GE Vernova Enervista UR Setup

Plan PatchCVSS 7.8ICS-CERT ICSA-26-048-03Feb 17, 2026

GE VernovaEnergyManufacturingWater

Attack path

Attack VectorLocal

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

GE Vernova Enervista UR Setup versions below 8.70 contain improper input validation and path traversal flaws (CWE-427, CWE-35) that allow code execution with elevated privileges. Successful exploitation requires local access with unprivileged user credentials on a workstation running the affected software. The vendor has released a fix in version 8.70 or later.

What this means

What could happen

An attacker with local access to a workstation running Enervista UR Setup could execute arbitrary code with elevated privileges, potentially gaining control of grid automation configuration and modifying power distribution settings or setpoints.

Who's at risk

This affects energy utilities and water authorities that use GE Vernova Enervista UR Setup for grid automation configuration. Engineering workstations and configuration servers running the affected software versions are at risk.

How it could be exploited

An attacker with local user credentials on a workstation running vulnerable Enervista UR Setup could exploit an improper input validation or path traversal flaw to execute arbitrary code with administrator privileges. This could allow modification of grid automation logic or bypass of control system settings.

Prerequisites

Local access to a workstation running Enervista UR Setup
Valid unprivileged user account on the workstation
Enervista UR Setup version below 8.70 installed

Requires local access (not remotely exploitable)Requires valid user credentialsLow complexity attackAllows code execution with elevated privilegesNo public exploit reports

Exploitability

Unlikely to be exploited — EPSS score 0.0%

Affected products (1)

ProductAffected VersionsFix Status

Enervista UR Setup: <8.70<8.708.70+

Remediation & Mitigation

0/3

Do now

0/1

HARDENINGRestrict local workstation access to authorized engineering personnel only

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Enervista UR Setup to version 8.70 or later

HARDENINGIsolate workstations running Enervista UR Setup from business networks and the internet

CVEs (2)

CVE-2026-1762 CVE-2026-1763

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/72977a9d-9950-43d1-8831-c56d056b2825

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.