CVE-2022-24116

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2022-24116
Certain General Electric Renewable Energy products have inadequate encryption strength. This affects iNET and iNET II before 8.3.0.

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06 Patch Third Party Advisory US Government Resource
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:ge:inet_900_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ge:inet_900:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:ge:inet_ii_900_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ge:inet_ii_900:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:ge:sd1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ge:sd1:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:ge:sd2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ge:sd2:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:ge:sd4_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ge:sd4:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:ge:sd9_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ge:sd9:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:ge:td220max_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ge:td220max:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:ge:td220x_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ge:td220x:-:*:*:*:*:*:*:*
History

05 Jan 2023, 20:47

Type Values Removed Values Added
CWE CWE-326
References (MISC) https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06 - (MISC) https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06 - Patch, Third Party Advisory, US Government Resource
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 9.8
First Time Ge sd1 Firmware
Ge sd2 Firmware
Ge td220x Firmware
Ge
Ge td220max
Ge inet 900 Firmware
Ge td220max Firmware
Ge sd4 Firmware
Ge inet 900
Ge inet Ii 900 Firmware
Ge inet Ii 900
Ge sd4
Ge sd1
Ge sd9
Ge td220x
Ge sd9 Firmware
Ge sd2
CPE cpe:2.3:o:ge:sd9_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:ge:td220x_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ge:td220max:-:*:*:*:*:*:*:*
cpe:2.3:h:ge:sd1:-:*:*:*:*:*:*:*
cpe:2.3:h:ge:sd9:-:*:*:*:*:*:*:*
cpe:2.3:o:ge:sd1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:ge:sd2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ge:inet_ii_900:-:*:*:*:*:*:*:*
cpe:2.3:o:ge:td220max_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ge:td220x:-:*:*:*:*:*:*:*
cpe:2.3:o:ge:sd4_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:ge:inet_900_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ge:sd4:-:*:*:*:*:*:*:*
cpe:2.3:h:ge:inet_900:-:*:*:*:*:*:*:*
cpe:2.3:h:ge:sd2:-:*:*:*:*:*:*:*
cpe:2.3:o:ge:inet_ii_900_firmware:*:*:*:*:*:*:*:*

26 Dec 2022, 05:15

Type Values Removed Values Added
New CVE
Information

Published : 2022-12-26 05:15

Updated : 2023-12-10 14:48

NVD link : CVE-2022-24116

Mitre link : CVE-2022-24116

CVE.ORG link : CVE-2022-24116

JSON object : View

Products Affected

ge

  • inet_ii_900_firmware
  • sd1
  • sd2_firmware
  • sd4_firmware
  • sd2
  • sd4
  • td220max_firmware
  • inet_ii_900
  • td220x
  • inet_900_firmware
  • sd9
  • sd9_firmware
  • td220max
  • td220x_firmware
  • inet_900
  • sd1_firmware
CWE
CWE-326

Inadequate Encryption Strength