Vulnerability Description
Certain General Electric Renewable Energy products download firmware without an integrity check. This affects iNET and iNET II before 8.3.0, SD before 6.4.7, TD220X before 2.0.16, and TD220MAX before 1.2.6.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ge | Inet 900 Firmware | < 8.3.0 |
| Ge | Inet 900 | - |
| Ge | Inet Ii 900 Firmware | < 8.3.0 |
| Ge | Inet Ii 900 | - |
| Ge | Sd1 Firmware | <= 6.4.7 |
| Ge | Sd1 | - |
| Ge | Sd2 Firmware | < 6.4.7 |
| Ge | Sd2 | - |
| Ge | Sd4 Firmware | < 6.4.7 |
| Ge | Sd4 | - |
| Ge | Sd9 Firmware | < 6.4.7 |
| Ge | Sd9 | - |
| Ge | Td220Max Firmware | < 1.2.6 |
| Ge | Td220Max | - |
| Ge | Td220X Firmware | < 2.0.16 |
| Ge | Td220X | - |
Related Weaknesses (CWE)
References
- https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06PatchThird Party AdvisoryUS Government Resource
- https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06PatchThird Party AdvisoryUS Government Resource
FAQ
What is CVE-2022-24117?
CVE-2022-24117 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Certain General Electric Renewable Energy products download firmware without an integrity check. This affects iNET and iNET II before 8.3.0, SD before 6.4.7, TD220X before 2.0.16, and TD220MAX before ...
How severe is CVE-2022-24117?
CVE-2022-24117 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2022-24117?
Check the references section above for vendor advisories and patch information. Affected products include: Ge Inet 900 Firmware, Ge Inet 900, Ge Inet Ii 900 Firmware, Ge Inet Ii 900, Ge Sd1 Firmware.