CVE-2022-24120

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2022-24120
Certain General Electric Renewable Energy products store cleartext credentials in flash memory. This affects iNET and iNET II before 8.3.0.

4.6 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.9 / Impact : 3.6

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06 Patch Third Party Advisory US Government Resource
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:ge:inet_900_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ge:inet_900:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:ge:inet_ii_900_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ge:inet_ii_900:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:ge:sd1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ge:sd1:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:ge:sd2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ge:sd2:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:ge:sd4_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ge:sd4:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:ge:sd9_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ge:sd9:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:ge:td220max_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ge:td220max:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:ge:td220x_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ge:td220x:-:*:*:*:*:*:*:*
History

05 Jan 2023, 15:59

Type Values Removed Values Added
CWE CWE-312
References (MISC) https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06 - (MISC) https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06 - Patch, Third Party Advisory, US Government Resource
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 4.6
First Time Ge sd1 Firmware
Ge sd2 Firmware
Ge td220x Firmware
Ge
Ge td220max
Ge inet 900 Firmware
Ge td220max Firmware
Ge sd4 Firmware
Ge inet 900
Ge inet Ii 900 Firmware
Ge inet Ii 900
Ge sd4
Ge sd1
Ge sd9
Ge td220x
Ge sd9 Firmware
Ge sd2
CPE cpe:2.3:o:ge:sd9_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:ge:td220x_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ge:td220max:-:*:*:*:*:*:*:*
cpe:2.3:h:ge:sd1:-:*:*:*:*:*:*:*
cpe:2.3:h:ge:sd9:-:*:*:*:*:*:*:*
cpe:2.3:o:ge:sd1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:ge:sd2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ge:inet_ii_900:-:*:*:*:*:*:*:*
cpe:2.3:o:ge:td220max_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ge:td220x:-:*:*:*:*:*:*:*
cpe:2.3:o:ge:sd4_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:ge:inet_900_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ge:sd4:-:*:*:*:*:*:*:*
cpe:2.3:h:ge:inet_900:-:*:*:*:*:*:*:*
cpe:2.3:h:ge:sd2:-:*:*:*:*:*:*:*
cpe:2.3:o:ge:inet_ii_900_firmware:*:*:*:*:*:*:*:*

26 Dec 2022, 05:15

Type Values Removed Values Added
New CVE
Information

Published : 2022-12-26 05:15

Updated : 2023-12-10 14:48

NVD link : CVE-2022-24120

Mitre link : CVE-2022-24120

CVE.ORG link : CVE-2022-24120

JSON object : View

Products Affected

ge

  • sd1
  • sd2_firmware
  • sd9_firmware
  • inet_ii_900
  • sd4_firmware
  • sd2
  • sd1_firmware
  • sd4
  • td220max
  • td220x
  • td220max_firmware
  • inet_ii_900_firmware
  • td220x_firmware
  • sd9
  • inet_900_firmware
  • inet_900
CWE
CWE-312

Cleartext Storage of Sensitive Information