Certain General Electric Renewable Energy products allow attackers to use a code to trigger a reboot into the factory default configuration. This affects iNET and iNET II before 8.3.0, SD before 6.4.7, TD220X before 2.0.16, and TD220MAX before 1.2.6.
References
Link | Resource |
---|---|
https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06 | Patch Third Party Advisory US Government Resource |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
History
05 Jan 2023, 16:16
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06 - Patch, Third Party Advisory, US Government Resource | |
First Time |
Ge sd1 Firmware
Ge sd2 Firmware Ge td220x Firmware Ge Ge td220max Ge inet 900 Firmware Ge td220max Firmware Ge sd4 Firmware Ge inet 900 Ge inet Ii 900 Firmware Ge inet Ii 900 Ge sd4 Ge sd1 Ge sd9 Ge td220x Ge sd9 Firmware Ge sd2 |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.1 |
CWE | CWE-400 | |
CPE | cpe:2.3:o:ge:sd9_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:ge:td220x_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:ge:td220max:-:*:*:*:*:*:*:* cpe:2.3:h:ge:sd1:-:*:*:*:*:*:*:* cpe:2.3:h:ge:sd9:-:*:*:*:*:*:*:* cpe:2.3:o:ge:sd1_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:ge:sd2_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:ge:inet_ii_900:-:*:*:*:*:*:*:* cpe:2.3:o:ge:td220max_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:ge:td220x:-:*:*:*:*:*:*:* cpe:2.3:o:ge:sd4_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:ge:inet_900_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:ge:sd4:-:*:*:*:*:*:*:* cpe:2.3:h:ge:inet_900:-:*:*:*:*:*:*:* cpe:2.3:h:ge:sd2:-:*:*:*:*:*:*:* cpe:2.3:o:ge:inet_ii_900_firmware:*:*:*:*:*:*:*:* |
26 Dec 2022, 05:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-12-26 05:15
Updated : 2023-12-10 14:48
NVD link : CVE-2022-24118
Mitre link : CVE-2022-24118
CVE.ORG link : CVE-2022-24118
JSON object : View
Products Affected
ge
- sd1
- sd2_firmware
- sd9_firmware
- inet_ii_900
- sd4_firmware
- sd2
- sd1_firmware
- sd4
- td220max
- td220x
- td220max_firmware
- inet_ii_900_firmware
- td220x_firmware
- sd9
- inet_900_firmware
- inet_900
CWE
CWE-400
Uncontrolled Resource Consumption