PatchSiren cyber security CVE debrief
CVE-2026-1762 GE Vernova CVE debrief
CVE-2026-1762 affects GE Vernova Enervista UR Setup versions prior to 8.70. CISA’s advisory says the installer can be abused for DLL hijacking when it is run from a location containing unknown or untrusted DLLs, which can result in code execution with administrative privileges. The practical risk is highest on systems used to deploy or maintain OT/ICS engineering software, especially where installers are staged in shared or writable locations. GE Vernova recommends upgrading to version 8.70 or later.
- Vendor
- GE Vernova
- Product
- Enervista UR Setup
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-02-17
- Original CVE updated
- 2026-02-17
- Advisory published
- 2026-02-17
- Advisory updated
- 2026-02-17
Who should care
OT/ICS administrators, GE Vernova Enervista UR Setup users, workstation imaging and deployment teams, and anyone who runs the installer with elevated rights or from shared/writable directories.
Technical summary
The advisory describes a DLL hijacking weakness in the Enervista UR Setup installer for versions before 8.70. The supplied CVSS vector is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating a locally exploitable issue with low attack complexity and the potential for high confidentiality, integrity, and availability impact. The source material points to CWE-427 as a relevant weakness class, and the remediation is to use Enervista UR Setup 8.70 or later.
Defensive priority
High. This is an installer-time privilege escalation/code execution risk with a vendor patch available, so environments that deploy or maintain the software should prioritize upgrade and install-path hygiene.
Recommended defensive actions
- Upgrade GE Vernova Enervista UR Setup to version 8.70 or later.
- Do not run the installer from directories that contain unknown or untrusted DLLs.
- Stage installers only in trusted, controlled locations with restricted write access.
- Limit who can write to installation media, deployment shares, and working directories used for software installs.
- Use least privilege for installation workflows and only elevate when required.
- Apply CISA ICS recommended practices and related defense-in-depth guidance on systems that host or deploy OT software.
Evidence notes
The supplied CISA CSAF advisory (ICSA-26-048-03) states that Enervista UR Setup versions prior to 8.70 are vulnerable to DLL hijacking and that an attacker could obtain code execution with administrative privileges when the installer is run in a location with unknown or untrusted DLLs. The advisory’s remediation section recommends version 8.70 or later. The CVSS vector supplied in the source is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. The provided corpus also includes official references to the CISA advisory, the CVE record, GE Vernova remediation page, and CISA ICS guidance resources.
Official resources
-
CVE-2026-1762 CVE record
CVE.org
-
CVE-2026-1762 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed by CISA on 2026-02-17 as ICSA-26-048-03. The supplied advisory identifies affected versions prior to 8.70 and recommends upgrading to 8.70 or later.