Critical Vulnerability Information Vulnerability Overview Affected Product: GE Vernova’s WorkstationST – EGD Configuration Server Disclosing Researchers: Ricardo Pelaz Garcia and Roberto Garcia Hervás of Innotec Security, part of Accenture CVE ID: CVE-2025-3223 Affected Products and Versions Affected Versions: WorkstationST V07.10.10C and earlier versions Vulnerability Details Note: The adjusted scores are environmental scores calculated based on compensating controls in customer environments and overall system impact. Exploitation Status GE Vernova has not observed or received any reports of Gas Power customer equipment being compromised due to these vulnerabilities. Mitigation/Workarounds (Gas Power Customers) The path traversal issue has been resolved in WorkstationST V08.00, V07.10.11C, and V07.09.33C. Customers should update their WorkstationST installation to one of these versions. Mitigation/Workarounds (Wind Customers) The path traversal issue has been resolved in WorkstationST V07.10.11C or later, as well as in V07.09.33C. Customers should update or upgrade their Workstation to one of these versions.