Vulnerability in Ge Inet_900
CVE-2022-24117
Certain General Electric Renewable Energy products download firmware without an integrity check. This affects iNET and iNET II before 8.3.0, SD before 6.4.7, TD220X before 2.0.16, and TD220MAX before 1.2.6.
EPSS: 0.004 (27.2th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.
Affected products
Weakness classification (CWE)
References
- cve@mitre.org (US Government Resource, Patch, Third Party Advisory)
Frequently asked questions
- What is CVE-2022-24117?
- CVE-2022-24117 is a critical-severity vulnerability in Ge Inet_900, classified under Download of Code Without Integrity Check. CVSS score: 9.8/10. Published 2022-12-26.
- How severe is CVE-2022-24117?
- Critical severity. CVSS v3 base score is 9.8 out of 10.