assigner-Nozomi Networks Inc.
ShareView Details
Assigner-Nozomi Networks Inc.
CVSS Score-8||HIGH
EPSS-0.02% / 4.51%
||
7 Day CHG~0.00%
Published-10 Mar, 2025 | 09:05
Updated-12 Mar, 2025 | 12:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use of Hard-coded Credentials vulnerability in GE Vernova EnerVista UR Setup allows Privilege Escalation. The local user database is encrypted using an hardcoded password retrievable by an attacker analyzing the application code.

Action-Not Available
Vendor-GE Vernova
Product-EnerVista UR Setup
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2025-27254
Assigner-Nozomi Networks Inc.
ShareView Details
Assigner-Nozomi Networks Inc.
CVSS Score-8||HIGH
EPSS-0.03% / 7.91%
||
7 Day CHG~0.00%
Published-10 Mar, 2025 | 09:05
Updated-12 Mar, 2025 | 12:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper Authentication vulnerability in GE Vernova EnerVista UR Setup allows Authentication Bypass.  The software's startup authentication can be disabled by altering a Windows registry setting that any user can modify.

Action-Not Available
Vendor-GE Vernova
Product-EnerVista UR Setup
CWE ID-CWE-287
Improper Authentication