CVE Record: CVE-2025-27257

Required CVE Record Information

Description

Insufficient Verification of Data Authenticity vulnerability in GE Vernova UR IED family devices allows an authenticated user to install a modified firmware. The firmware signature verification is enforced only on the client-side dedicated software Enervista UR Setup, allowing the integration check to be bypassed.

CWE 1 Total

Learn more

CWE-345: CWE-345 Insufficient Verification of Data Authenticity

CVSS 1 Total

Learn more

Score	Severity	Version	Vector String
6.1	MEDIUM	3.1	CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

Product Status

Learn more

Versions 1 Total

Default Status: unaffected

affected

Versions 1 Total

Default Status: unaffected

affected

Versions 1 Total

Default Status: unaffected

affected

Versions 1 Total

Default Status: unaffected

affected

Versions 1 Total

Default Status: unaffected

affected

Versions 1 Total

Default Status: unaffected

affected

Versions 1 Total

Default Status: unaffected

affected

Versions 1 Total

Default Status: unaffected

affected

Versions 1 Total

Default Status: unaffected

affected

Versions 1 Total

Default Status: unaffected

affected

Versions 1 Total

Default Status: unaffected

affected

Versions 1 Total

Default Status: unaffected

affected

Versions 1 Total

Default Status: unaffected

affected

Versions 1 Total

Default Status: unaffected

affected

Versions 1 Total

Default Status: unaffected

affected

Versions 1 Total

Default Status: unaffected

affected

Versions 1 Total

Default Status: unaffected

affected

Versions 1 Total

Default Status: unaffected

affected

Versions 1 Total

Default Status: unaffected

affected

Versions 1 Total

Default Status: unaffected

affected

References 2 Total

Authorized Data Publishers

Learn more

Common vulnerabilities and Exposures (CVE)

Required CVE Record Information

CNA: Nozomi Networks Inc.

Description

CWE 1 Total

CVSS 1 Total

Product Status

References 2 Total

Authorized Data Publishers

CISA-ADP