PT-2025-10568 · Ge · Ge Vernova Ur Ied+1

Diego Giubertoni

Published

2025-03-10

Updated

2025-03-12

CVE-2025-27257

CVSS v3.1

6.1

Medium

Vector

AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

Name of the Vulnerable Software and Affected Versions GE Vernova UR IED family devices (affected versions not specified)

Description The issue concerns an Insufficient Verification of Data Authenticity, which enables an authenticated user to install modified firmware. This is possible because firmware signature verification is only enforced on the client-side by the dedicated software Enervista UR Setup, allowing the integration check to be bypassed.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Insufficient Verification of Data Authenticity

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-345

Related Identifiers

BDU:2025-07188

CVE-2025-27257

Affected Products

Enervista Ur Setup

Ge Vernova Ur Ied

PT-2025-10568 · Ge · Ge Vernova Ur Ied+1

CVE-2025-27257

Weakness Enumeration

Related Identifiers

Affected Products

References · 11