PT-2025-10564 · Ge · Ge Vernova Ur Ied

Diego Giubertoni

Published

2025-03-10

Updated

2025-10-07

CVE-2025-27253

CVSS v3.1

6.1

Medium

Vector

AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L

Name of the Vulnerable Software and Affected Versions GE Vernova UR IED family devices versions 7.0 through 8.60

Description The issue is related to improper input validation, which allows an attacker to establish a TCP connection through port forwarding. This lack of validation for IP addresses and ports may enable the attacker to bypass firewall rules or send malicious traffic within the network.

Recommendations For GE Vernova UR IED family devices versions 7.0 through 8.60, consider restricting access to the port forwarding feature until a proper fix is applied, and ensure that all incoming and outgoing traffic is thoroughly validated to prevent malicious connections.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-15CWE-20

Related Identifiers

BDU:2025-07184

CVE-2025-27253

Affected Products

Ge Vernova Ur Ied

PT-2025-10564 · Ge · Ge Vernova Ur Ied

CVE-2025-27253

Weakness Enumeration

Related Identifiers

Affected Products

References · 11