CVE-2022-24117

Certain General Electric Renewable Energy products download firmware without an integrity check. This affects iNET and iNET II before 8.3.0, SD before 6.4.7, TD220X before 2.0.16, and TD220MAX before 1.2.6.

CVSS v3.0 9.8 CRITICAL

9.8^/10

CVSS v3.0 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06	Patch Third Party Advisory US Government Resource

Advertisement

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:ge:inet_900_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ge:inet_900:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:ge:inet_ii_900_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ge:inet_ii_900:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:ge:sd1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ge:sd1:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:ge:sd2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ge:sd2:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:ge:sd4_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ge:sd4:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:ge:sd9_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ge:sd9:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:ge:td220max_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ge:td220max:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:ge:td220x_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ge:td220x:-:*:*:*:*:*:*:*

Information

Published : 2022-12-25 21:15

Updated : 2023-01-05 12:44

NVD link : CVE-2022-24117

Mitre link : CVE-2022-24117

JSON object : View

CWE

CWE-494

Download of Code Without Integrity Check

Advertisement

Products Affected

ge

inet_900_firmware
sd9_firmware
sd1
td220max_firmware
inet_900
td220max
td220x
td220x_firmware
sd2_firmware
sd4_firmware
inet_ii_900
inet_ii_900_firmware
sd2
sd4
sd9
sd1_firmware

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06", "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06", "tags": ["Patch", "Third Party Advisory", "US Government Resource"], "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Certain General Electric Renewable Energy products download firmware without an integrity check. This affects iNET and iNET II before 8.3.0, SD before 6.4.7, TD220X before 2.0.16, and TD220MAX before 1.2.6."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-494"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2022-24117", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}}, "publishedDate": "2022-12-26T05:15Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:ge:inet_900_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "8.3.0"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:ge:inet_900:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:ge:inet_ii_900_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "8.3.0"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:ge:inet_ii_900:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:ge:sd1_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "6.4.7"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:ge:sd1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:ge:sd2_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "6.4.7"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:ge:sd2:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:ge:sd4_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "6.4.7"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:ge:sd4:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:ge:sd9_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "6.4.7"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:ge:sd9:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:ge:td220max_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "1.2.6"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:ge:td220max:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:ge:td220x_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "2.0.16"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:ge:td220x:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2023-01-05T20:44Z"}