PT-2025-10567 · Ge · Ge Vernova Enervista Ur Setup

Diego Giubertoni

Published

2025-03-10

Updated

2025-03-15

CVE-2025-27256

CVSS v3.1

8.3

High

Vector

AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H

Name of the Vulnerable Software and Affected Versions GE Vernova Enervista UR Setup (affected versions not specified)

Description The issue concerns a Missing Authentication for Critical Function vulnerability. It allows for Authentication Bypass due to a missing SSH server authentication, enabling an attacker to potentially perform a man-in-the-middle attack on the network.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306

Related Identifiers

BDU:2025-07185

CVE-2025-27256

Affected Products

Ge Vernova Enervista Ur Setup

PT-2025-10567 · Ge · Ge Vernova Enervista Ur Setup

CVE-2025-27256

Weakness Enumeration

Related Identifiers

Affected Products

References · 17