Vulnerability Details : CVE-2022-24119
Certain General Electric Renewable Energy products have a hidden feature for unauthenticated remote access to the device configuration shell. This affects iNET and iNET II before 8.3.0.
Vulnerability category: File inclusion
Products affected by CVE-2022-24119
- cpe:2.3:o:ge:inet_900_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:ge:inet_ii_900_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:ge:sd1_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:ge:sd2_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:ge:sd4_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:ge:sd9_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:ge:td220max_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:ge:td220x_firmware:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-24119
0.19%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 57 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-24119
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2022-24119
-
The product imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere.Assigned by: nvd@nist.gov (Primary)
References for CVE-2022-24119
-
https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06
General Electric Renewable Energy MDS Radios | CISAPatch;Third Party Advisory;US Government Resource
Jump to