CVE-2025-27257

MEDIUM Year: 2025
CVSS v3 Score
6.1
Medium
Weakness Type
CWE-345
View all →

Vulnerability Description

Insufficient Verification of Data Authenticity vulnerability in GE Vernova UR IED family devices allows an authenticated user to install a modified firmware. The firmware signature verification is enforced only on the client-side dedicated software Enervista UR Setup, allowing the integration check to be bypassed.

Related Vulnerabilities

CVE-2022-26579

MEDIUM
CVSS:6.0(Medium)

PAX A930 device with PayDroid_7.1.1_Virgo_V04.3.26T1_20210419 can allow a root privileged attacker to install unsigned packages. The attacker must have shell access to the device and gain root privile...

CWE-3452022

CVE-2025-27735

MEDIUM
CVSS:6.0(Medium)

Insufficient verification of data authenticity in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to bypass a security feature locally.

CWE-3452025

CVE-2019-5229

MEDIUM
CVSS:6.2(Medium)

P30 smartphones with versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1) have an insufficient verification vulnerability. The system does not verify certain parameters sufficiently, an attacker sh...

CWE-3452019

CVE-2019-5246

MEDIUM
CVSS:6.2(Medium)

Smartphones with software of ELLE-AL00B 9.1.0.109(C00E106R1P21), 9.1.0.113(C00E110R1P21), 9.1.0.125(C00E120R1P21), 9.1.0.135(C00E130R1P21), 9.1.0.153(C00E150R1P21), 9.1.0.155(C00E150R1P21), 9.1.0.162(...

CWE-3452019

CVE-2015-8254

MEDIUM
CVSS:5.9(Medium)

The Frontel protocol before 3 on RSI Video Technologies Videofied devices does not use integrity protection, which makes it easier for man-in-the-middle attackers to (1) initiate a false alarm or (2) ...

CWE-3452015

CVE-2019-16007

MEDIUM
CVSS:5.9(Medium)

A vulnerability in the inter-service communication of Cisco AnyConnect Secure Mobility Client for Android could allow an unauthenticated, local attacker to perform a service hijack attack on an affect...

CWE-3452019