Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-24119

Certain General Electric Renewable Energy products have a hidden feature for unauthenticated remote access to the device configuration shell. This affects iNET and iNET II before 8.3.0.

Published

2022-12-26T05:15:11.147

Last Modified

2025-04-12T00:15:16.180

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

Weaknesses

Type: Primary
CWE-829
Type: Secondary
CWE-829

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	ge	inet_900_firmware	< 8.3.0	Yes
Hardware	ge	inet_900	-	No
Operating System	ge	inet_ii_900_firmware	< 8.3.0	Yes
Hardware	ge	inet_ii_900	-	No
Operating System	ge	sd1_firmware	≤ 6.4.7	Yes
Hardware	ge	sd1	-	No
Operating System	ge	sd2_firmware	< 6.4.7	Yes
Hardware	ge	sd2	-	No
Operating System	ge	sd4_firmware	< 6.4.7	Yes
Hardware	ge	sd4	-	No
Operating System	ge	sd9_firmware	< 6.4.7	Yes
Hardware	ge	sd9	-	No
Operating System	ge	td220max_firmware	< 1.2.6	Yes
Hardware	ge	td220max	-	No
Operating System	ge	td220x_firmware	< 2.0.16	Yes
Hardware	ge	td220x	-	No

References

https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06 Patch, Third Party Advisory, US Government Resource ([email protected])
https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06 Patch, Third Party Advisory, US Government Resource (af854a3a-2127-422b-91ae-364da2661108)