Vulnerabilities > GE > SD2 Firmware > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-12-26 CVE-2022-24119 Inclusion of Functionality from Untrusted Control Sphere vulnerability in GE products
Certain General Electric Renewable Energy products have a hidden feature for unauthenticated remote access to the device configuration shell.
network
low complexity
ge CWE-829
critical
9.8
2022-12-26 CVE-2022-24118 Resource Exhaustion vulnerability in GE products
Certain General Electric Renewable Energy products allow attackers to use a code to trigger a reboot into the factory default configuration.
network
low complexity
ge CWE-400
critical
9.1
2022-12-26 CVE-2022-24117 Download of Code Without Integrity Check vulnerability in GE products
Certain General Electric Renewable Energy products download firmware without an integrity check.
network
low complexity
ge CWE-494
critical
9.8
2022-12-26 CVE-2022-24116 Inadequate Encryption Strength vulnerability in GE products
Certain General Electric Renewable Energy products have inadequate encryption strength.
network
low complexity
ge CWE-326
critical
9.8