9.8
CVE-2022-24116
- EPSS 0.29%
- Veröffentlicht 26.12.2022 05:15:10
- Zuletzt bearbeitet 12.04.2025 01:15:14
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Certain General Electric Renewable Energy products have inadequate encryption strength. This affects iNET and iNET II before 8.3.0.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ge ≫ Inet 900 Firmware Version < 8.3.0
Ge ≫ Inet Ii 900 Firmware Version < 8.3.0
Ge ≫ Sd1 Firmware Version <= 6.4.7
Ge ≫ Sd2 Firmware Version < 6.4.7
Ge ≫ Sd4 Firmware Version < 6.4.7
Ge ≫ Sd9 Firmware Version < 6.4.7
Ge ≫ Td220max Firmware Version < 1.2.6
Ge ≫ Td220x Firmware Version < 2.0.16
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.29% | 0.206 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-325 Missing Cryptographic Step
The product does not implement a required step in a cryptographic algorithm, resulting in weaker encryption than advertised by the algorithm.
CWE-326 Inadequate Encryption Strength
The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.
https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06