CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-43494
https://notcve.org/view.php?id=CVE-2022-43494
17 Jan 2023 — An unauthorized user could be able to read any file on the system, potentially exposing sensitive information. • https://digitalsupport.ge.com/s/article/GE-Digital-Product-Security-Advisory-GED-23-01 • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-46660
https://notcve.org/view.php?id=CVE-2022-46660
17 Jan 2023 — An unauthorized user could alter or write files with full control over the path and content of the file. • https://digitalsupport.ge.com/s/article/GE-Digital-Product-Security-Advisory-GED-23-01 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-46732 – CVE-2022-46732
https://notcve.org/view.php?id=CVE-2022-46732
17 Jan 2023 — Even if the authentication fails for local service authentication, the requested command could still execute regardless of authentication status. • https://digitalsupport.ge.com/s/article/GE-Digital-Product-Security-Advisory-GED-23-01 • CWE-306: Missing Authentication for Critical Function •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-43976
https://notcve.org/view.php?id=CVE-2022-43976
17 Jan 2023 — An issue was discovered in FC46-WebBridge on GE Grid Solutions MS3000 devices before 3.7.6.25p0_3.2.2.17p0_4.7p0. Direct access to the API is possible on TCP port 8888 via programs located in the cgi-bin folder without any authentication. • https://wid.cert-bund.de/.well-known/csaf/white/2022/bsi-2022-0005.json •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-43975
https://notcve.org/view.php?id=CVE-2022-43975
17 Jan 2023 — An issue was discovered in FC46-WebBridge on GE Grid Solutions MS3000 devices before 3.7.6.25p0_3.2.2.17p0_4.7p0. A vulnerability in the web server allows arbitrary files and configurations to be read via directory traversal over TCP port 8888. • https://wid.cert-bund.de/.well-known/csaf/white/2022/bsi-2022-0005.json • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-43977
https://notcve.org/view.php?id=CVE-2022-43977
17 Jan 2023 — An issue was discovered on GE Grid Solutions MS3000 devices before 3.7.6.25p0_3.2.2.17p0_4.7p0. The debug port accessible via TCP (a qconn service) lacks access control. • https://wid.cert-bund.de/.well-known/csaf/white/2022/bsi-2022-0005.json •
CVSS: 10.0EPSS: 0%CPEs: 16EXPL: 0CVE-2022-24117
https://notcve.org/view.php?id=CVE-2022-24117
26 Dec 2022 — Certain General Electric Renewable Energy products download firmware without an integrity check. This affects iNET and iNET II before 8.3.0, SD before 6.4.7, TD220X before 2.0.16, and TD220MAX before 1.2.6. Ciertos productos de General Electric Renewable Energy descargan firmware sin una verificación de integridad. Esto afecta a iNET e iNET II anteriores a 8.3.0, SD anteriores a 6.4.7, TD220X anteriores a 2.0.16 y TD220MAX anteriores a 1.2.6. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06 • CWE-494: Download of Code Without Integrity Check •
CVSS: 10.0EPSS: 0%CPEs: 16EXPL: 0CVE-2022-24116
https://notcve.org/view.php?id=CVE-2022-24116
26 Dec 2022 — Certain General Electric Renewable Energy products have inadequate encryption strength. This affects iNET and iNET II before 8.3.0. Ciertos productos de General Electric Renewable Energy tienen una potencia de cifrado inadecuada. Esto afecta a iNET e iNET II anteriores a 8.3.0. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06 • CWE-326: Inadequate Encryption Strength •
CVSS: 10.0EPSS: 0%CPEs: 16EXPL: 0CVE-2022-24119
https://notcve.org/view.php?id=CVE-2022-24119
26 Dec 2022 — Certain General Electric Renewable Energy products have a hidden feature for unauthenticated remote access to the device configuration shell. This affects iNET and iNET II before 8.3.0. Ciertos productos de General Electric Renewable Energy tienen una función oculta para el acceso remoto no autenticado al shell de configuración del dispositivo. Esto afecta a iNET e iNET II anteriores a 8.3.0. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06 • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 9.4EPSS: 0%CPEs: 16EXPL: 0CVE-2022-24118
https://notcve.org/view.php?id=CVE-2022-24118
26 Dec 2022 — Certain General Electric Renewable Energy products allow attackers to use a code to trigger a reboot into the factory default configuration. This affects iNET and iNET II before 8.3.0, SD before 6.4.7, TD220X before 2.0.16, and TD220MAX before 1.2.6. Ciertos productos de General Electric Renewable Energy permiten a los atacantes utilizar un código para activar un reinicio en la configuración predeterminada de fábrica. Esto afecta a iNET e iNET II anteriores a 8.3.0, SD anteriores a 6.4.7, TD220X anteriores ... • https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06 • CWE-400: Uncontrolled Resource Consumption •