CVE-2022-24118

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2022-24118
Certain General Electric Renewable Energy products allow attackers to use a code to trigger a reboot into the factory default configuration. This affects iNET and iNET II before 8.3.0, SD before 6.4.7, TD220X before 2.0.16, and TD220MAX before 1.2.6.

9.1 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06 Patch Third Party Advisory US Government Resource
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:ge:inet_900_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ge:inet_900:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:ge:inet_ii_900_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ge:inet_ii_900:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:ge:sd1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ge:sd1:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:ge:sd2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ge:sd2:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:ge:sd4_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ge:sd4:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:ge:sd9_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ge:sd9:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:ge:td220max_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ge:td220max:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:ge:td220x_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ge:td220x:-:*:*:*:*:*:*:*
History

05 Jan 2023, 16:16

Type Values Removed Values Added
References (MISC) https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06 - (MISC) https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06 - Patch, Third Party Advisory, US Government Resource
First Time Ge sd1 Firmware
Ge sd2 Firmware
Ge td220x Firmware
Ge
Ge td220max
Ge inet 900 Firmware
Ge td220max Firmware
Ge sd4 Firmware
Ge inet 900
Ge inet Ii 900 Firmware
Ge inet Ii 900
Ge sd4
Ge sd1
Ge sd9
Ge td220x
Ge sd9 Firmware
Ge sd2
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 9.1
CWE CWE-400
CPE cpe:2.3:o:ge:sd9_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:ge:td220x_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ge:td220max:-:*:*:*:*:*:*:*
cpe:2.3:h:ge:sd1:-:*:*:*:*:*:*:*
cpe:2.3:h:ge:sd9:-:*:*:*:*:*:*:*
cpe:2.3:o:ge:sd1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:ge:sd2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ge:inet_ii_900:-:*:*:*:*:*:*:*
cpe:2.3:o:ge:td220max_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ge:td220x:-:*:*:*:*:*:*:*
cpe:2.3:o:ge:sd4_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:ge:inet_900_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ge:sd4:-:*:*:*:*:*:*:*
cpe:2.3:h:ge:inet_900:-:*:*:*:*:*:*:*
cpe:2.3:h:ge:sd2:-:*:*:*:*:*:*:*
cpe:2.3:o:ge:inet_ii_900_firmware:*:*:*:*:*:*:*:*

26 Dec 2022, 05:15

Type Values Removed Values Added
New CVE
Information

Published : 2022-12-26 05:15

Updated : 2023-12-10 14:48

NVD link : CVE-2022-24118

Mitre link : CVE-2022-24118

CVE.ORG link : CVE-2022-24118

JSON object : View

Products Affected

ge

  • sd1
  • sd2_firmware
  • sd9_firmware
  • inet_ii_900
  • sd4_firmware
  • sd2
  • sd1_firmware
  • sd4
  • td220max
  • td220x
  • td220max_firmware
  • inet_ii_900_firmware
  • td220x_firmware
  • sd9
  • inet_900_firmware
  • inet_900
CWE
CWE-400

Uncontrolled Resource Consumption