GE Vernova Enervista UR Setup

Plan Patch7.8ICS-CERT ICSA-26-048-03Feb 17, 2026

Attack VectorLocal

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

GE Vernova Enervista UR Setup versions prior to 8.70 contain code execution vulnerabilities (CWE-427, CWE-35) that allow an attacker with local access to the setup workstation to execute arbitrary code with elevated privileges. Exploitation requires local access; remote exploitation is not possible. Successful exploitation could allow unauthorized modification of UR device configurations, control parameters, or firmware.

What this means

What could happen

An attacker with local access to the setup workstation could run arbitrary code with elevated privileges, potentially modifying Enervista UR device configurations, control logic, or firmware. This could disrupt grid operations or alter power distribution settings.

Who's at risk

Energy sector operators managing GE Vernova Enervista UR devices (substation automation, power distribution, renewable energy integration controllers) are affected. Any organization using Enervista UR Setup version 8.70 or earlier for device configuration and management should prioritize this patch. Water and manufacturing utilities using similar distribution automation equipment are also potentially impacted.

How it could be exploited

An attacker must first gain local access to the Enervista UR Setup workstation (physical or remote desktop/SSH). Once authenticated or with physical access to the system, the attacker can exploit code execution vulnerabilities to escalate privileges and execute arbitrary commands or code, allowing them to modify UR device settings or parameters without authorization.

Prerequisites

Local access to the Enervista UR Setup workstation (physical console, RDP, SSH, or similar remote desktop protocol)
User-level credentials on the setup workstation or ability to interact with the system interface
Enervista UR Setup version prior to 8.70

No authentication required beyond local/physical accessLow complexity exploitationPrivilege escalation to elevated levelNo patch available for versions before 8.70Affects critical energy infrastructure

Exploitability

Low exploit probability (EPSS 0.0%)

Affected products (1)

ProductAffected VersionsFix Status

Enervista UR Setup: <8.70<8.708.70 or later

Remediation & Mitigation

0/4

Do now

0/3

HARDENINGRestrict network access to Enervista UR Setup workstations; do not allow direct access from untrusted networks or the internet

HARDENINGIsolate Enervista UR Setup and UR devices on a separate control system network behind firewalls, with no direct access from business networks

HARDENINGIf remote access to setup workstations is required, use VPN with strong authentication; ensure VPN software is kept current

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade Enervista UR Setup to version 8.70 or later

CVEs (2)

CVE-2026-1762 CVE-2026-1763

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/72977a9d-9950-43d1-8831-c56d056b2825