CRITICAL🇵🇱 Wersja polska

CVE-2022-24117

CVSS 9.8v3.1pub. 2022-12-26upd. 2025-04-12

Certain General Electric Renewable Energy products download firmware without an integrity check. This affects iNET and iNET II before 8.3.0, SD before 6.4.7, TD220X before 2.0.16, and TD220MAX before 1.2.6.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Ge Inet 900

    HW
    Ge
    wszystkie wersje
  • Ge Inet 900 Firmware

    OS
    Ge
    < 8.3.0
  • Ge Inet Ii 900

    HW
    Ge
    wszystkie wersje
  • Ge Inet Ii 900 Firmware

    OS
    Ge
    < 8.3.0
  • Ge Sd1

    HW
    Ge
    wszystkie wersje
  • Ge Sd1 Firmware

    OS
    Ge
    ≤ 6.4.7
  • Ge Sd2

    HW
    Ge
    wszystkie wersje
  • Ge Sd2 Firmware

    OS
    Ge
    < 6.4.7
  • Ge Sd4

    HW
    Ge
    wszystkie wersje
  • Ge Sd4 Firmware

    OS
    Ge
    < 6.4.7
  • Ge Sd9

    HW
    Ge
    wszystkie wersje
  • Ge Sd9 Firmware

    OS
    Ge
    < 6.4.7
  • Ge Td220max

    HW
    Ge
    wszystkie wersje
  • Ge Td220max Firmware

    OS
    Ge
    < 1.2.6
  • Ge Td220x

    HW
    Ge
    wszystkie wersje
  • Ge Td220x Firmware

    OS
    Ge
    < 2.0.16
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2022-24116CRITICAL9.8ten sam produkt

Certain General Electric Renewable Energy products have inadequate encryption strength. This affects iNET and ...

CVE-2022-24118CRITICAL9.1ten sam produkt

Certain General Electric Renewable Energy products allow attackers to use a code to trigger a reboot into the ...

CVE-2022-24119CRITICAL9.8ten sam produkt

Certain General Electric Renewable Energy products have a hidden feature for unauthenticated remote access to ...

CVE-2022-24120MEDIUM4.6ten sam produkt

Certain General Electric Renewable Energy products store cleartext credentials in flash memory. This affects i...

CVE-2023-5908CRITICAL9.1PL ✓ten sam vendor

Buffer overflow w KEPServerEX umożliwiający crash lub wyciek danych