CVE-2022-24117

Certain General Electric Renewable Energy products download firmware without an integrity check. This affects iNET and iNET II before 8.3.0, SD before 6.4.7, TD220X before 2.0.16, and TD220MAX before 1.2.6.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06	Patch Third Party Advisory US Government Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06	Patch Third Party Advisory US Government Resource

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:ge:inet_900_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ge:inet_900:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:ge:inet_ii_900_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ge:inet_ii_900:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:ge:sd1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ge:sd1:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:ge:sd2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ge:sd2:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:ge:sd4_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ge:sd4:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:ge:sd9_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ge:sd9:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:ge:td220max_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ge:td220max:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:ge:td220x_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ge:td220x:-:*:*:*:*:*:*:*

History

21 Nov 2024, 06:49

Type	Values Removed	Values Added
References	~~() https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06 - Patch, Third Party Advisory, US Government Resource~~	() https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06 - Patch, Third Party Advisory, US Government Resource

Information

Published : 2022-12-26 05:15

Updated : 2024-11-21 06:49

NVD link : CVE-2022-24117

Mitre link : CVE-2022-24117

CVE.ORG link : CVE-2022-24117

JSON object : View

Products Affected

ge

td220x_firmware
sd2
sd4
sd2_firmware
td220x
sd4_firmware
sd9
inet_900_firmware
sd1_firmware
td220max_firmware
td220max
inet_900
inet_ii_900_firmware
sd9_firmware
sd1
inet_ii_900

CWE

CWE-494

Download of Code Without Integrity Check

{"id": "CVE-2022-24117", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2022-12-26T05:15:10.997", "references": [{"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06", "tags": ["Patch", "Third Party Advisory", "US Government Resource"], "source": "cve@mitre.org"}, {"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06", "tags": ["Patch", "Third Party Advisory", "US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-494"}]}], "descriptions": [{"lang": "en", "value": "Certain General Electric Renewable Energy products download firmware without an integrity check. This affects iNET and iNET II before 8.3.0, SD before 6.4.7, TD220X before 2.0.16, and TD220MAX before 1.2.6."}, {"lang": "es", "value": "Ciertos productos de General Electric Renewable Energy descargan firmware sin una verificaci\u00f3n de integridad. Esto afecta a iNET e iNET II anteriores a 8.3.0, SD anteriores a 6.4.7, TD220X anteriores a 2.0.16 y TD220MAX anteriores a 1.2.6."}], "lastModified": "2024-11-21T06:49:50.430", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:ge:inet_900_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "053CB7A9-6C3C-4304-816E-929D9214D85D", "versionEndExcluding": "8.3.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:ge:inet_900:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B7ED1619-0B7A-47FA-A479-D04B11363773"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:ge:inet_ii_900_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D7C18050-4CC7-43BC-86C9-F60143AE66D8", "versionEndExcluding": "8.3.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:ge:inet_ii_900:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0490A0F3-D9BA-48DD-9C4C-6397459E93C2"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:ge:sd1_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DFB6657B-94C3-428A-8C35-C86C8876AF73", "versionEndIncluding": "6.4.7"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:ge:sd1:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "08EFCE64-2DF8-466D-989E-D8509F9DD314"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:ge:sd2_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "42922AA6-50D7-449A-8C6E-28F0E50BA78F", "versionEndExcluding": "6.4.7"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:ge:sd2:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F4E7CB12-ACEC-4499-A743-57CF20829560"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:ge:sd4_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1BF373FE-4A12-4FC9-A758-00CF0DE29783", "versionEndExcluding": "6.4.7"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:ge:sd4:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "62A537E3-613C-4211-9ED8-A002B1207A66"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:ge:sd9_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "805F40B3-BA5F-4E61-97A0-B22F0D1A0E30", "versionEndExcluding": "6.4.7"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:ge:sd9:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B2D3B5FC-2EE5-477A-AA63-7D4E1085B5EC"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:ge:td220max_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7D4E50AB-AC03-4A8F-8524-242CAA5C22C1", "versionEndExcluding": "1.2.6"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:ge:td220max:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E5C8CC4F-FBB9-45F6-ABE6-23DB061646C1"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:ge:td220x_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "401DED9A-E36D-4FFA-A4A1-ACD1560B7A89", "versionEndExcluding": "2.0.16"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:ge:td220x:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "352FB5AB-64AA-48DF-90B8-FF738790139D"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}