CVE-2022-24117

Certain General Electric Renewable Energy products download firmware without an integrity check. This affects iNET and iNET II before 8.3.0, SD before 6.4.7, TD220X before 2.0.16, and TD220MAX before 1.2.6.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06	Patch Third Party Advisory US Government Resource

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:ge:inet_900_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ge:inet_900:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:ge:inet_ii_900_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ge:inet_ii_900:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:ge:sd1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ge:sd1:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:ge:sd2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ge:sd2:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:ge:sd4_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ge:sd4:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:ge:sd9_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ge:sd9:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:ge:td220max_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ge:td220max:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:ge:td220x_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ge:td220x:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2022-12-26 05:15

Updated : 2023-01-05 20:44

NVD link : CVE-2022-24117

Mitre link : CVE-2022-24117

CVE.ORG link : CVE-2022-24117

JSON object : View

Products Affected

ge

inet_ii_900
td220max
inet_ii_900_firmware
sd4_firmware
sd1_firmware
td220max_firmware
td220x_firmware
inet_900
sd4
sd2
sd9_firmware
inet_900_firmware
sd2_firmware
sd1
sd9
td220x

CWE

CWE-494

Download of Code Without Integrity Check

{"id": "CVE-2022-24117", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2022-12-26T05:15:10.997", "references": [{"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06", "tags": ["Patch", "Third Party Advisory", "US Government Resource"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-494"}]}], "descriptions": [{"lang": "en", "value": "Certain General Electric Renewable Energy products download firmware without an integrity check. This affects iNET and iNET II before 8.3.0, SD before 6.4.7, TD220X before 2.0.16, and TD220MAX before 1.2.6."}, {"lang": "es", "value": "Ciertos productos de General Electric Renewable Energy descargan firmware sin una verificaci\u00f3n de integridad. Esto afecta a iNET e iNET II anteriores a 8.3.0, SD anteriores a 6.4.7, TD220X anteriores a 2.0.16 y TD220MAX anteriores a 1.2.6."}], "lastModified": "2023-01-05T20:44:03.627", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:ge:inet_900_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "053CB7A9-6C3C-4304-816E-929D9214D85D", "versionEndExcluding": "8.3.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:ge:inet_900:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B7ED1619-0B7A-47FA-A479-D04B11363773"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:ge:inet_ii_900_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D7C18050-4CC7-43BC-86C9-F60143AE66D8", "versionEndExcluding": "8.3.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:ge:inet_ii_900:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0490A0F3-D9BA-48DD-9C4C-6397459E93C2"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:ge:sd1_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DFB6657B-94C3-428A-8C35-C86C8876AF73", "versionEndIncluding": "6.4.7"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:ge:sd1:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "08EFCE64-2DF8-466D-989E-D8509F9DD314"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:ge:sd2_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "42922AA6-50D7-449A-8C6E-28F0E50BA78F", "versionEndExcluding": "6.4.7"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:ge:sd2:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F4E7CB12-ACEC-4499-A743-57CF20829560"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:ge:sd4_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1BF373FE-4A12-4FC9-A758-00CF0DE29783", "versionEndExcluding": "6.4.7"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:ge:sd4:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "62A537E3-613C-4211-9ED8-A002B1207A66"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:ge:sd9_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "805F40B3-BA5F-4E61-97A0-B22F0D1A0E30", "versionEndExcluding": "6.4.7"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:ge:sd9:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B2D3B5FC-2EE5-477A-AA63-7D4E1085B5EC"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:ge:td220max_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7D4E50AB-AC03-4A8F-8524-242CAA5C22C1", "versionEndExcluding": "1.2.6"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:ge:td220max:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E5C8CC4F-FBB9-45F6-ABE6-23DB061646C1"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:ge:td220x_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "401DED9A-E36D-4FFA-A4A1-ACD1560B7A89", "versionEndExcluding": "2.0.16"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:ge:td220x:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "352FB5AB-64AA-48DF-90B8-FF738790139D"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}