Vulnerabilites related to ge - sd2_firmware
CVE-2022-24118 (GCVE-0-2022-24118)
Vulnerability from cvelistv5
Published
2022-12-26 00:00
Modified
2025-04-11 23:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Certain General Electric Renewable Energy products allow attackers to use a code to trigger a reboot into the factory default configuration. This affects iNET and iNET II before 8.3.0, SD before 6.4.7, TD220X before 2.0.16, and TD220MAX before 1.2.6.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:59:23.652Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-24118",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-11T23:50:46.119967Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-11T23:53:21.786Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Certain General Electric Renewable Energy products allow attackers to use a code to trigger a reboot into the factory default configuration. This affects iNET and iNET II before 8.3.0, SD before 6.4.7, TD220X before 2.0.16, and TD220MAX before 1.2.6."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-26T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-24118",
"datePublished": "2022-12-26T00:00:00.000Z",
"dateReserved": "2022-01-28T00:00:00.000Z",
"dateUpdated": "2025-04-11T23:53:21.786Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-24119 (GCVE-0-2022-24119)
Vulnerability from cvelistv5
Published
2022-12-26 00:00
Modified
2025-04-11 23:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Certain General Electric Renewable Energy products have a hidden feature for unauthenticated remote access to the device configuration shell. This affects iNET and iNET II before 8.3.0.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:59:23.921Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-24119",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-11T23:32:16.786639Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-829",
"description": "CWE-829 Inclusion of Functionality from Untrusted Control Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-11T23:41:26.428Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Certain General Electric Renewable Energy products have a hidden feature for unauthenticated remote access to the device configuration shell. This affects iNET and iNET II before 8.3.0."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-26T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-24119",
"datePublished": "2022-12-26T00:00:00.000Z",
"dateReserved": "2022-01-28T00:00:00.000Z",
"dateUpdated": "2025-04-11T23:41:26.428Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-24120 (GCVE-0-2022-24120)
Vulnerability from cvelistv5
Published
2022-12-26 00:00
Modified
2025-04-11 23:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Certain General Electric Renewable Energy products store cleartext credentials in flash memory. This affects iNET and iNET II before 8.3.0.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:59:23.734Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-24120",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-11T23:29:46.144570Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "CWE-312 Cleartext Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-11T23:31:04.226Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Certain General Electric Renewable Energy products store cleartext credentials in flash memory. This affects iNET and iNET II before 8.3.0."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-26T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-24120",
"datePublished": "2022-12-26T00:00:00.000Z",
"dateReserved": "2022-01-28T00:00:00.000Z",
"dateUpdated": "2025-04-11T23:31:04.226Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-24116 (GCVE-0-2022-24116)
Vulnerability from cvelistv5
Published
2022-12-26 00:00
Modified
2025-04-12 00:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Certain General Electric Renewable Energy products have inadequate encryption strength. This affects iNET and iNET II before 8.3.0.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:59:23.687Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-24116",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-12T00:01:08.835514Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-325",
"description": "CWE-325 Missing Cryptographic Step",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-12T00:02:24.664Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Certain General Electric Renewable Energy products have inadequate encryption strength. This affects iNET and iNET II before 8.3.0."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-26T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-24116",
"datePublished": "2022-12-26T00:00:00.000Z",
"dateReserved": "2022-01-28T00:00:00.000Z",
"dateUpdated": "2025-04-12T00:02:24.664Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-24117 (GCVE-0-2022-24117)
Vulnerability from cvelistv5
Published
2022-12-26 00:00
Modified
2025-04-11 23:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Certain General Electric Renewable Energy products download firmware without an integrity check. This affects iNET and iNET II before 8.3.0, SD before 6.4.7, TD220X before 2.0.16, and TD220MAX before 1.2.6.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:59:23.878Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-24117",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-11T23:56:32.550974Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-494",
"description": "CWE-494 Download of Code Without Integrity Check",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-11T23:58:41.486Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Certain General Electric Renewable Energy products download firmware without an integrity check. This affects iNET and iNET II before 8.3.0, SD before 6.4.7, TD220X before 2.0.16, and TD220MAX before 1.2.6."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-26T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-24117",
"datePublished": "2022-12-26T00:00:00.000Z",
"dateReserved": "2022-01-28T00:00:00.000Z",
"dateUpdated": "2025-04-11T23:58:41.486Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2022-12-26 05:15
Modified
2025-04-12 00:15
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Certain General Electric Renewable Energy products download firmware without an integrity check. This affects iNET and iNET II before 8.3.0, SD before 6.4.7, TD220X before 2.0.16, and TD220MAX before 1.2.6.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06 | Patch, Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06 | Patch, Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ge | inet_900_firmware | * | |
| ge | inet_900 | - | |
| ge | inet_ii_900_firmware | * | |
| ge | inet_ii_900 | - | |
| ge | sd1_firmware | * | |
| ge | sd1 | - | |
| ge | sd2_firmware | * | |
| ge | sd2 | - | |
| ge | sd4_firmware | * | |
| ge | sd4 | - | |
| ge | sd9_firmware | * | |
| ge | sd9 | - | |
| ge | td220max_firmware | * | |
| ge | td220max | - | |
| ge | td220x_firmware | * | |
| ge | td220x | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ge:inet_900_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "053CB7A9-6C3C-4304-816E-929D9214D85D",
"versionEndExcluding": "8.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ge:inet_900:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B7ED1619-0B7A-47FA-A479-D04B11363773",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ge:inet_ii_900_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D7C18050-4CC7-43BC-86C9-F60143AE66D8",
"versionEndExcluding": "8.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ge:inet_ii_900:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0490A0F3-D9BA-48DD-9C4C-6397459E93C2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ge:sd1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DFB6657B-94C3-428A-8C35-C86C8876AF73",
"versionEndIncluding": "6.4.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ge:sd1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "08EFCE64-2DF8-466D-989E-D8509F9DD314",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ge:sd2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "42922AA6-50D7-449A-8C6E-28F0E50BA78F",
"versionEndExcluding": "6.4.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ge:sd2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F4E7CB12-ACEC-4499-A743-57CF20829560",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ge:sd4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1BF373FE-4A12-4FC9-A758-00CF0DE29783",
"versionEndExcluding": "6.4.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ge:sd4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "62A537E3-613C-4211-9ED8-A002B1207A66",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ge:sd9_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "805F40B3-BA5F-4E61-97A0-B22F0D1A0E30",
"versionEndExcluding": "6.4.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ge:sd9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B2D3B5FC-2EE5-477A-AA63-7D4E1085B5EC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ge:td220max_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7D4E50AB-AC03-4A8F-8524-242CAA5C22C1",
"versionEndExcluding": "1.2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ge:td220max:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E5C8CC4F-FBB9-45F6-ABE6-23DB061646C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ge:td220x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "401DED9A-E36D-4FFA-A4A1-ACD1560B7A89",
"versionEndExcluding": "2.0.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ge:td220x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "352FB5AB-64AA-48DF-90B8-FF738790139D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Certain General Electric Renewable Energy products download firmware without an integrity check. This affects iNET and iNET II before 8.3.0, SD before 6.4.7, TD220X before 2.0.16, and TD220MAX before 1.2.6."
},
{
"lang": "es",
"value": "Ciertos productos de General Electric Renewable Energy descargan firmware sin una verificaci\u00f3n de integridad. Esto afecta a iNET e iNET II anteriores a 8.3.0, SD anteriores a 6.4.7, TD220X anteriores a 2.0.16 y TD220MAX anteriores a 1.2.6."
}
],
"id": "CVE-2022-24117",
"lastModified": "2025-04-12T00:15:14.980",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2022-12-26T05:15:10.997",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-494"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-494"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-12-26 05:15
Modified
2025-04-12 01:15
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Certain General Electric Renewable Energy products have inadequate encryption strength. This affects iNET and iNET II before 8.3.0.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06 | Patch, Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06 | Patch, Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ge | inet_900_firmware | * | |
| ge | inet_900 | - | |
| ge | inet_ii_900_firmware | * | |
| ge | inet_ii_900 | - | |
| ge | sd1_firmware | * | |
| ge | sd1 | - | |
| ge | sd2_firmware | * | |
| ge | sd2 | - | |
| ge | sd4_firmware | * | |
| ge | sd4 | - | |
| ge | sd9_firmware | * | |
| ge | sd9 | - | |
| ge | td220max_firmware | * | |
| ge | td220max | - | |
| ge | td220x_firmware | * | |
| ge | td220x | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ge:inet_900_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "053CB7A9-6C3C-4304-816E-929D9214D85D",
"versionEndExcluding": "8.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ge:inet_900:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B7ED1619-0B7A-47FA-A479-D04B11363773",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ge:inet_ii_900_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D7C18050-4CC7-43BC-86C9-F60143AE66D8",
"versionEndExcluding": "8.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ge:inet_ii_900:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0490A0F3-D9BA-48DD-9C4C-6397459E93C2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ge:sd1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DFB6657B-94C3-428A-8C35-C86C8876AF73",
"versionEndIncluding": "6.4.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ge:sd1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "08EFCE64-2DF8-466D-989E-D8509F9DD314",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ge:sd2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "42922AA6-50D7-449A-8C6E-28F0E50BA78F",
"versionEndExcluding": "6.4.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ge:sd2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F4E7CB12-ACEC-4499-A743-57CF20829560",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ge:sd4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1BF373FE-4A12-4FC9-A758-00CF0DE29783",
"versionEndExcluding": "6.4.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ge:sd4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "62A537E3-613C-4211-9ED8-A002B1207A66",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ge:sd9_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "805F40B3-BA5F-4E61-97A0-B22F0D1A0E30",
"versionEndExcluding": "6.4.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ge:sd9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B2D3B5FC-2EE5-477A-AA63-7D4E1085B5EC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ge:td220max_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7D4E50AB-AC03-4A8F-8524-242CAA5C22C1",
"versionEndExcluding": "1.2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ge:td220max:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E5C8CC4F-FBB9-45F6-ABE6-23DB061646C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ge:td220x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "401DED9A-E36D-4FFA-A4A1-ACD1560B7A89",
"versionEndExcluding": "2.0.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ge:td220x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "352FB5AB-64AA-48DF-90B8-FF738790139D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Certain General Electric Renewable Energy products have inadequate encryption strength. This affects iNET and iNET II before 8.3.0."
},
{
"lang": "es",
"value": "Ciertos productos de General Electric Renewable Energy tienen una potencia de cifrado inadecuada. Esto afecta a iNET e iNET II anteriores a 8.3.0."
}
],
"id": "CVE-2022-24116",
"lastModified": "2025-04-12T01:15:14.720",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2022-12-26T05:15:10.937",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-326"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-325"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-12-26 05:15
Modified
2025-04-12 00:15
Severity ?
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Summary
Certain General Electric Renewable Energy products allow attackers to use a code to trigger a reboot into the factory default configuration. This affects iNET and iNET II before 8.3.0, SD before 6.4.7, TD220X before 2.0.16, and TD220MAX before 1.2.6.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06 | Patch, Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06 | Patch, Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ge | inet_900_firmware | * | |
| ge | inet_900 | - | |
| ge | inet_ii_900_firmware | * | |
| ge | inet_ii_900 | - | |
| ge | sd1_firmware | * | |
| ge | sd1 | - | |
| ge | sd2_firmware | * | |
| ge | sd2 | - | |
| ge | sd4_firmware | * | |
| ge | sd4 | - | |
| ge | sd9_firmware | * | |
| ge | sd9 | - | |
| ge | td220max_firmware | * | |
| ge | td220max | - | |
| ge | td220x_firmware | * | |
| ge | td220x | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ge:inet_900_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "053CB7A9-6C3C-4304-816E-929D9214D85D",
"versionEndExcluding": "8.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ge:inet_900:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B7ED1619-0B7A-47FA-A479-D04B11363773",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ge:inet_ii_900_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D7C18050-4CC7-43BC-86C9-F60143AE66D8",
"versionEndExcluding": "8.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ge:inet_ii_900:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0490A0F3-D9BA-48DD-9C4C-6397459E93C2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ge:sd1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DFB6657B-94C3-428A-8C35-C86C8876AF73",
"versionEndIncluding": "6.4.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ge:sd1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "08EFCE64-2DF8-466D-989E-D8509F9DD314",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ge:sd2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "42922AA6-50D7-449A-8C6E-28F0E50BA78F",
"versionEndExcluding": "6.4.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ge:sd2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F4E7CB12-ACEC-4499-A743-57CF20829560",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ge:sd4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1BF373FE-4A12-4FC9-A758-00CF0DE29783",
"versionEndExcluding": "6.4.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ge:sd4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "62A537E3-613C-4211-9ED8-A002B1207A66",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ge:sd9_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "805F40B3-BA5F-4E61-97A0-B22F0D1A0E30",
"versionEndExcluding": "6.4.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ge:sd9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B2D3B5FC-2EE5-477A-AA63-7D4E1085B5EC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ge:td220max_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7D4E50AB-AC03-4A8F-8524-242CAA5C22C1",
"versionEndExcluding": "1.2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ge:td220max:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E5C8CC4F-FBB9-45F6-ABE6-23DB061646C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ge:td220x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "401DED9A-E36D-4FFA-A4A1-ACD1560B7A89",
"versionEndExcluding": "2.0.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ge:td220x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "352FB5AB-64AA-48DF-90B8-FF738790139D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Certain General Electric Renewable Energy products allow attackers to use a code to trigger a reboot into the factory default configuration. This affects iNET and iNET II before 8.3.0, SD before 6.4.7, TD220X before 2.0.16, and TD220MAX before 1.2.6."
},
{
"lang": "es",
"value": "Ciertos productos de General Electric Renewable Energy permiten a los atacantes utilizar un c\u00f3digo para activar un reinicio en la configuraci\u00f3n predeterminada de f\u00e1brica. Esto afecta a iNET e iNET II anteriores a 8.3.0, SD anteriores a 6.4.7, TD220X anteriores a 2.0.16 y TD220MAX anteriores a 1.2.6."
}
],
"id": "CVE-2022-24118",
"lastModified": "2025-04-12T00:15:16.000",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2022-12-26T05:15:11.077",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-12-26 05:15
Modified
2025-04-12 00:15
Severity ?
4.6 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
4.6 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
4.6 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Certain General Electric Renewable Energy products store cleartext credentials in flash memory. This affects iNET and iNET II before 8.3.0.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06 | Patch, Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06 | Patch, Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ge | inet_900_firmware | * | |
| ge | inet_900 | - | |
| ge | inet_ii_900_firmware | * | |
| ge | inet_ii_900 | - | |
| ge | sd1_firmware | * | |
| ge | sd1 | - | |
| ge | sd2_firmware | * | |
| ge | sd2 | - | |
| ge | sd4_firmware | * | |
| ge | sd4 | - | |
| ge | sd9_firmware | * | |
| ge | sd9 | - | |
| ge | td220max_firmware | * | |
| ge | td220max | - | |
| ge | td220x_firmware | * | |
| ge | td220x | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ge:inet_900_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "053CB7A9-6C3C-4304-816E-929D9214D85D",
"versionEndExcluding": "8.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ge:inet_900:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B7ED1619-0B7A-47FA-A479-D04B11363773",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ge:inet_ii_900_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D7C18050-4CC7-43BC-86C9-F60143AE66D8",
"versionEndExcluding": "8.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ge:inet_ii_900:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0490A0F3-D9BA-48DD-9C4C-6397459E93C2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ge:sd1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DFB6657B-94C3-428A-8C35-C86C8876AF73",
"versionEndIncluding": "6.4.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ge:sd1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "08EFCE64-2DF8-466D-989E-D8509F9DD314",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ge:sd2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "42922AA6-50D7-449A-8C6E-28F0E50BA78F",
"versionEndExcluding": "6.4.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ge:sd2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F4E7CB12-ACEC-4499-A743-57CF20829560",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ge:sd4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1BF373FE-4A12-4FC9-A758-00CF0DE29783",
"versionEndExcluding": "6.4.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ge:sd4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "62A537E3-613C-4211-9ED8-A002B1207A66",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ge:sd9_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "805F40B3-BA5F-4E61-97A0-B22F0D1A0E30",
"versionEndExcluding": "6.4.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ge:sd9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B2D3B5FC-2EE5-477A-AA63-7D4E1085B5EC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ge:td220max_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7D4E50AB-AC03-4A8F-8524-242CAA5C22C1",
"versionEndExcluding": "1.2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ge:td220max:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E5C8CC4F-FBB9-45F6-ABE6-23DB061646C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ge:td220x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "401DED9A-E36D-4FFA-A4A1-ACD1560B7A89",
"versionEndExcluding": "2.0.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ge:td220x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "352FB5AB-64AA-48DF-90B8-FF738790139D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Certain General Electric Renewable Energy products store cleartext credentials in flash memory. This affects iNET and iNET II before 8.3.0."
},
{
"lang": "es",
"value": "Ciertos productos de General Electric Renewable Energy almacenan credenciales de texto plano en la memoria flash. Esto afecta a iNET e iNET II anteriores a 8.3.0."
}
],
"id": "CVE-2022-24120",
"lastModified": "2025-04-12T00:15:16.340",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2022-12-26T05:15:11.207",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-312"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-312"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-12-26 05:15
Modified
2025-04-12 00:15
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Certain General Electric Renewable Energy products have a hidden feature for unauthenticated remote access to the device configuration shell. This affects iNET and iNET II before 8.3.0.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06 | Patch, Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06 | Patch, Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ge | inet_900_firmware | * | |
| ge | inet_900 | - | |
| ge | inet_ii_900_firmware | * | |
| ge | inet_ii_900 | - | |
| ge | sd1_firmware | * | |
| ge | sd1 | - | |
| ge | sd2_firmware | * | |
| ge | sd2 | - | |
| ge | sd4_firmware | * | |
| ge | sd4 | - | |
| ge | sd9_firmware | * | |
| ge | sd9 | - | |
| ge | td220max_firmware | * | |
| ge | td220max | - | |
| ge | td220x_firmware | * | |
| ge | td220x | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ge:inet_900_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "053CB7A9-6C3C-4304-816E-929D9214D85D",
"versionEndExcluding": "8.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ge:inet_900:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B7ED1619-0B7A-47FA-A479-D04B11363773",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ge:inet_ii_900_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D7C18050-4CC7-43BC-86C9-F60143AE66D8",
"versionEndExcluding": "8.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ge:inet_ii_900:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0490A0F3-D9BA-48DD-9C4C-6397459E93C2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ge:sd1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DFB6657B-94C3-428A-8C35-C86C8876AF73",
"versionEndIncluding": "6.4.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ge:sd1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "08EFCE64-2DF8-466D-989E-D8509F9DD314",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ge:sd2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "42922AA6-50D7-449A-8C6E-28F0E50BA78F",
"versionEndExcluding": "6.4.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ge:sd2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F4E7CB12-ACEC-4499-A743-57CF20829560",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ge:sd4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1BF373FE-4A12-4FC9-A758-00CF0DE29783",
"versionEndExcluding": "6.4.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ge:sd4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "62A537E3-613C-4211-9ED8-A002B1207A66",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ge:sd9_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "805F40B3-BA5F-4E61-97A0-B22F0D1A0E30",
"versionEndExcluding": "6.4.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ge:sd9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B2D3B5FC-2EE5-477A-AA63-7D4E1085B5EC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ge:td220max_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7D4E50AB-AC03-4A8F-8524-242CAA5C22C1",
"versionEndExcluding": "1.2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ge:td220max:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E5C8CC4F-FBB9-45F6-ABE6-23DB061646C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ge:td220x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "401DED9A-E36D-4FFA-A4A1-ACD1560B7A89",
"versionEndExcluding": "2.0.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ge:td220x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "352FB5AB-64AA-48DF-90B8-FF738790139D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Certain General Electric Renewable Energy products have a hidden feature for unauthenticated remote access to the device configuration shell. This affects iNET and iNET II before 8.3.0."
},
{
"lang": "es",
"value": "Ciertos productos de General Electric Renewable Energy tienen una funci\u00f3n oculta para el acceso remoto no autenticado al shell de configuraci\u00f3n del dispositivo. Esto afecta a iNET e iNET II anteriores a 8.3.0."
}
],
"id": "CVE-2022-24119",
"lastModified": "2025-04-12T00:15:16.180",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2022-12-26T05:15:11.147",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-829"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-829"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}