CVE-2022-24119

moderate-risk
Published 2022-12-26

Certain General Electric Renewable Energy products have a hidden feature for unauthenticated remote access to the device configuration shell. This affects iNET and iNET II before 8.3.0.

Do I need to act?

-
0.35% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (8)

Inet 900 Firmware
Inet Ii 900 Firmware
Sd1 Firmware
Sd2 Firmware
Sd4 Firmware
Sd9 Firmware
Td220Max Firmware
Td220X Firmware

Affected Vendors

Ge

References (2)

Patch https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06
Patch https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06
47
/ 100
moderate-risk
Severity 32/34 · Critical
Exploitability 1/34 · Minimal
Exposure 14/34 · Moderate