Certain General Electric Renewable Energy products download firmware without an integrity check. This affects iNET and iNET II before 8.3.0, SD before 6.4.7, TD220X before 2.0.16, and TD220MAX before 1.2.6.
2022-12-26T05:15:10.997
2025-04-12T00:15:14.980
Modified
CVSSv3.1: 9.8 (CRITICAL)
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Operating System | ge | inet_900_firmware | < 8.3.0 | Yes |
| Hardware | ge | inet_900 | - | No |
| Operating System | ge | inet_ii_900_firmware | < 8.3.0 | Yes |
| Hardware | ge | inet_ii_900 | - | No |
| Operating System | ge | sd1_firmware | ≤ 6.4.7 | Yes |
| Hardware | ge | sd1 | - | No |
| Operating System | ge | sd2_firmware | < 6.4.7 | Yes |
| Hardware | ge | sd2 | - | No |
| Operating System | ge | sd4_firmware | < 6.4.7 | Yes |
| Hardware | ge | sd4 | - | No |
| Operating System | ge | sd9_firmware | < 6.4.7 | Yes |
| Hardware | ge | sd9 | - | No |
| Operating System | ge | td220max_firmware | < 1.2.6 | Yes |
| Hardware | ge | td220max | - | No |
| Operating System | ge | td220x_firmware | < 2.0.16 | Yes |
| Hardware | ge | td220x | - | No |