BACK TO NEWS
CERT Advisories

Critical Vulnerabilities in GE Vernova Enervista UR Setup Demand Immediate Patching

2 min readSource: INCIBE-CERT

Multiple high-severity flaws in GE Vernova's Enervista UR Setup software expose power utilities to remote attacks. CISA and INCIBE issue urgent advisories.

GE Vernova Enervista UR Setup Plagued by Multiple Critical Vulnerabilities

Madrid, Spain – February 18, 2026 – Security researchers have uncovered multiple high-severity vulnerabilities in GE Vernova’s Enervista UR Setup software, a widely used utility grid management tool. The flaws, disclosed by Spain’s INCIBE-CERT and CISA, could allow threat actors to execute remote attacks on critical power infrastructure.

Technical Details of the Vulnerabilities

While specific CVE IDs have not yet been publicly disclosed, the vulnerabilities are categorized as:

  • Improper Input Validation (CWE-20)
  • Path Traversal (CWE-22)
  • Insecure Deserialization (CWE-502)
  • Use of Hard-coded Credentials (CWE-798)

These flaws affect Enervista UR Setup versions prior to 8.10, which is used for configuring and monitoring Universal Relay (UR) protection devices in electrical substations. Exploitation could lead to unauthorized system access, data manipulation, or denial-of-service (DoS) conditions in operational technology (OT) environments.

Impact Analysis

The vulnerabilities pose a significant risk to power utilities, particularly in:

  • Electrical substations relying on GE Vernova’s UR devices
  • Industrial control systems (ICS) integrated with Enervista UR Setup
  • Critical infrastructure where remote access could disrupt grid operations

Successful exploitation could enable attackers to compromise relay settings, alter protection schemes, or disrupt power distribution, potentially leading to cascading failures in energy grids.

Recommended Actions for Security Teams

  1. Apply Patches Immediately – Upgrade to Enervista UR Setup v8.10 or later, as recommended by GE Vernova.
  2. Isolate Affected Systems – Restrict network access to vulnerable instances until patches are deployed.
  3. Monitor for Suspicious Activity – Implement OT-specific intrusion detection systems (IDS) to detect anomalous behavior.
  4. Review Access Controls – Audit user permissions and remove hard-coded credentials where possible.
  5. Follow CISA & INCIBE Guidance – Refer to official advisories (INCIBE-CERT, CISA) for mitigation strategies.

Security teams in the energy sector are urged to prioritize patching and enhance monitoring to prevent potential exploitation of these critical flaws.

Share

TwitterLinkedIn