CVE-2022-24120
Severity Score
4.6
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Certain General Electric Renewable Energy products store cleartext credentials in flash memory. This affects iNET and iNET II before 8.3.0.
Ciertos productos de General Electric Renewable Energy almacenan credenciales de texto plano en la memoria flash. Esto afecta a iNET e iNET II anteriores a 8.3.0.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-01-28 CVE Reserved
- 2022-12-26 CVE Published
- 2024-08-03 CVE Updated
- 2024-12-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-312: Cleartext Storage of Sensitive Information
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06 | 2023-01-05 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Ge Search vendor "Ge" | Inet 900 Firmware Search vendor "Ge" for product "Inet 900 Firmware" | < 8.3.0 Search vendor "Ge" for product "Inet 900 Firmware" and version " < 8.3.0" | - |
Affected
| in | Ge Search vendor "Ge" | Inet 900 Search vendor "Ge" for product "Inet 900" | - | - |
Safe
|
| Ge Search vendor "Ge" | Inet Ii 900 Firmware Search vendor "Ge" for product "Inet Ii 900 Firmware" | < 8.3.0 Search vendor "Ge" for product "Inet Ii 900 Firmware" and version " < 8.3.0" | - |
Affected
| in | Ge Search vendor "Ge" | Inet Ii 900 Search vendor "Ge" for product "Inet Ii 900" | - | - |
Safe
|
| Ge Search vendor "Ge" | Sd1 Firmware Search vendor "Ge" for product "Sd1 Firmware" | <= 6.4.7 Search vendor "Ge" for product "Sd1 Firmware" and version " <= 6.4.7" | - |
Affected
| in | Ge Search vendor "Ge" | Sd1 Search vendor "Ge" for product "Sd1" | - | - |
Safe
|
| Ge Search vendor "Ge" | Sd2 Firmware Search vendor "Ge" for product "Sd2 Firmware" | < 6.4.7 Search vendor "Ge" for product "Sd2 Firmware" and version " < 6.4.7" | - |
Affected
| in | Ge Search vendor "Ge" | Sd2 Search vendor "Ge" for product "Sd2" | - | - |
Safe
|
| Ge Search vendor "Ge" | Sd4 Firmware Search vendor "Ge" for product "Sd4 Firmware" | < 6.4.7 Search vendor "Ge" for product "Sd4 Firmware" and version " < 6.4.7" | - |
Affected
| in | Ge Search vendor "Ge" | Sd4 Search vendor "Ge" for product "Sd4" | - | - |
Safe
|
| Ge Search vendor "Ge" | Sd9 Firmware Search vendor "Ge" for product "Sd9 Firmware" | < 6.4.7 Search vendor "Ge" for product "Sd9 Firmware" and version " < 6.4.7" | - |
Affected
| in | Ge Search vendor "Ge" | Sd9 Search vendor "Ge" for product "Sd9" | - | - |
Safe
|
| Ge Search vendor "Ge" | Td220max Firmware Search vendor "Ge" for product "Td220max Firmware" | < 1.2.6 Search vendor "Ge" for product "Td220max Firmware" and version " < 1.2.6" | - |
Affected
| in | Ge Search vendor "Ge" | Td220max Search vendor "Ge" for product "Td220max" | - | - |
Safe
|
| Ge Search vendor "Ge" | Td220x Firmware Search vendor "Ge" for product "Td220x Firmware" | < 2.0.16 Search vendor "Ge" for product "Td220x Firmware" and version " < 2.0.16" | - |
Affected
| in | Ge Search vendor "Ge" | Td220x Search vendor "Ge" for product "Td220x" | - | - |
Safe
|