CVE-2022-24117

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2022-24117
Certain General Electric Renewable Energy products download firmware without an integrity check. This affects iNET and iNET II before 8.3.0, SD before 6.4.7, TD220X before 2.0.16, and TD220MAX before 1.2.6.

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06 Patch Third Party Advisory US Government Resource
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:ge:inet_900_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ge:inet_900:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:ge:inet_ii_900_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ge:inet_ii_900:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:ge:sd1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ge:sd1:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:ge:sd2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ge:sd2:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:ge:sd4_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ge:sd4:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:ge:sd9_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ge:sd9:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:ge:td220max_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ge:td220max:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:ge:td220x_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ge:td220x:-:*:*:*:*:*:*:*
History

05 Jan 2023, 20:44

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 9.8
CPE cpe:2.3:o:ge:sd9_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:ge:td220x_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ge:td220max:-:*:*:*:*:*:*:*
cpe:2.3:h:ge:sd1:-:*:*:*:*:*:*:*
cpe:2.3:h:ge:sd9:-:*:*:*:*:*:*:*
cpe:2.3:o:ge:sd1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:ge:sd2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ge:inet_ii_900:-:*:*:*:*:*:*:*
cpe:2.3:o:ge:td220max_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ge:td220x:-:*:*:*:*:*:*:*
cpe:2.3:o:ge:sd4_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:ge:inet_900_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ge:sd4:-:*:*:*:*:*:*:*
cpe:2.3:h:ge:inet_900:-:*:*:*:*:*:*:*
cpe:2.3:h:ge:sd2:-:*:*:*:*:*:*:*
cpe:2.3:o:ge:inet_ii_900_firmware:*:*:*:*:*:*:*:*
CWE CWE-494
First Time Ge sd1 Firmware
Ge sd2 Firmware
Ge td220x Firmware
Ge
Ge td220max
Ge inet 900 Firmware
Ge td220max Firmware
Ge sd4 Firmware
Ge inet 900
Ge inet Ii 900 Firmware
Ge inet Ii 900
Ge sd4
Ge sd1
Ge sd9
Ge td220x
Ge sd9 Firmware
Ge sd2
References (MISC) https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06 - (MISC) https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06 - Patch, Third Party Advisory, US Government Resource

26 Dec 2022, 05:15

Type Values Removed Values Added
New CVE
Information

Published : 2022-12-26 05:15

Updated : 2023-12-10 14:48

NVD link : CVE-2022-24117

Mitre link : CVE-2022-24117

CVE.ORG link : CVE-2022-24117

JSON object : View

Products Affected

ge

  • sd1
  • sd2_firmware
  • sd9_firmware
  • inet_ii_900
  • sd4_firmware
  • sd2
  • sd1_firmware
  • sd4
  • td220max
  • td220x
  • td220max_firmware
  • inet_ii_900_firmware
  • td220x_firmware
  • sd9
  • inet_900_firmware
  • inet_900
CWE
CWE-494

Download of Code Without Integrity Check