CVE-2022-24117

EPSS 0.08%
Published 26.12.2022 05:15:10
Last modified 12.04.2025 00:15:14
Source cve@mitre.org
Teams watchlist Login
Open Login

Certain General Electric Renewable Energy products download firmware without an integrity check. This affects iNET and iNET II before 8.3.0, SD before 6.4.7, TD220X before 2.0.16, and TD220MAX before 1.2.6.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Ge ≫ Inet 900 Firmware Version < 8.3.0

Ge ≫ Inet 900 Version-

Ge ≫ Inet Ii 900 Firmware Version < 8.3.0

Ge ≫ Inet Ii 900 Version-

Ge ≫ Sd1 Firmware Version <= 6.4.7

Ge ≫ Sd1 Version-

Ge ≫ Sd2 Firmware Version < 6.4.7

Ge ≫ Sd2 Version-

Ge ≫ Sd4 Firmware Version < 6.4.7

Ge ≫ Sd4 Version-

Ge ≫ Sd9 Firmware Version < 6.4.7

Ge ≫ Sd9 Version-

Ge ≫ Td220max Firmware Version < 1.2.6

Ge ≫ Td220max Version-

Ge ≫ Td220x Firmware Version < 2.0.16

Ge ≫ Td220x Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.08%	0.247

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-494 Download of Code Without Integrity Check

The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code.

https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06

Patch

Third Party Advisory

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2022-24117

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-24117

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-24117

EUVD