Описание
Insufficient Verification of Data Authenticity vulnerability in GE Vernova UR IED family devices allows an authenticated user to install a modified firmware. The firmware signature verification is enforced only on the client-side dedicated software Enervista UR Setup, allowing the integration check to be bypassed.
EPSS
6.1 Medium
CVSS3
Дефекты
Связанные уязвимости
Insufficient Verification of Data Authenticity vulnerability in GE Vernova UR IED family devices allows an authenticated user to install a modified firmware. The firmware signature verification is enforced only on the client-side dedicated software Enervista UR Setup, allowing the integration check to be bypassed.
Уязвимость электронных устройств GE Vernova Intelligent Electronic Device (IED) серии Universal Relay (UR), связанная с недостаточной проверкой подлинности данных, позволяющая нарушителю обойти существующие ограничения безопасности
EPSS
6.1 Medium
CVSS3