Vulnerability in Ge Inet_900

CVE-2022-24117

Certain General Electric Renewable Energy products download firmware without an integrity check. This affects iNET and iNET II before 8.3.0, SD before 6.4.7, TD220X before 2.0.16, and TD220MAX before 1.2.6.

EPSS: 0.004 (27.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Weakness classification (CWE)

References

  • cve@mitre.org (US Government Resource, Patch, Third Party Advisory)

Frequently asked questions

What is CVE-2022-24117?
CVE-2022-24117 is a critical-severity vulnerability in Ge Inet_900, classified under Download of Code Without Integrity Check. CVSS score: 9.8/10. Published 2022-12-26.
How severe is CVE-2022-24117?
Critical severity. CVSS v3 base score is 9.8 out of 10.