Vulnerabilities > CVE-2022-24119 - Inclusion of Functionality from Untrusted Control Sphere vulnerability in GE products

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

CWE-829

critical

NVD

Published: 2022-12-26

Updated: 2023-01-05

Summary

Certain General Electric Renewable Energy products have a hidden feature for unauthenticated remote access to the device configuration shell. This affects iNET and iNET II before 8.3.0.

Vulnerable Configurations

Part	Description	Count
OS	Ge GE Inet 900 Firmware - GE Inet II 900 Firmware - GE SD1 Firmware - GE SD1 Firmware 6.4.7 GE SD2 Firmware - GE SD4 Firmware - GE SD9 Firmware - GE Td220Max Firmware - GE Td220X Firmware -	9
Hardware	Ge GE Inet 900 - GE Inet II 900 - GE SD1 - GE SD2 - GE SD4 - GE SD9 - GE Td220Max - GE Td220X -	8

Common Weakness Enumeration (CWE)

CWE-829 - Inclusion of Functionality from Untrusted Control Sphere

References

https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06