CVE-2022-24118

moderate-risk
Published 2022-12-26

Certain General Electric Renewable Energy products allow attackers to use a code to trigger a reboot into the factory default configuration. This affects iNET and iNET II before 8.3.0, SD before 6.4.7, TD220X before 2.0.16, and TD220MAX before 1.2.6.

Do I need to act?

-
0.26% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.1/10 Critical
NETWORK / LOW complexity

Affected Products (8)

Inet 900 Firmware
Inet Ii 900 Firmware
Sd1 Firmware
Sd2 Firmware
Sd4 Firmware
Sd9 Firmware
Td220Max Firmware
Td220X Firmware

Affected Vendors

Ge

References (2)

Patch https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06
Patch https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06
46
/ 100
moderate-risk
Severity 31/34 · Critical
Exploitability 1/34 · Minimal
Exposure 14/34 · Moderate