CVSS: 10.0EPSS: 0%CPEs: 16EXPL: 0CVE-2022-24117
https://notcve.org/view.php?id=CVE-2022-24117
26 Dec 2022 — Certain General Electric Renewable Energy products download firmware without an integrity check. This affects iNET and iNET II before 8.3.0, SD before 6.4.7, TD220X before 2.0.16, and TD220MAX before 1.2.6. Ciertos productos de General Electric Renewable Energy descargan firmware sin una verificación de integridad. Esto afecta a iNET e iNET II anteriores a 8.3.0, SD anteriores a 6.4.7, TD220X anteriores a 2.0.16 y TD220MAX anteriores a 1.2.6. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06 • CWE-494: Download of Code Without Integrity Check •
CVSS: 10.0EPSS: 0%CPEs: 16EXPL: 0CVE-2022-24116
https://notcve.org/view.php?id=CVE-2022-24116
26 Dec 2022 — Certain General Electric Renewable Energy products have inadequate encryption strength. This affects iNET and iNET II before 8.3.0. Ciertos productos de General Electric Renewable Energy tienen una potencia de cifrado inadecuada. Esto afecta a iNET e iNET II anteriores a 8.3.0. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06 • CWE-326: Inadequate Encryption Strength •
CVSS: 10.0EPSS: 0%CPEs: 16EXPL: 0CVE-2022-24119
https://notcve.org/view.php?id=CVE-2022-24119
26 Dec 2022 — Certain General Electric Renewable Energy products have a hidden feature for unauthenticated remote access to the device configuration shell. This affects iNET and iNET II before 8.3.0. Ciertos productos de General Electric Renewable Energy tienen una función oculta para el acceso remoto no autenticado al shell de configuración del dispositivo. Esto afecta a iNET e iNET II anteriores a 8.3.0. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06 • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 9.4EPSS: 0%CPEs: 16EXPL: 0CVE-2022-24118
https://notcve.org/view.php?id=CVE-2022-24118
26 Dec 2022 — Certain General Electric Renewable Energy products allow attackers to use a code to trigger a reboot into the factory default configuration. This affects iNET and iNET II before 8.3.0, SD before 6.4.7, TD220X before 2.0.16, and TD220MAX before 1.2.6. Ciertos productos de General Electric Renewable Energy permiten a los atacantes utilizar un código para activar un reinicio en la configuración predeterminada de fábrica. Esto afecta a iNET e iNET II anteriores a 8.3.0, SD anteriores a 6.4.7, TD220X anteriores ... • https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 4.9EPSS: 0%CPEs: 16EXPL: 0CVE-2022-24120
https://notcve.org/view.php?id=CVE-2022-24120
26 Dec 2022 — Certain General Electric Renewable Energy products store cleartext credentials in flash memory. This affects iNET and iNET II before 8.3.0. Ciertos productos de General Electric Renewable Energy almacenan credenciales de texto plano en la memoria flash. Esto afecta a iNET e iNET II anteriores a 8.3.0. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06 • CWE-312: Cleartext Storage of Sensitive Information •