GE Vernova Enervista UR Setup
Summary
GE Vernova Enervista UR Setup versions prior to 8.70 are vulnerable to code execution with elevated privileges due to uncontrolled search path element and path traversal vulnerabilities. Successful exploitation could allow attackers to execute code with administrative privileges.
IFF Assessment
Exploitation of these vulnerabilities allows for code execution with elevated privileges, which is harmful to defenders.
Severity
Defender Context
These vulnerabilities affect critical infrastructure sectors, including critical manufacturing, energy, and water/wastewater. Defenders should prioritize patching to version 8.70 or later and monitor systems for suspicious activity related to DLL hijacking or unusual file path access. The vulnerability exists due to improper handling of search paths and path traversal, which are common attack vectors in software.