Certain General Electric Renewable Energy products have a hidden feature for unauthenticated remote access to the device configuration shell. This affects iNET and iNET II before 8.3.0.
References
Link | Resource |
---|---|
https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06 | Patch Third Party Advisory US Government Resource |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
History
05 Jan 2023, 16:08
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:ge:sd9_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:ge:td220x_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:ge:td220max:-:*:*:*:*:*:*:* cpe:2.3:h:ge:sd1:-:*:*:*:*:*:*:* cpe:2.3:h:ge:sd9:-:*:*:*:*:*:*:* cpe:2.3:o:ge:sd1_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:ge:sd2_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:ge:inet_ii_900:-:*:*:*:*:*:*:* cpe:2.3:o:ge:td220max_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:ge:td220x:-:*:*:*:*:*:*:* cpe:2.3:o:ge:sd4_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:ge:inet_900_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:ge:sd4:-:*:*:*:*:*:*:* cpe:2.3:h:ge:inet_900:-:*:*:*:*:*:*:* cpe:2.3:h:ge:sd2:-:*:*:*:*:*:*:* cpe:2.3:o:ge:inet_ii_900_firmware:*:*:*:*:*:*:*:* |
|
First Time |
Ge sd1 Firmware
Ge sd2 Firmware Ge td220x Firmware Ge Ge td220max Ge inet 900 Firmware Ge td220max Firmware Ge sd4 Firmware Ge inet 900 Ge inet Ii 900 Firmware Ge inet Ii 900 Ge sd4 Ge sd1 Ge sd9 Ge td220x Ge sd9 Firmware Ge sd2 |
|
References | (MISC) https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06 - Patch, Third Party Advisory, US Government Resource | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
CWE | CWE-829 |
26 Dec 2022, 05:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-12-26 05:15
Updated : 2023-12-10 14:48
NVD link : CVE-2022-24119
Mitre link : CVE-2022-24119
CVE.ORG link : CVE-2022-24119
JSON object : View
Products Affected
ge
- sd1
- sd2_firmware
- sd9_firmware
- inet_ii_900
- sd4_firmware
- sd2
- sd1_firmware
- sd4
- td220max
- td220x
- td220max_firmware
- inet_ii_900_firmware
- td220x_firmware
- sd9
- inet_900_firmware
- inet_900
CWE
CWE-829
Inclusion of Functionality from Untrusted Control Sphere