CVE-2026-1763 GE Vernova CVE debrief

Who should care

OT/ICS administrators, GE Vernova Enervista UR Setup users, engineering workstation owners, and support teams that handle firmware update files for affected systems.

Technical summary

The advisory describes a directory traversal weakness in Enervista UR Setup when opening certain firmware update files. According to the supplied CVSS vector (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N), exploitation requires local access and low privileges, with no user interaction, and can result in low integrity impact through unintended file writes. The fix target in the advisory is version 8.70 or later.

Defensive priority

Low severity, but patch soon in affected environments because the issue can write files with logged-in-user privileges on an engineering/OT workstation.

Recommended defensive actions

• Upgrade GE Vernova Enervista UR Setup to version 8.70 or later.
• Restrict access to affected engineering workstations and firmware-update workflows to trusted users only.
• Review file-write and integrity-monitoring controls on endpoints that open vendor firmware update files.
• Back up affected systems and verify recovery procedures before maintenance or update operations.
• Apply CISA ICS recommended practices and defense-in-depth guidance for OT environments.

Evidence notes

Source evidence comes from CISA advisory ICSA-26-048-03 (published 2026-02-17) and the machine-readable CSAF record for CVE-2026-1763. The advisory states that versions prior to 8.70 are vulnerable and that the issue can allow file writes with the privileges of the logged-in user. The supplied CVSS vector is AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N, consistent with a local, low-privilege impact. No KEV entry or active exploitation details were supplied in the corpus. The vendor metadata in the enrichment section is marked low-confidence/needs review, but the source advisory itself identifies GE Vernova Enervista UR Setup.

Official resources