CVE-2022-24119

Certain General Electric Renewable Energy products have a hidden feature for unauthenticated remote access to the device configuration shell. This affects iNET and iNET II before 8.3.0.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06	Patch Third Party Advisory US Government Resource

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:ge:inet_900_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ge:inet_900:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:ge:inet_ii_900_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ge:inet_ii_900:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:ge:sd1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ge:sd1:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:ge:sd2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ge:sd2:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:ge:sd4_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ge:sd4:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:ge:sd9_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ge:sd9:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:ge:td220max_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ge:td220max:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:ge:td220x_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ge:td220x:-:*:*:*:*:*:*:*

History

05 Jan 2023, 16:08

Type	Values Removed	Values Added
CPE		cpe:2.3:o:ge:sd9_firmware:::::::: cpe:2.3:o:ge:td220x_firmware:::::::: cpe:2.3:h:ge:td220max:-:::::::* cpe:2.3:h:ge:sd1:-:::::::* cpe:2.3:h:ge:sd9:-:::::::* cpe:2.3:o:ge:sd1_firmware:::::::: cpe:2.3:o:ge:sd2_firmware:::::::: cpe:2.3:h:ge:inet_ii_900:-:::::::* cpe:2.3:o:ge:td220max_firmware:::::::: cpe:2.3:h:ge:td220x:-:::::::* cpe:2.3:o:ge:sd4_firmware:::::::: cpe:2.3:o:ge:inet_900_firmware:::::::: cpe:2.3:h:ge:sd4:-:::::::* cpe:2.3:h:ge:inet_900:-:::::::* cpe:2.3:h:ge:sd2:-:::::::* cpe:2.3:o:ge:inet_ii_900_firmware::::::::
First Time		Ge sd1 Firmware Ge sd2 Firmware Ge td220x Firmware Ge Ge td220max Ge inet 900 Firmware Ge td220max Firmware Ge sd4 Firmware Ge inet 900 Ge inet Ii 900 Firmware Ge inet Ii 900 Ge sd4 Ge sd1 Ge sd9 Ge td220x Ge sd9 Firmware Ge sd2
References	~~(MISC) https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06 -~~	(MISC) https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06 - Patch, Third Party Advisory, US Government Resource
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.8
CWE		CWE-829

26 Dec 2022, 05:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-12-26 05:15

Updated : 2023-12-10 14:48

NVD link : CVE-2022-24119

Mitre link : CVE-2022-24119

CVE.ORG link : CVE-2022-24119

JSON object : View

Products Affected

sd1
sd2_firmware
sd9_firmware
inet_ii_900
sd4_firmware
sd2
sd1_firmware
sd4
td220max
td220x
td220max_firmware
inet_ii_900_firmware
td220x_firmware
sd9
inet_900_firmware
inet_900

CWE

CWE-829

Inclusion of Functionality from Untrusted Control Sphere

9.8 /10