{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-1762", "assignerOrgId": "2cf0fb33-79e2-44e0-beb8-826cc5ce3250", "state": "PUBLISHED", "assignerShortName": "GE_Vernova", "dateReserved": "2026-02-02T14:36:44.351Z", "datePublished": "2026-02-10T20:06:00.213Z", "dateUpdated": "2026-02-10T20:37:25.289Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "packageName": "UR Setup", "platforms": ["Windows"], "product": "Enervista", "vendor": "GE Vernova", "versions": [{"status": "affected", "version": "8.6 and prior versions", "versionType": "Linux"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Reid Wightman"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A vulnerability in GE Vernova Enervista UR Setup on Windows allows File Manipulation.<p>This issue affects Enervista: 8.6 and prior versions.</p>"}], "value": "A vulnerability in GE Vernova Enervista UR Setup on Windows allows File Manipulation.This issue affects Enervista: 8.6 and prior versions."}], "impacts": [{"capecId": "CAPEC-165", "descriptions": [{"lang": "en", "value": "CAPEC-165 File Manipulation"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "LOW", "baseScore": 2.9, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-23", "description": "CWE-23", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "2cf0fb33-79e2-44e0-beb8-826cc5ce3250", "shortName": "GE_Vernova", "dateUpdated": "2026-02-10T20:06:00.213Z"}, "references": [{"url": "https://www.gevernova.com/grid-solutions/resources?prod=urfamily&type=21&node_id=4987&check_logged_in=1"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "We strongly recommend that users with impacted firmware versions update their UR devices to UR \nfirmware version 8.70, released in November 2025, to resolve these vulnerabilities. We also recommend \nupgrading the EnerVista UR Setup configuration tool to version 8.70 or greater. <br><br>\nEnervista UR Setup software is backward compatible, users can upgrade it to version 8.70, \nindependently of upgrading their UR IED to FW v870.\n\n<br>"}], "value": "We strongly recommend that users with impacted firmware versions update their UR devices to UR \nfirmware version 8.70, released in November 2025, to resolve these vulnerabilities. We also recommend \nupgrading the EnerVista UR Setup configuration tool to version 8.70 or greater. \n\n\nEnervista UR Setup software is backward compatible, users can upgrade it to version 8.70, \nindependently of upgrading their UR IED to FW v870."}], "source": {"discovery": "UNKNOWN"}, "title": "Enervista UR Setup Directory Traversal Vulnerability", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "As a workaround, GE Vernova recommends having secure infrastructure in place, which can protect the \nsystem. We also recommend that customers protect their digital devices using a defense-in-depth \nstrategy. This includes, but is not limited to, placing digital devices inside the control system network \nsecurity perimeter, access controls, robust network monitoring (such as Intrusion Detection System) and \nother mitigation techniques in place. Please refer to the product secure deployment guide.\n\nIt is essential for organizations to prioritize cybersecurity measures, including regular vulnerability \nassessments and prompt application of security patches.\n\n \n\n\n<br>"}], "value": "As a workaround, GE Vernova recommends having secure infrastructure in place, which can protect the \nsystem. We also recommend that customers protect their digital devices using a defense-in-depth \nstrategy. This includes, but is not limited to, placing digital devices inside the control system network \nsecurity perimeter, access controls, robust network monitoring (such as Intrusion Detection System) and \nother mitigation techniques in place. Please refer to the product secure deployment guide.\n\nIt is essential for organizations to prioritize cybersecurity measures, including regular vulnerability \nassessments and prompt application of security patches."}], "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-10T20:34:57.688134Z", "id": "CVE-2026-1762", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-10T20:37:25.289Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-1762", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-10T20:34:57.688134Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-10T20:37:20.530Z"}}], "cna": {"title": "Enervista UR Setup Directory Traversal Vulnerability", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Reid Wightman"}], "impacts": [{"capecId": "CAPEC-165", "descriptions": [{"lang": "en", "value": "CAPEC-165 File Manipulation"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.9, "attackVector": "PHYSICAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "GE Vernova", "product": "Enervista", "versions": [{"status": "affected", "version": "8.6 and prior versions", "versionType": "Linux"}], "platforms": ["Windows"], "packageName": "UR Setup", "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "We strongly recommend that users with impacted firmware versions update their UR devices to UR \nfirmware version 8.70, released in November 2025, to resolve these vulnerabilities. We also recommend \nupgrading the EnerVista UR Setup configuration tool to version 8.70 or greater. \n\n\nEnervista UR Setup software is backward compatible, users can upgrade it to version 8.70, \nindependently of upgrading their UR IED to FW v870.", "supportingMedia": [{"type": "text/html", "value": "We strongly recommend that users with impacted firmware versions update their UR devices to UR \nfirmware version 8.70, released in November 2025, to resolve these vulnerabilities. We also recommend \nupgrading the EnerVista UR Setup configuration tool to version 8.70 or greater. <br><br>\nEnervista UR Setup software is backward compatible, users can upgrade it to version 8.70, \nindependently of upgrading their UR IED to FW v870.\n\n<br>", "base64": false}]}], "references": [{"url": "https://www.gevernova.com/grid-solutions/resources?prod=urfamily&type=21&node_id=4987&check_logged_in=1"}], "workarounds": [{"lang": "en", "value": "As a workaround, GE Vernova recommends having secure infrastructure in place, which can protect the \nsystem. We also recommend that customers protect their digital devices using a defense-in-depth \nstrategy. This includes, but is not limited to, placing digital devices inside the control system network \nsecurity perimeter, access controls, robust network monitoring (such as Intrusion Detection System) and \nother mitigation techniques in place. Please refer to the product secure deployment guide.\n\nIt is essential for organizations to prioritize cybersecurity measures, including regular vulnerability \nassessments and prompt application of security patches.", "supportingMedia": [{"type": "text/html", "value": "As a workaround, GE Vernova recommends having secure infrastructure in place, which can protect the \nsystem. We also recommend that customers protect their digital devices using a defense-in-depth \nstrategy. This includes, but is not limited to, placing digital devices inside the control system network \nsecurity perimeter, access controls, robust network monitoring (such as Intrusion Detection System) and \nother mitigation techniques in place. Please refer to the product secure deployment guide.\n\nIt is essential for organizations to prioritize cybersecurity measures, including regular vulnerability \nassessments and prompt application of security patches.\n\n \n\n\n<br>", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "A vulnerability in GE Vernova Enervista UR Setup on Windows allows File Manipulation.This issue affects Enervista: 8.6 and prior versions.", "supportingMedia": [{"type": "text/html", "value": "A vulnerability in GE Vernova Enervista UR Setup on Windows allows File Manipulation.<p>This issue affects Enervista: 8.6 and prior versions.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-23", "description": "CWE-23"}]}], "providerMetadata": {"orgId": "2cf0fb33-79e2-44e0-beb8-826cc5ce3250", "shortName": "GE_Vernova", "dateUpdated": "2026-02-10T20:06:00.213Z"}}}, "cveMetadata": {"cveId": "CVE-2026-1762", "state": "PUBLISHED", "dateUpdated": "2026-02-10T20:37:25.289Z", "dateReserved": "2026-02-02T14:36:44.351Z", "assignerOrgId": "2cf0fb33-79e2-44e0-beb8-826cc5ce3250", "datePublished": "2026-02-10T20:06:00.213Z", "assignerShortName": "GE_Vernova"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in GE Vernova Enervista UR Setup on Windows allows File Manipulation.This issue affects Enervista: 8.6 and prior versions."}], "id": "CVE-2026-1762", "lastModified": "2026-02-10T21:51:48.077", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "LOW", "baseScore": 2.9, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 0.3, "impactScore": 2.5, "source": "GEPowerCVD@ge.com", "type": "Secondary"}]}, "published": "2026-02-10T20:16:52.940", "references": [{"source": "GEPowerCVD@ge.com", "url": "https://www.gevernova.com/grid-solutions/resources?prod=urfamily&type=21&node_id=4987&check_logged_in=1"}], "sourceIdentifier": "GEPowerCVD@ge.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-23"}], "source": "GEPowerCVD@ge.com", "type": "Secondary"}]}

{}

{}