cvelistv5 - cve-2022-24117

CVE-2022-24117 (GCVE-0-2022-24117)

Vulnerability from cvelistv5 – Published: 2022-12-26 00:00 – Updated: 2025-04-11 23:58

Summary

Certain General Electric Renewable Energy products download firmware without an integrity check. This affects iNET and iNET II before 8.3.0, SD before 6.4.7, TD220X before 2.0.16, and TD220MAX before 1.2.6.

Severity ?

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

Assigner

mitre

References

URL

Tags

https://www.cisa.gov/uscert/ics/advisories/icsa-2…

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T03:59:23.878Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2022-24117",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-11T23:56:32.550974Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-494",
                "description": "CWE-494 Download of Code Without Integrity Check",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-11T23:58:41.486Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Certain General Electric Renewable Energy products download firmware without an integrity check. This affects iNET and iNET II before 8.3.0, SD before 6.4.7, TD220X before 2.0.16, and TD220MAX before 1.2.6."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-26T00:00:00.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2022-24117",
    "datePublished": "2022-12-26T00:00:00.000Z",
    "dateReserved": "2022-01-28T00:00:00.000Z",
    "dateUpdated": "2025-04-11T23:58:41.486Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:ge:inet_900_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"8.3.0\", \"matchCriteriaId\": \"053CB7A9-6C3C-4304-816E-929D9214D85D\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:ge:inet_900:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B7ED1619-0B7A-47FA-A479-D04B11363773\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:ge:inet_ii_900_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"8.3.0\", \"matchCriteriaId\": \"D7C18050-4CC7-43BC-86C9-F60143AE66D8\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:ge:inet_ii_900:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0490A0F3-D9BA-48DD-9C4C-6397459E93C2\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:ge:sd1_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"6.4.7\", \"matchCriteriaId\": \"DFB6657B-94C3-428A-8C35-C86C8876AF73\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:ge:sd1:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"08EFCE64-2DF8-466D-989E-D8509F9DD314\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:ge:sd2_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"6.4.7\", \"matchCriteriaId\": \"42922AA6-50D7-449A-8C6E-28F0E50BA78F\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:ge:sd2:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F4E7CB12-ACEC-4499-A743-57CF20829560\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:ge:sd4_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"6.4.7\", \"matchCriteriaId\": \"1BF373FE-4A12-4FC9-A758-00CF0DE29783\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:ge:sd4:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"62A537E3-613C-4211-9ED8-A002B1207A66\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:ge:sd9_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"6.4.7\", \"matchCriteriaId\": \"805F40B3-BA5F-4E61-97A0-B22F0D1A0E30\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:ge:sd9:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B2D3B5FC-2EE5-477A-AA63-7D4E1085B5EC\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:ge:td220max_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.2.6\", \"matchCriteriaId\": \"7D4E50AB-AC03-4A8F-8524-242CAA5C22C1\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:ge:td220max:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E5C8CC4F-FBB9-45F6-ABE6-23DB061646C1\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:ge:td220x_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.0.16\", \"matchCriteriaId\": \"401DED9A-E36D-4FFA-A4A1-ACD1560B7A89\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:ge:td220x:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"352FB5AB-64AA-48DF-90B8-FF738790139D\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Certain General Electric Renewable Energy products download firmware without an integrity check. This affects iNET and iNET II before 8.3.0, SD before 6.4.7, TD220X before 2.0.16, and TD220MAX before 1.2.6.\"}, {\"lang\": \"es\", \"value\": \"Ciertos productos de General Electric Renewable Energy descargan firmware sin una verificaci\\u00f3n de integridad. Esto afecta a iNET e iNET II anteriores a 8.3.0, SD anteriores a 6.4.7, TD220X anteriores a 2.0.16 y TD220MAX anteriores a 1.2.6.\"}]",
      "id": "CVE-2022-24117",
      "lastModified": "2024-11-21T06:49:50.430",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}]}",
      "published": "2022-12-26T05:15:10.997",
      "references": "[{\"url\": \"https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\", \"US Government Resource\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-494\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-24117\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2022-12-26T05:15:10.997\",\"lastModified\":\"2025-04-12T00:15:14.980\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Certain General Electric Renewable Energy products download firmware without an integrity check. This affects iNET and iNET II before 8.3.0, SD before 6.4.7, TD220X before 2.0.16, and TD220MAX before 1.2.6.\"},{\"lang\":\"es\",\"value\":\"Ciertos productos de General Electric Renewable Energy descargan firmware sin una verificaci\u00f3n de integridad. Esto afecta a iNET e iNET II anteriores a 8.3.0, SD anteriores a 6.4.7, TD220X anteriores a 2.0.16 y TD220MAX anteriores a 1.2.6.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-494\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-494\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ge:inet_900_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"8.3.0\",\"matchCriteriaId\":\"053CB7A9-6C3C-4304-816E-929D9214D85D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ge:inet_900:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B7ED1619-0B7A-47FA-A479-D04B11363773\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ge:inet_ii_900_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"8.3.0\",\"matchCriteriaId\":\"D7C18050-4CC7-43BC-86C9-F60143AE66D8\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ge:inet_ii_900:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0490A0F3-D9BA-48DD-9C4C-6397459E93C2\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ge:sd1_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"6.4.7\",\"matchCriteriaId\":\"DFB6657B-94C3-428A-8C35-C86C8876AF73\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ge:sd1:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"08EFCE64-2DF8-466D-989E-D8509F9DD314\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ge:sd2_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"6.4.7\",\"matchCriteriaId\":\"42922AA6-50D7-449A-8C6E-28F0E50BA78F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ge:sd2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4E7CB12-ACEC-4499-A743-57CF20829560\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ge:sd4_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"6.4.7\",\"matchCriteriaId\":\"1BF373FE-4A12-4FC9-A758-00CF0DE29783\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ge:sd4:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"62A537E3-613C-4211-9ED8-A002B1207A66\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ge:sd9_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"6.4.7\",\"matchCriteriaId\":\"805F40B3-BA5F-4E61-97A0-B22F0D1A0E30\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ge:sd9:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B2D3B5FC-2EE5-477A-AA63-7D4E1085B5EC\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ge:td220max_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.2.6\",\"matchCriteriaId\":\"7D4E50AB-AC03-4A8F-8524-242CAA5C22C1\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ge:td220max:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E5C8CC4F-FBB9-45F6-ABE6-23DB061646C1\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ge:td220x_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.0.16\",\"matchCriteriaId\":\"401DED9A-E36D-4FFA-A4A1-ACD1560B7A89\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ge:td220x:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"352FB5AB-64AA-48DF-90B8-FF738790139D\"}]}]}],\"references\":[{\"url\":\"https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\",\"US Government Resource\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T03:59:23.878Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-24117\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-11T23:56:32.550974Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-494\", \"description\": \"CWE-494 Download of Code Without Integrity Check\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-04-11T23:57:05.294Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"references\": [{\"url\": \"https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Certain General Electric Renewable Energy products download firmware without an integrity check. This affects iNET and iNET II before 8.3.0, SD before 6.4.7, TD220X before 2.0.16, and TD220MAX before 1.2.6.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2022-12-26T00:00:00.000Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2022-24117\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-04-11T23:58:41.486Z\", \"dateReserved\": \"2022-01-28T00:00:00.000Z\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2022-12-26T00:00:00.000Z\", \"assignerShortName\": \"mitre\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

GSD-2022-24117

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2022-24117

Aliases

CVE-2022-24117

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2022-24117",
    "id": "GSD-2022-24117"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-24117"
      ],
      "details": "Certain General Electric Renewable Energy products download firmware without an integrity check. This affects iNET and iNET II before 8.3.0, SD before 6.4.7, TD220X before 2.0.16, and TD220MAX before 1.2.6.",
      "id": "GSD-2022-24117",
      "modified": "2023-12-13T01:19:42.692832Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2022-24117",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "?",
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Certain General Electric Renewable Energy products download firmware without an integrity check. This affects iNET and iNET II before 8.3.0, SD before 6.4.7, TD220X before 2.0.16, and TD220MAX before 1.2.6."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06",
            "refsource": "MISC",
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:ge:inet_900_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "8.3.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:ge:inet_900:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:ge:inet_ii_900_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "8.3.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:ge:inet_ii_900:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:ge:sd1_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "6.4.7",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:ge:sd1:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:ge:sd2_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "6.4.7",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:ge:sd2:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:ge:sd4_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "6.4.7",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:ge:sd4:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:ge:sd9_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "6.4.7",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:ge:sd9:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:ge:td220max_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "1.2.6",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:ge:td220max:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:ge:td220x_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.0.16",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:ge:td220x:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2022-24117"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Certain General Electric Renewable Energy products download firmware without an integrity check. This affects iNET and iNET II before 8.3.0, SD before 6.4.7, TD220X before 2.0.16, and TD220MAX before 1.2.6."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-494"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2023-01-05T20:44Z",
      "publishedDate": "2022-12-26T05:15Z"
    }
  }
}

GHSA-99G2-72RH-XFMR

Vulnerability from github – Published: 2022-12-26 06:30 – Updated: 2023-01-05 21:30

Details

Severity ?

9.8 (Critical)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2022-24117"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-494"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-12-26T05:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "Certain General Electric Renewable Energy products download firmware without an integrity check. This affects iNET and iNET II before 8.3.0, SD before 6.4.7, TD220X before 2.0.16, and TD220MAX before 1.2.6.",
  "id": "GHSA-99g2-72rh-xfmr",
  "modified": "2023-01-05T21:30:16Z",
  "published": "2022-12-26T06:30:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24117"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2022-24117

Vulnerability from fkie_nvd - Published: 2022-12-26 05:15 - Updated: 2025-04-12 00:15

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	cve@mitre.org	https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06	Patch, Third Party Advisory, US Government Resource
	af854a3a-2127-422b-91ae-364da2661108	https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06	Patch, Third Party Advisory, US Government Resource

Impacted products

Vendor	Product	Version
ge	inet_900_firmware	*
ge	inet_900	-
ge	inet_ii_900_firmware	*
ge	inet_ii_900	-
ge	sd1_firmware	*
ge	sd1	-
ge	sd2_firmware	*
ge	sd2	-
ge	sd4_firmware	*
ge	sd4	-
ge	sd9_firmware	*
ge	sd9	-
ge	td220max_firmware	*
ge	td220max	-
ge	td220x_firmware	*
ge	td220x	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ge:inet_900_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "053CB7A9-6C3C-4304-816E-929D9214D85D",
              "versionEndExcluding": "8.3.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ge:inet_900:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B7ED1619-0B7A-47FA-A479-D04B11363773",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ge:inet_ii_900_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7C18050-4CC7-43BC-86C9-F60143AE66D8",
              "versionEndExcluding": "8.3.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ge:inet_ii_900:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0490A0F3-D9BA-48DD-9C4C-6397459E93C2",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ge:sd1_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFB6657B-94C3-428A-8C35-C86C8876AF73",
              "versionEndIncluding": "6.4.7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ge:sd1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "08EFCE64-2DF8-466D-989E-D8509F9DD314",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ge:sd2_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "42922AA6-50D7-449A-8C6E-28F0E50BA78F",
              "versionEndExcluding": "6.4.7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ge:sd2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4E7CB12-ACEC-4499-A743-57CF20829560",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ge:sd4_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BF373FE-4A12-4FC9-A758-00CF0DE29783",
              "versionEndExcluding": "6.4.7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ge:sd4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "62A537E3-613C-4211-9ED8-A002B1207A66",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ge:sd9_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "805F40B3-BA5F-4E61-97A0-B22F0D1A0E30",
              "versionEndExcluding": "6.4.7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ge:sd9:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2D3B5FC-2EE5-477A-AA63-7D4E1085B5EC",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ge:td220max_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D4E50AB-AC03-4A8F-8524-242CAA5C22C1",
              "versionEndExcluding": "1.2.6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ge:td220max:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5C8CC4F-FBB9-45F6-ABE6-23DB061646C1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ge:td220x_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "401DED9A-E36D-4FFA-A4A1-ACD1560B7A89",
              "versionEndExcluding": "2.0.16",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ge:td220x:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "352FB5AB-64AA-48DF-90B8-FF738790139D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Certain General Electric Renewable Energy products download firmware without an integrity check. This affects iNET and iNET II before 8.3.0, SD before 6.4.7, TD220X before 2.0.16, and TD220MAX before 1.2.6."
    },
    {
      "lang": "es",
      "value": "Ciertos productos de General Electric Renewable Energy descargan firmware sin una verificaci\u00f3n de integridad. Esto afecta a iNET e iNET II anteriores a 8.3.0, SD anteriores a 6.4.7, TD220X anteriores a 2.0.16 y TD220MAX anteriores a 1.2.6."
    }
  ],
  "id": "CVE-2022-24117",
  "lastModified": "2025-04-12T00:15:14.980",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2022-12-26T05:15:10.997",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-494"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-494"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

ICSA-22-090-06

Vulnerability from csaf_cisa - Published: 2022-03-31 00:00 - Updated: 2022-03-31 00:00

Summary

General Electric Renewable Energy MDS Radios

Notes

CISA Disclaimer

This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov

Legal Notice

All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.

Risk evaluation

Successful exploitation of these vulnerabilities could allow an attacker to control the configuration of the radio, join the network without proper authorization, or keep valid users from using the system correctly.

Critical infrastructure sectors

Communications, Critical Manufacturing, Energy, Healthcare and Public Health, Transportation Systems, Water and Wastewater Systems

Countries/areas deployed

Worldwide

Company headquarters location

United State

Recommended Practices

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerabilities. Specifically, users should:

Recommended Practices

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Recommended Practices

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on cisa.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies. Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.

Recommended Practices

CISA also recommends users take the following measures to protect themselves from social engineering attacks:

Exploitability

No known public exploits specifically target these vulnerabilities.

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "names": [
          "Reid Wightman"
        ],
        "organization": "Dragos",
        "summary": "reporting these vulnerabilities to GE"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://us-cert.cisa.gov/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
        "title": "CISA Disclaimer"
      },
      {
        "category": "legal_disclaimer",
        "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
        "title": "Legal Notice"
      },
      {
        "category": "summary",
        "text": "Successful exploitation of these vulnerabilities could allow an attacker to control the configuration of the radio, join the network without proper authorization, or keep valid users from using the system correctly.",
        "title": "Risk evaluation"
      },
      {
        "category": "other",
        "text": "Communications, Critical Manufacturing, Energy, Healthcare and Public Health, Transportation Systems, Water and Wastewater Systems",
        "title": "Critical infrastructure sectors"
      },
      {
        "category": "other",
        "text": "Worldwide",
        "title": "Countries/areas deployed"
      },
      {
        "category": "other",
        "text": "United State",
        "title": "Company headquarters location"
      },
      {
        "category": "general",
        "text": "CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerabilities. Specifically, users should:",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\nCISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on cisa.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA also recommends users take the following measures to protect themselves from social engineering attacks:",
        "title": "Recommended Practices"
      },
      {
        "category": "other",
        "text": "No known public exploits specifically target these vulnerabilities.",
        "title": "Exploitability"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-22-090-06 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2022/icsa-22-090-06.json"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-22-090-06 Web Version",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-090-06"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ncas/tips/ST04-014"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
      }
    ],
    "title": "General Electric Renewable Energy MDS Radios",
    "tracking": {
      "current_release_date": "2022-03-31T00:00:00.000000Z",
      "generator": {
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.0.0"
        }
      },
      "id": "ICSA-22-090-06",
      "initial_release_date": "2022-03-31T00:00:00.000000Z",
      "revision_history": [
        {
          "date": "2022-03-31T00:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "ICSA-22-090-06 GE Renewable Energy MDS Radios"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c  rev. 8.3.0",
                "product": {
                  "name": "iNET/iNET II series radio: firmware versions prior to rev. 8.3.0",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "iNET/iNET II series radio"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c  rev. 6.4.7",
                "product": {
                  "name": "SD series radio: firmware versions prior to rev. 6.4.7",
                  "product_id": "CSAFPID-0002"
                }
              }
            ],
            "category": "product_name",
            "name": "SD series radio"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c  rev. 1.2.6",
                "product": {
                  "name": "TD220MAX series radio: firmware versions prior to rev. 1.2.6",
                  "product_id": "CSAFPID-0003"
                }
              }
            ],
            "category": "product_name",
            "name": "TD220MAX series radio"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c  rev. 2.0.16",
                "product": {
                  "name": "TD220X series radio: firmware versions prior to rev. 2.0.16",
                  "product_id": "CSAFPID-0004"
                }
              }
            ],
            "category": "product_name",
            "name": "TD220X series radio"
          }
        ],
        "category": "vendor",
        "name": "General Electric (GE)"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2017-17562",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "This previously disclosed vulnerability in the GoAhead Webserver may allow remote code execution in iNET/iNET II, TD220X, and TD220MAX series radios.CVE-2017-17562 has been assigned to this vulnerability. A CVSS v3 base score of 10.0 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17562"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "iNET/iNET II series radio firmware rev.8.3.0",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ],
          "url": "https://www.gegridsolutions.com/app/resources.aspx?prod=iNETII\u0026type=21"
        },
        {
          "category": "mitigation",
          "details": "SD series radio firmware rev. 6.4.7",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ],
          "url": "https://www.gegridsolutions.com/app/resources.aspx?prod=SDseries\u0026type=21"
        },
        {
          "category": "vendor_fix",
          "details": "TD220X series radio firmware rev. 2.0.16",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ],
          "url": "https://www.gegridsolutions.com/app/resources.aspx?prod=td-series\u0026type=21"
        },
        {
          "category": "mitigation",
          "details": "TD220MAX series radio firmware rev. 1.2.6",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ],
          "url": "https://www.gegridsolutions.com/app/resources.aspx?prod=td-series\u0026type=21"
        },
        {
          "category": "mitigation",
          "details": "GE also recommends the use of other protections inside the radio such as MAC address allow-listing, IEEE 802.1x authentication, or encrypt traffic at the application level with protocols such as HTTPS or SSH. GE provides additional mitigations and information about these vulnerabilities in GE publication number: GES-2021-18 TD220 - GES-2021-17 iNET - GES-2021-16",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ],
          "url": "https://www.gegridsolutions.com/communications/wireless.htm"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 10.0,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2022-24119",
      "cwe": {
        "id": "CWE-912",
        "name": "Hidden Functionality"
      },
      "notes": [
        {
          "category": "summary",
          "text": "iNET/iNET II series radios allow unauthenticated local and network access to the device configuration shell.CVE-2022-24119 has been assigned to this vulnerability. A CVSS v3 base score of 10.0 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-24119"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "iNET/iNET II series radio firmware rev.8.3.0",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ],
          "url": "https://www.gegridsolutions.com/app/resources.aspx?prod=iNETII\u0026type=21"
        },
        {
          "category": "mitigation",
          "details": "SD series radio firmware rev. 6.4.7",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ],
          "url": "https://www.gegridsolutions.com/app/resources.aspx?prod=SDseries\u0026type=21"
        },
        {
          "category": "vendor_fix",
          "details": "TD220X series radio firmware rev. 2.0.16",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ],
          "url": "https://www.gegridsolutions.com/app/resources.aspx?prod=td-series\u0026type=21"
        },
        {
          "category": "mitigation",
          "details": "TD220MAX series radio firmware rev. 1.2.6",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ],
          "url": "https://www.gegridsolutions.com/app/resources.aspx?prod=td-series\u0026type=21"
        },
        {
          "category": "mitigation",
          "details": "GE also recommends the use of other protections inside the radio such as MAC address allow-listing, IEEE 802.1x authentication, or encrypt traffic at the application level with protocols such as HTTPS or SSH. GE provides additional mitigations and information about these vulnerabilities in GE publication number: GES-2021-18 TD220 - GES-2021-17 iNET - GES-2021-16",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ],
          "url": "https://www.gegridsolutions.com/communications/wireless.htm"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 10.0,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2022-24116",
      "cwe": {
        "id": "CWE-326",
        "name": "Inadequate Encryption Strength"
      },
      "notes": [
        {
          "category": "summary",
          "text": "This vulnerability identifies a weakness in the wireless security software and chipset implementations in iNET/iNET II series radios.CVE-2022-24116 has been assigned to this vulnerability. A CVSS v3 base score of 8.0 has been calculated; the CVSS vector string is (AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-24116"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "iNET/iNET II series radio firmware rev.8.3.0",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ],
          "url": "https://www.gegridsolutions.com/app/resources.aspx?prod=iNETII\u0026type=21"
        },
        {
          "category": "mitigation",
          "details": "SD series radio firmware rev. 6.4.7",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ],
          "url": "https://www.gegridsolutions.com/app/resources.aspx?prod=SDseries\u0026type=21"
        },
        {
          "category": "vendor_fix",
          "details": "TD220X series radio firmware rev. 2.0.16",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ],
          "url": "https://www.gegridsolutions.com/app/resources.aspx?prod=td-series\u0026type=21"
        },
        {
          "category": "mitigation",
          "details": "TD220MAX series radio firmware rev. 1.2.6",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ],
          "url": "https://www.gegridsolutions.com/app/resources.aspx?prod=td-series\u0026type=21"
        },
        {
          "category": "mitigation",
          "details": "GE also recommends the use of other protections inside the radio such as MAC address allow-listing, IEEE 802.1x authentication, or encrypt traffic at the application level with protocols such as HTTPS or SSH. GE provides additional mitigations and information about these vulnerabilities in GE publication number: GES-2021-18 TD220 - GES-2021-17 iNET - GES-2021-16",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ],
          "url": "https://www.gegridsolutions.com/communications/wireless.htm"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.0,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2022-24118",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A feature can allow the use of an authentication code to cause iNET/iNET II, SD, TD220X, and TD220MAX series radios to reset back to the factory default configuration and reboot.CVE-2022-24118 has been assigned to this vulnerability. A CVSS v3 base score of 6.8 has been calculated; the CVSS vector string is (AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-24118"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "iNET/iNET II series radio firmware rev.8.3.0",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ],
          "url": "https://www.gegridsolutions.com/app/resources.aspx?prod=iNETII\u0026type=21"
        },
        {
          "category": "mitigation",
          "details": "SD series radio firmware rev. 6.4.7",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ],
          "url": "https://www.gegridsolutions.com/app/resources.aspx?prod=SDseries\u0026type=21"
        },
        {
          "category": "vendor_fix",
          "details": "TD220X series radio firmware rev. 2.0.16",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ],
          "url": "https://www.gegridsolutions.com/app/resources.aspx?prod=td-series\u0026type=21"
        },
        {
          "category": "mitigation",
          "details": "TD220MAX series radio firmware rev. 1.2.6",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ],
          "url": "https://www.gegridsolutions.com/app/resources.aspx?prod=td-series\u0026type=21"
        },
        {
          "category": "mitigation",
          "details": "GE also recommends the use of other protections inside the radio such as MAC address allow-listing, IEEE 802.1x authentication, or encrypt traffic at the application level with protocols such as HTTPS or SSH. GE provides additional mitigations and information about these vulnerabilities in GE publication number: GES-2021-18 TD220 - GES-2021-17 iNET - GES-2021-16",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ],
          "url": "https://www.gegridsolutions.com/communications/wireless.htm"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2022-24120",
      "cwe": {
        "id": "CWE-256",
        "name": "Plaintext Storage of a Password"
      },
      "notes": [
        {
          "category": "summary",
          "text": "iNET and iNET II series radios store credentials in plaintext on the system flash memory.CVE-2022-24120 has been assigned to this vulnerability. A CVSS v3 base score of 6.8 has been calculated; the CVSS vector string is (AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-24120"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "iNET/iNET II series radio firmware rev.8.3.0",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ],
          "url": "https://www.gegridsolutions.com/app/resources.aspx?prod=iNETII\u0026type=21"
        },
        {
          "category": "mitigation",
          "details": "SD series radio firmware rev. 6.4.7",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ],
          "url": "https://www.gegridsolutions.com/app/resources.aspx?prod=SDseries\u0026type=21"
        },
        {
          "category": "vendor_fix",
          "details": "TD220X series radio firmware rev. 2.0.16",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ],
          "url": "https://www.gegridsolutions.com/app/resources.aspx?prod=td-series\u0026type=21"
        },
        {
          "category": "mitigation",
          "details": "TD220MAX series radio firmware rev. 1.2.6",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ],
          "url": "https://www.gegridsolutions.com/app/resources.aspx?prod=td-series\u0026type=21"
        },
        {
          "category": "mitigation",
          "details": "GE also recommends the use of other protections inside the radio such as MAC address allow-listing, IEEE 802.1x authentication, or encrypt traffic at the application level with protocols such as HTTPS or SSH. GE provides additional mitigations and information about these vulnerabilities in GE publication number: GES-2021-18 TD220 - GES-2021-17 iNET - GES-2021-16",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ],
          "url": "https://www.gegridsolutions.com/communications/wireless.htm"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2022-24117",
      "cwe": {
        "id": "CWE-494",
        "name": "Download of Code Without Integrity Check"
      },
      "notes": [
        {
          "category": "summary",
          "text": "There is no cryptographic signature to verify authenticity of firmware.CVE-2022-24117 has been assigned to this vulnerability. A CVSS v3 base score of 8.4 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-24117"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "iNET/iNET II series radio firmware rev.8.3.0",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ],
          "url": "https://www.gegridsolutions.com/app/resources.aspx?prod=iNETII\u0026type=21"
        },
        {
          "category": "mitigation",
          "details": "SD series radio firmware rev. 6.4.7",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ],
          "url": "https://www.gegridsolutions.com/app/resources.aspx?prod=SDseries\u0026type=21"
        },
        {
          "category": "vendor_fix",
          "details": "TD220X series radio firmware rev. 2.0.16",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ],
          "url": "https://www.gegridsolutions.com/app/resources.aspx?prod=td-series\u0026type=21"
        },
        {
          "category": "mitigation",
          "details": "TD220MAX series radio firmware rev. 1.2.6",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ],
          "url": "https://www.gegridsolutions.com/app/resources.aspx?prod=td-series\u0026type=21"
        },
        {
          "category": "mitigation",
          "details": "GE also recommends the use of other protections inside the radio such as MAC address allow-listing, IEEE 802.1x authentication, or encrypt traffic at the application level with protocols such as HTTPS or SSH. GE provides additional mitigations and information about these vulnerabilities in GE publication number: GES-2021-18 TD220 - GES-2021-17 iNET - GES-2021-16",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ],
          "url": "https://www.gegridsolutions.com/communications/wireless.htm"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ]
        }
      ]
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2022-24117 (GCVE-0-2022-24117)

GSD-2022-24117

GHSA-99G2-72RH-XFMR

FKIE_CVE-2022-24117

ICSA-22-090-06

Tags

Sightings

Nomenclature