CVE-2026-1762
File Manipulation Vulnerability in GE Vernova Enervista UR Setup
Publication date: 2026-02-10
Last updated on: 2026-03-04
Assigner: General Electric (Gas Power)
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ge | enervista | to 8.6 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-23 | The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in GE Vernova Enervista UR Setup on Windows, specifically affecting version 8.6 and earlier. It allows for file manipulation, which means an attacker with certain privileges could potentially alter files within the affected software.
How can this vulnerability impact me? :
The impact of this vulnerability is limited due to its low CVSS base score of 2.9. It requires physical access (AV:P), low attack complexity (AC:L), and high privileges (PR:H) without user interaction (UI:N). The vulnerability does not affect confidentiality but can impact integrity and availability to a limited extent.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know