Certain General Electric Renewable Energy products download firmware without an integrity check. This affects iNET and iNET II before 8.3.0, SD before 6.4.7, TD220X before 2.0.16, and TD220MAX before 1.2.6.
References
Link | Resource |
---|---|
https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06 | Patch Third Party Advisory US Government Resource |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
History
05 Jan 2023, 20:44
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
CPE | cpe:2.3:o:ge:sd9_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:ge:td220x_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:ge:td220max:-:*:*:*:*:*:*:* cpe:2.3:h:ge:sd1:-:*:*:*:*:*:*:* cpe:2.3:h:ge:sd9:-:*:*:*:*:*:*:* cpe:2.3:o:ge:sd1_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:ge:sd2_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:ge:inet_ii_900:-:*:*:*:*:*:*:* cpe:2.3:o:ge:td220max_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:ge:td220x:-:*:*:*:*:*:*:* cpe:2.3:o:ge:sd4_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:ge:inet_900_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:ge:sd4:-:*:*:*:*:*:*:* cpe:2.3:h:ge:inet_900:-:*:*:*:*:*:*:* cpe:2.3:h:ge:sd2:-:*:*:*:*:*:*:* cpe:2.3:o:ge:inet_ii_900_firmware:*:*:*:*:*:*:*:* |
|
CWE | CWE-494 | |
First Time |
Ge sd1 Firmware
Ge sd2 Firmware Ge td220x Firmware Ge Ge td220max Ge inet 900 Firmware Ge td220max Firmware Ge sd4 Firmware Ge inet 900 Ge inet Ii 900 Firmware Ge inet Ii 900 Ge sd4 Ge sd1 Ge sd9 Ge td220x Ge sd9 Firmware Ge sd2 |
|
References | (MISC) https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06 - Patch, Third Party Advisory, US Government Resource |
26 Dec 2022, 05:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-12-26 05:15
Updated : 2023-12-10 14:48
NVD link : CVE-2022-24117
Mitre link : CVE-2022-24117
CVE.ORG link : CVE-2022-24117
JSON object : View
Products Affected
ge
- sd1
- sd2_firmware
- sd9_firmware
- inet_ii_900
- sd4_firmware
- sd2
- sd1_firmware
- sd4
- td220max
- td220x
- td220max_firmware
- inet_ii_900_firmware
- td220x_firmware
- sd9
- inet_900_firmware
- inet_900
CWE
CWE-494
Download of Code Without Integrity Check