Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2022-24120 (GCVE-0-2022-24120)
Vulnerability from cvelistv5 – Published: 2022-12-26 00:00 – Updated: 2025-04-11 23:31
VLAI
EPSS
Summary
Certain General Electric Renewable Energy products store cleartext credentials in flash memory. This affects iNET and iNET II before 8.3.0.
Severity
4.6 (Medium)
CWE
- n/a
Assigner
References
1 reference
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:59:23.734Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-24120",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-11T23:29:46.144570Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "CWE-312 Cleartext Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-11T23:31:04.226Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Certain General Electric Renewable Energy products store cleartext credentials in flash memory. This affects iNET and iNET II before 8.3.0."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-26T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-24120",
"datePublished": "2022-12-26T00:00:00.000Z",
"dateReserved": "2022-01-28T00:00:00.000Z",
"dateUpdated": "2025-04-11T23:31:04.226Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2022-24120",
"date": "2026-05-27",
"epss": "0.00047",
"percentile": "0.14585"
},
"fkie_nvd": {
"configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:ge:inet_900_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"8.3.0\", \"matchCriteriaId\": \"053CB7A9-6C3C-4304-816E-929D9214D85D\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:ge:inet_900:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B7ED1619-0B7A-47FA-A479-D04B11363773\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:ge:inet_ii_900_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"8.3.0\", \"matchCriteriaId\": \"D7C18050-4CC7-43BC-86C9-F60143AE66D8\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:ge:inet_ii_900:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0490A0F3-D9BA-48DD-9C4C-6397459E93C2\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:ge:sd1_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"6.4.7\", \"matchCriteriaId\": \"DFB6657B-94C3-428A-8C35-C86C8876AF73\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:ge:sd1:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"08EFCE64-2DF8-466D-989E-D8509F9DD314\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:ge:sd2_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"6.4.7\", \"matchCriteriaId\": \"42922AA6-50D7-449A-8C6E-28F0E50BA78F\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:ge:sd2:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F4E7CB12-ACEC-4499-A743-57CF20829560\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:ge:sd4_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"6.4.7\", \"matchCriteriaId\": \"1BF373FE-4A12-4FC9-A758-00CF0DE29783\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:ge:sd4:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"62A537E3-613C-4211-9ED8-A002B1207A66\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:ge:sd9_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"6.4.7\", \"matchCriteriaId\": \"805F40B3-BA5F-4E61-97A0-B22F0D1A0E30\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:ge:sd9:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B2D3B5FC-2EE5-477A-AA63-7D4E1085B5EC\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:ge:td220max_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.2.6\", \"matchCriteriaId\": \"7D4E50AB-AC03-4A8F-8524-242CAA5C22C1\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:ge:td220max:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E5C8CC4F-FBB9-45F6-ABE6-23DB061646C1\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:ge:td220x_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.0.16\", \"matchCriteriaId\": \"401DED9A-E36D-4FFA-A4A1-ACD1560B7A89\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:ge:td220x:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"352FB5AB-64AA-48DF-90B8-FF738790139D\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Certain General Electric Renewable Energy products store cleartext credentials in flash memory. This affects iNET and iNET II before 8.3.0.\"}, {\"lang\": \"es\", \"value\": \"Ciertos productos de General Electric Renewable Energy almacenan credenciales de texto plano en la memoria flash. Esto afecta a iNET e iNET II anteriores a 8.3.0.\"}]",
"id": "CVE-2022-24120",
"lastModified": "2024-11-21T06:49:50.863",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 4.6, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"PHYSICAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 0.9, \"impactScore\": 3.6}]}",
"published": "2022-12-26T05:15:11.207",
"references": "[{\"url\": \"https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\", \"US Government Resource\"]}]",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-312\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2022-24120\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2022-12-26T05:15:11.207\",\"lastModified\":\"2025-04-12T00:15:16.340\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Certain General Electric Renewable Energy products store cleartext credentials in flash memory. This affects iNET and iNET II before 8.3.0.\"},{\"lang\":\"es\",\"value\":\"Ciertos productos de General Electric Renewable Energy almacenan credenciales de texto plano en la memoria flash. Esto afecta a iNET e iNET II anteriores a 8.3.0.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":4.6,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"PHYSICAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":0.9,\"impactScore\":3.6},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":4.6,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"PHYSICAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":0.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-312\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-312\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ge:inet_900_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"8.3.0\",\"matchCriteriaId\":\"053CB7A9-6C3C-4304-816E-929D9214D85D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ge:inet_900:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B7ED1619-0B7A-47FA-A479-D04B11363773\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ge:inet_ii_900_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"8.3.0\",\"matchCriteriaId\":\"D7C18050-4CC7-43BC-86C9-F60143AE66D8\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ge:inet_ii_900:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0490A0F3-D9BA-48DD-9C4C-6397459E93C2\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ge:sd1_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"6.4.7\",\"matchCriteriaId\":\"DFB6657B-94C3-428A-8C35-C86C8876AF73\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ge:sd1:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"08EFCE64-2DF8-466D-989E-D8509F9DD314\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ge:sd2_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"6.4.7\",\"matchCriteriaId\":\"42922AA6-50D7-449A-8C6E-28F0E50BA78F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ge:sd2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4E7CB12-ACEC-4499-A743-57CF20829560\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ge:sd4_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"6.4.7\",\"matchCriteriaId\":\"1BF373FE-4A12-4FC9-A758-00CF0DE29783\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ge:sd4:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"62A537E3-613C-4211-9ED8-A002B1207A66\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ge:sd9_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"6.4.7\",\"matchCriteriaId\":\"805F40B3-BA5F-4E61-97A0-B22F0D1A0E30\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ge:sd9:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B2D3B5FC-2EE5-477A-AA63-7D4E1085B5EC\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ge:td220max_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.2.6\",\"matchCriteriaId\":\"7D4E50AB-AC03-4A8F-8524-242CAA5C22C1\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ge:td220max:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E5C8CC4F-FBB9-45F6-ABE6-23DB061646C1\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ge:td220x_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.0.16\",\"matchCriteriaId\":\"401DED9A-E36D-4FFA-A4A1-ACD1560B7A89\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ge:td220x:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"352FB5AB-64AA-48DF-90B8-FF738790139D\"}]}]}],\"references\":[{\"url\":\"https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\",\"US Government Resource\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T03:59:23.734Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 4.6, \"attackVector\": \"PHYSICAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-24120\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-11T23:29:46.144570Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-312\", \"description\": \"CWE-312 Cleartext Storage of Sensitive Information\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-04-11T23:30:17.168Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"references\": [{\"url\": \"https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Certain General Electric Renewable Energy products store cleartext credentials in flash memory. This affects iNET and iNET II before 8.3.0.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2022-12-26T00:00:00.000Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2022-24120\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-04-11T23:31:04.226Z\", \"dateReserved\": \"2022-01-28T00:00:00.000Z\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2022-12-26T00:00:00.000Z\", \"assignerShortName\": \"mitre\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
BDU:2022-04711
Vulnerability from fstec - Published: 31.03.2022
VLAI
Title
Уязвимость микропрограммного обеспечения промышленного программно-аппаратного оборудования General Electric Renewable Energy iNET и iNET II, связанная с хранением паролей в незашифрованном виде, позволяющая нарушителю просмотреть содержимое файла конфигурации и получить доступ к паролям
Description
Уязвимость микропрограммного обеспечения промышленного программно-аппаратного оборудования General Electric Renewable Energy iNET и iNET II связана с хранением паролей в незашифрованном виде. Эксплуатация уязвимости может позволить нарушителю просмотреть содержимое файла конфигурации и получить доступ к паролям
Severity
Vendor
General Electric Company
Software Name
iNET, iNET II
Software Version
до 8.3.0 (iNET), до 8.3.0 (iNET II)
Possible Mitigations
Данная уязвимость устраняется официальным патчем вендора. В связи со сложившейся обстановкой и введенными санкциями против Российской Федерации рекомендуем устанавливать обновления программного обеспечения только после оценки всех сопутствующих рисков
Reference
https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06
https://safe-surf.ru/upload/VULN/VULN-20220405.13.pdf
CWE
CWE-256
{
"CVSS 2.0": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CVSS 3.0": "AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "General Electric Company",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u0434\u043e 8.3.0 (iNET), \u0434\u043e 8.3.0 (iNET II)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0414\u0430\u043d\u043d\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u044f\u0435\u0442\u0441\u044f \u043e\u0444\u0438\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u043c \u043f\u0430\u0442\u0447\u0435\u043c \u0432\u0435\u043d\u0434\u043e\u0440\u0430. \u0412 \u0441\u0432\u044f\u0437\u0438 \u0441\u043e \u0441\u043b\u043e\u0436\u0438\u0432\u0448\u0435\u0439\u0441\u044f \u043e\u0431\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u043e\u0439 \u0438 \u0432\u0432\u0435\u0434\u0435\u043d\u043d\u044b\u043c\u0438 \u0441\u0430\u043d\u043a\u0446\u0438\u044f\u043c\u0438 \u043f\u0440\u043e\u0442\u0438\u0432 \u0420\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u043e\u0439 \u0424\u0435\u0434\u0435\u0440\u0430\u0446\u0438\u0438 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u043c \u0443\u0441\u0442\u0430\u043d\u0430\u0432\u043b\u0438\u0432\u0430\u0442\u044c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0442\u043e\u043b\u044c\u043a\u043e \u043f\u043e\u0441\u043b\u0435 \u043e\u0446\u0435\u043d\u043a\u0438 \u0432\u0441\u0435\u0445 \u0441\u043e\u043f\u0443\u0442\u0441\u0442\u0432\u0443\u044e\u0449\u0438\u0445 \u0440\u0438\u0441\u043a\u043e\u0432",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "31.03.2022",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "01.08.2022",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "01.08.2022",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2022-04711",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2022-24120",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "iNET, iNET II",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u043e\u0431\u043e\u0440\u0443\u0434\u043e\u0432\u0430\u043d\u0438\u044f General Electric Renewable Energy iNET \u0438 iNET II, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u0445\u0440\u0430\u043d\u0435\u043d\u0438\u0435\u043c \u043f\u0430\u0440\u043e\u043b\u0435\u0439 \u0432 \u043d\u0435\u0437\u0430\u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u043c \u0432\u0438\u0434\u0435, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u0440\u043e\u0441\u043c\u043e\u0442\u0440\u0435\u0442\u044c \u0441\u043e\u0434\u0435\u0440\u0436\u0438\u043c\u043e\u0435 \u0444\u0430\u0439\u043b\u0430 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438 \u0438 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043f\u0430\u0440\u043e\u043b\u044f\u043c",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0425\u0440\u0430\u043d\u0435\u043d\u0438\u0435 \u043f\u0430\u0440\u043e\u043b\u044f \u0432 \u043d\u0435\u0437\u0430\u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u043c \u0432\u0438\u0434\u0435 (CWE-256)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u043e\u0431\u043e\u0440\u0443\u0434\u043e\u0432\u0430\u043d\u0438\u044f General Electric Renewable Energy iNET \u0438 iNET II \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0445\u0440\u0430\u043d\u0435\u043d\u0438\u0435\u043c \u043f\u0430\u0440\u043e\u043b\u0435\u0439 \u0432 \u043d\u0435\u0437\u0430\u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u043c \u0432\u0438\u0434\u0435. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u0440\u043e\u0441\u043c\u043e\u0442\u0440\u0435\u0442\u044c \u0441\u043e\u0434\u0435\u0440\u0436\u0438\u043c\u043e\u0435 \u0444\u0430\u0439\u043b\u0430 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438 \u0438 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043f\u0430\u0440\u043e\u043b\u044f\u043c",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0417\u043b\u043e\u0443\u043f\u043e\u0442\u0440\u0435\u0431\u043b\u0435\u043d\u0438\u0435 \u0444\u0443\u043d\u043a\u0446\u0438\u043e\u043d\u0430\u043b\u043e\u043c",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06\nhttps://safe-surf.ru/upload/VULN/VULN-20220405.13.pdf",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0439 \u043a\u043e\u0434",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-256",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,2)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,4)"
}
FKIE_CVE-2022-24120
Vulnerability from fkie_nvd - Published: 2022-12-26 05:15 - Updated: 2025-04-12 00:15
Severity
4.6 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
4.6 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
4.6 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Certain General Electric Renewable Energy products store cleartext credentials in flash memory. This affects iNET and iNET II before 8.3.0.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06 | Patch, Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06 | Patch, Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ge | inet_900_firmware | * | |
| ge | inet_900 | - | |
| ge | inet_ii_900_firmware | * | |
| ge | inet_ii_900 | - | |
| ge | sd1_firmware | * | |
| ge | sd1 | - | |
| ge | sd2_firmware | * | |
| ge | sd2 | - | |
| ge | sd4_firmware | * | |
| ge | sd4 | - | |
| ge | sd9_firmware | * | |
| ge | sd9 | - | |
| ge | td220max_firmware | * | |
| ge | td220max | - | |
| ge | td220x_firmware | * | |
| ge | td220x | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ge:inet_900_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "053CB7A9-6C3C-4304-816E-929D9214D85D",
"versionEndExcluding": "8.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ge:inet_900:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B7ED1619-0B7A-47FA-A479-D04B11363773",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ge:inet_ii_900_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D7C18050-4CC7-43BC-86C9-F60143AE66D8",
"versionEndExcluding": "8.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ge:inet_ii_900:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0490A0F3-D9BA-48DD-9C4C-6397459E93C2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ge:sd1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DFB6657B-94C3-428A-8C35-C86C8876AF73",
"versionEndIncluding": "6.4.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ge:sd1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "08EFCE64-2DF8-466D-989E-D8509F9DD314",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ge:sd2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "42922AA6-50D7-449A-8C6E-28F0E50BA78F",
"versionEndExcluding": "6.4.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ge:sd2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F4E7CB12-ACEC-4499-A743-57CF20829560",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ge:sd4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1BF373FE-4A12-4FC9-A758-00CF0DE29783",
"versionEndExcluding": "6.4.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ge:sd4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "62A537E3-613C-4211-9ED8-A002B1207A66",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ge:sd9_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "805F40B3-BA5F-4E61-97A0-B22F0D1A0E30",
"versionEndExcluding": "6.4.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ge:sd9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B2D3B5FC-2EE5-477A-AA63-7D4E1085B5EC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ge:td220max_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7D4E50AB-AC03-4A8F-8524-242CAA5C22C1",
"versionEndExcluding": "1.2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ge:td220max:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E5C8CC4F-FBB9-45F6-ABE6-23DB061646C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ge:td220x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "401DED9A-E36D-4FFA-A4A1-ACD1560B7A89",
"versionEndExcluding": "2.0.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ge:td220x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "352FB5AB-64AA-48DF-90B8-FF738790139D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Certain General Electric Renewable Energy products store cleartext credentials in flash memory. This affects iNET and iNET II before 8.3.0."
},
{
"lang": "es",
"value": "Ciertos productos de General Electric Renewable Energy almacenan credenciales de texto plano en la memoria flash. Esto afecta a iNET e iNET II anteriores a 8.3.0."
}
],
"id": "CVE-2022-24120",
"lastModified": "2025-04-12T00:15:16.340",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2022-12-26T05:15:11.207",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-312"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-312"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
GHSA-P3FF-JH52-G57X
Vulnerability from github – Published: 2022-12-26 06:30 – Updated: 2023-01-05 18:30
VLAI
Details
Certain General Electric Renewable Energy products store cleartext credentials in flash memory. This affects iNET and iNET II before 8.3.0.
Severity
4.6 (Medium)
{
"affected": [],
"aliases": [
"CVE-2022-24120"
],
"database_specific": {
"cwe_ids": [
"CWE-312"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-12-26T05:15:00Z",
"severity": "MODERATE"
},
"details": "Certain General Electric Renewable Energy products store cleartext credentials in flash memory. This affects iNET and iNET II before 8.3.0.",
"id": "GHSA-p3ff-jh52-g57x",
"modified": "2023-01-05T18:30:30Z",
"published": "2022-12-26T06:30:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24120"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GSD-2022-24120
Vulnerability from gsd - Updated: 2023-12-13 01:19Details
Certain General Electric Renewable Energy products store cleartext credentials in flash memory. This affects iNET and iNET II before 8.3.0.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2022-24120",
"id": "GSD-2022-24120"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2022-24120"
],
"details": "Certain General Electric Renewable Energy products store cleartext credentials in flash memory. This affects iNET and iNET II before 8.3.0.",
"id": "GSD-2022-24120",
"modified": "2023-12-13T01:19:42.580065Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-24120",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "?",
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Certain General Electric Renewable Energy products store cleartext credentials in flash memory. This affects iNET and iNET II before 8.3.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:ge:inet_900_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:ge:inet_900:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:ge:inet_ii_900_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:ge:inet_ii_900:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:ge:sd1_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.4.7",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:ge:sd1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:ge:sd2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.4.7",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:ge:sd2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:ge:sd4_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.4.7",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:ge:sd4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:ge:sd9_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.4.7",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:ge:sd9:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:ge:td220max_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.2.6",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:ge:td220max:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:ge:td220x_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.0.16",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:ge:td220x:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-24120"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Certain General Electric Renewable Energy products store cleartext credentials in flash memory. This affects iNET and iNET II before 8.3.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-312"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06"
}
]
}
},
"impact": {
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 3.6
}
},
"lastModifiedDate": "2023-01-05T15:59Z",
"publishedDate": "2022-12-26T05:15Z"
}
}
}
ICSA-22-090-06
Vulnerability from csaf_cisa - Published: 2022-03-31 00:00 - Updated: 2022-03-31 00:00Summary
General Electric Renewable Energy MDS Radios
Notes
CISA Disclaimer: This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov
Legal Notice: All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Risk evaluation: Successful exploitation of these vulnerabilities could allow an attacker to control the configuration of the radio, join the network without proper authorization, or keep valid users from using the system correctly.
Critical infrastructure sectors: Communications, Critical Manufacturing, Energy, Healthcare and Public Health, Transportation Systems, Water and Wastewater Systems
Countries/areas deployed: Worldwide
Company headquarters location: United State
Recommended Practices: CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerabilities. Specifically, users should:
Recommended Practices: CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices: Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on cisa.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.
Recommended Practices: CISA also recommends users take the following measures to protect themselves from social engineering attacks:
Exploitability: No known public exploits specifically target these vulnerabilities.
10.0 (Critical)
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
iNET/iNET II series radio: firmware versions prior to rev. 8.3.0
General Electric (GE) / iNET/iNET II series radio
|
< rev. 8.3.0 |
Mitigation
fix
Mitigation
fix
Vendor Fix
fix
Mitigation
fix
Mitigation
fix
|
|
|
SD series radio: firmware versions prior to rev. 6.4.7
General Electric (GE) / SD series radio
|
< rev. 6.4.7 |
Mitigation
fix
Mitigation
fix
Vendor Fix
fix
Mitigation
fix
Mitigation
fix
|
|
|
TD220MAX series radio: firmware versions prior to rev. 1.2.6
General Electric (GE) / TD220MAX series radio
|
< rev. 1.2.6 |
Mitigation
fix
Mitigation
fix
Vendor Fix
fix
Mitigation
fix
Mitigation
fix
|
|
|
TD220X series radio: firmware versions prior to rev. 2.0.16
General Electric (GE) / TD220X series radio
|
< rev. 2.0.16 |
Mitigation
fix
Mitigation
fix
Vendor Fix
fix
Mitigation
fix
Mitigation
fix
|
10.0 (Critical)
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
iNET/iNET II series radio: firmware versions prior to rev. 8.3.0
General Electric (GE) / iNET/iNET II series radio
|
< rev. 8.3.0 |
Mitigation
fix
Mitigation
fix
Vendor Fix
fix
Mitigation
fix
Mitigation
fix
|
|
|
SD series radio: firmware versions prior to rev. 6.4.7
General Electric (GE) / SD series radio
|
< rev. 6.4.7 |
Mitigation
fix
Mitigation
fix
Vendor Fix
fix
Mitigation
fix
Mitigation
fix
|
|
|
TD220MAX series radio: firmware versions prior to rev. 1.2.6
General Electric (GE) / TD220MAX series radio
|
< rev. 1.2.6 |
Mitigation
fix
Mitigation
fix
Vendor Fix
fix
Mitigation
fix
Mitigation
fix
|
|
|
TD220X series radio: firmware versions prior to rev. 2.0.16
General Electric (GE) / TD220X series radio
|
< rev. 2.0.16 |
Mitigation
fix
Mitigation
fix
Vendor Fix
fix
Mitigation
fix
Mitigation
fix
|
8.0 (High)
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
iNET/iNET II series radio: firmware versions prior to rev. 8.3.0
General Electric (GE) / iNET/iNET II series radio
|
< rev. 8.3.0 |
Mitigation
fix
Mitigation
fix
Vendor Fix
fix
Mitigation
fix
Mitigation
fix
|
|
|
SD series radio: firmware versions prior to rev. 6.4.7
General Electric (GE) / SD series radio
|
< rev. 6.4.7 |
Mitigation
fix
Mitigation
fix
Vendor Fix
fix
Mitigation
fix
Mitigation
fix
|
|
|
TD220MAX series radio: firmware versions prior to rev. 1.2.6
General Electric (GE) / TD220MAX series radio
|
< rev. 1.2.6 |
Mitigation
fix
Mitigation
fix
Vendor Fix
fix
Mitigation
fix
Mitigation
fix
|
|
|
TD220X series radio: firmware versions prior to rev. 2.0.16
General Electric (GE) / TD220X series radio
|
< rev. 2.0.16 |
Mitigation
fix
Mitigation
fix
Vendor Fix
fix
Mitigation
fix
Mitigation
fix
|
6.8 (Medium)
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
iNET/iNET II series radio: firmware versions prior to rev. 8.3.0
General Electric (GE) / iNET/iNET II series radio
|
< rev. 8.3.0 |
Mitigation
fix
Mitigation
fix
Vendor Fix
fix
Mitigation
fix
Mitigation
fix
|
|
|
SD series radio: firmware versions prior to rev. 6.4.7
General Electric (GE) / SD series radio
|
< rev. 6.4.7 |
Mitigation
fix
Mitigation
fix
Vendor Fix
fix
Mitigation
fix
Mitigation
fix
|
|
|
TD220MAX series radio: firmware versions prior to rev. 1.2.6
General Electric (GE) / TD220MAX series radio
|
< rev. 1.2.6 |
Mitigation
fix
Mitigation
fix
Vendor Fix
fix
Mitigation
fix
Mitigation
fix
|
|
|
TD220X series radio: firmware versions prior to rev. 2.0.16
General Electric (GE) / TD220X series radio
|
< rev. 2.0.16 |
Mitigation
fix
Mitigation
fix
Vendor Fix
fix
Mitigation
fix
Mitigation
fix
|
6.8 (Medium)
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
iNET/iNET II series radio: firmware versions prior to rev. 8.3.0
General Electric (GE) / iNET/iNET II series radio
|
< rev. 8.3.0 |
Mitigation
fix
Mitigation
fix
Vendor Fix
fix
Mitigation
fix
Mitigation
fix
|
|
|
SD series radio: firmware versions prior to rev. 6.4.7
General Electric (GE) / SD series radio
|
< rev. 6.4.7 |
Mitigation
fix
Mitigation
fix
Vendor Fix
fix
Mitigation
fix
Mitigation
fix
|
|
|
TD220MAX series radio: firmware versions prior to rev. 1.2.6
General Electric (GE) / TD220MAX series radio
|
< rev. 1.2.6 |
Mitigation
fix
Mitigation
fix
Vendor Fix
fix
Mitigation
fix
Mitigation
fix
|
|
|
TD220X series radio: firmware versions prior to rev. 2.0.16
General Electric (GE) / TD220X series radio
|
< rev. 2.0.16 |
Mitigation
fix
Mitigation
fix
Vendor Fix
fix
Mitigation
fix
Mitigation
fix
|
8.4 (High)
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
iNET/iNET II series radio: firmware versions prior to rev. 8.3.0
General Electric (GE) / iNET/iNET II series radio
|
< rev. 8.3.0 |
Mitigation
fix
Mitigation
fix
Vendor Fix
fix
Mitigation
fix
Mitigation
fix
|
|
|
SD series radio: firmware versions prior to rev. 6.4.7
General Electric (GE) / SD series radio
|
< rev. 6.4.7 |
Mitigation
fix
Mitigation
fix
Vendor Fix
fix
Mitigation
fix
Mitigation
fix
|
|
|
TD220MAX series radio: firmware versions prior to rev. 1.2.6
General Electric (GE) / TD220MAX series radio
|
< rev. 1.2.6 |
Mitigation
fix
Mitigation
fix
Vendor Fix
fix
Mitigation
fix
Mitigation
fix
|
|
|
TD220X series radio: firmware versions prior to rev. 2.0.16
General Electric (GE) / TD220X series radio
|
< rev. 2.0.16 |
Mitigation
fix
Mitigation
fix
Vendor Fix
fix
Mitigation
fix
Mitigation
fix
|
References
16 references
Acknowledgments
Dragos
Reid Wightman
{
"document": {
"acknowledgments": [
{
"names": [
"Reid Wightman"
],
"organization": "Dragos",
"summary": "reporting these vulnerabilities to GE"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
"title": "CISA Disclaimer"
},
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "summary",
"text": "Successful exploitation of these vulnerabilities could allow an attacker to control the configuration of the radio, join the network without proper authorization, or keep valid users from using the system correctly.",
"title": "Risk evaluation"
},
{
"category": "other",
"text": "Communications, Critical Manufacturing, Energy, Healthcare and Public Health, Transportation Systems, Water and Wastewater Systems",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "United State",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerabilities. Specifically, users should:",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\nCISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on cisa.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also recommends users take the following measures to protect themselves from social engineering attacks:",
"title": "Recommended Practices"
},
{
"category": "other",
"text": "No known public exploits specifically target these vulnerabilities.",
"title": "Exploitability"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "ICS Advisory ICSA-22-090-06 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2022/icsa-22-090-06.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-22-090-06 Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-090-06"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ncas/tips/ST04-014"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
}
],
"title": "General Electric Renewable Energy MDS Radios",
"tracking": {
"current_release_date": "2022-03-31T00:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-22-090-06",
"initial_release_date": "2022-03-31T00:00:00.000000Z",
"revision_history": [
{
"date": "2022-03-31T00:00:00.000000Z",
"legacy_version": "Initial",
"number": "1",
"summary": "ICSA-22-090-06 GE Renewable Energy MDS Radios"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c rev. 8.3.0",
"product": {
"name": "iNET/iNET II series radio: firmware versions prior to rev. 8.3.0",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "iNET/iNET II series radio"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c rev. 6.4.7",
"product": {
"name": "SD series radio: firmware versions prior to rev. 6.4.7",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "SD series radio"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c rev. 1.2.6",
"product": {
"name": "TD220MAX series radio: firmware versions prior to rev. 1.2.6",
"product_id": "CSAFPID-0003"
}
}
],
"category": "product_name",
"name": "TD220MAX series radio"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c rev. 2.0.16",
"product": {
"name": "TD220X series radio: firmware versions prior to rev. 2.0.16",
"product_id": "CSAFPID-0004"
}
}
],
"category": "product_name",
"name": "TD220X series radio"
}
],
"category": "vendor",
"name": "General Electric (GE)"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-17562",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "This previously disclosed vulnerability in the GoAhead Webserver may allow remote code execution in iNET/iNET II, TD220X, and TD220MAX series radios.CVE-2017-17562 has been assigned to this vulnerability. A CVSS v3 base score of 10.0 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17562"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "iNET/iNET II series radio firmware rev.8.3.0",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "https://www.gegridsolutions.com/app/resources.aspx?prod=iNETII\u0026type=21"
},
{
"category": "mitigation",
"details": "SD series radio firmware rev. 6.4.7",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "https://www.gegridsolutions.com/app/resources.aspx?prod=SDseries\u0026type=21"
},
{
"category": "vendor_fix",
"details": "TD220X series radio firmware rev. 2.0.16",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "https://www.gegridsolutions.com/app/resources.aspx?prod=td-series\u0026type=21"
},
{
"category": "mitigation",
"details": "TD220MAX series radio firmware rev. 1.2.6",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "https://www.gegridsolutions.com/app/resources.aspx?prod=td-series\u0026type=21"
},
{
"category": "mitigation",
"details": "GE also recommends the use of other protections inside the radio such as MAC address allow-listing, IEEE 802.1x authentication, or encrypt traffic at the application level with protocols such as HTTPS or SSH. GE provides additional mitigations and information about these vulnerabilities in GE publication number: GES-2021-18 TD220 - GES-2021-17 iNET - GES-2021-16",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "https://www.gegridsolutions.com/communications/wireless.htm"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
}
]
},
{
"cve": "CVE-2022-24119",
"cwe": {
"id": "CWE-912",
"name": "Hidden Functionality"
},
"notes": [
{
"category": "summary",
"text": "iNET/iNET II series radios allow unauthenticated local and network access to the device configuration shell.CVE-2022-24119 has been assigned to this vulnerability. A CVSS v3 base score of 10.0 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-24119"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "iNET/iNET II series radio firmware rev.8.3.0",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "https://www.gegridsolutions.com/app/resources.aspx?prod=iNETII\u0026type=21"
},
{
"category": "mitigation",
"details": "SD series radio firmware rev. 6.4.7",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "https://www.gegridsolutions.com/app/resources.aspx?prod=SDseries\u0026type=21"
},
{
"category": "vendor_fix",
"details": "TD220X series radio firmware rev. 2.0.16",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "https://www.gegridsolutions.com/app/resources.aspx?prod=td-series\u0026type=21"
},
{
"category": "mitigation",
"details": "TD220MAX series radio firmware rev. 1.2.6",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "https://www.gegridsolutions.com/app/resources.aspx?prod=td-series\u0026type=21"
},
{
"category": "mitigation",
"details": "GE also recommends the use of other protections inside the radio such as MAC address allow-listing, IEEE 802.1x authentication, or encrypt traffic at the application level with protocols such as HTTPS or SSH. GE provides additional mitigations and information about these vulnerabilities in GE publication number: GES-2021-18 TD220 - GES-2021-17 iNET - GES-2021-16",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "https://www.gegridsolutions.com/communications/wireless.htm"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
}
]
},
{
"cve": "CVE-2022-24116",
"cwe": {
"id": "CWE-326",
"name": "Inadequate Encryption Strength"
},
"notes": [
{
"category": "summary",
"text": "This vulnerability identifies a weakness in the wireless security software and chipset implementations in iNET/iNET II series radios.CVE-2022-24116 has been assigned to this vulnerability. A CVSS v3 base score of 8.0 has been calculated; the CVSS vector string is (AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-24116"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "iNET/iNET II series radio firmware rev.8.3.0",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "https://www.gegridsolutions.com/app/resources.aspx?prod=iNETII\u0026type=21"
},
{
"category": "mitigation",
"details": "SD series radio firmware rev. 6.4.7",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "https://www.gegridsolutions.com/app/resources.aspx?prod=SDseries\u0026type=21"
},
{
"category": "vendor_fix",
"details": "TD220X series radio firmware rev. 2.0.16",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "https://www.gegridsolutions.com/app/resources.aspx?prod=td-series\u0026type=21"
},
{
"category": "mitigation",
"details": "TD220MAX series radio firmware rev. 1.2.6",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "https://www.gegridsolutions.com/app/resources.aspx?prod=td-series\u0026type=21"
},
{
"category": "mitigation",
"details": "GE also recommends the use of other protections inside the radio such as MAC address allow-listing, IEEE 802.1x authentication, or encrypt traffic at the application level with protocols such as HTTPS or SSH. GE provides additional mitigations and information about these vulnerabilities in GE publication number: GES-2021-18 TD220 - GES-2021-17 iNET - GES-2021-16",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "https://www.gegridsolutions.com/communications/wireless.htm"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
}
]
},
{
"cve": "CVE-2022-24118",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "summary",
"text": "A feature can allow the use of an authentication code to cause iNET/iNET II, SD, TD220X, and TD220MAX series radios to reset back to the factory default configuration and reboot.CVE-2022-24118 has been assigned to this vulnerability. A CVSS v3 base score of 6.8 has been calculated; the CVSS vector string is (AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-24118"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "iNET/iNET II series radio firmware rev.8.3.0",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "https://www.gegridsolutions.com/app/resources.aspx?prod=iNETII\u0026type=21"
},
{
"category": "mitigation",
"details": "SD series radio firmware rev. 6.4.7",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "https://www.gegridsolutions.com/app/resources.aspx?prod=SDseries\u0026type=21"
},
{
"category": "vendor_fix",
"details": "TD220X series radio firmware rev. 2.0.16",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "https://www.gegridsolutions.com/app/resources.aspx?prod=td-series\u0026type=21"
},
{
"category": "mitigation",
"details": "TD220MAX series radio firmware rev. 1.2.6",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "https://www.gegridsolutions.com/app/resources.aspx?prod=td-series\u0026type=21"
},
{
"category": "mitigation",
"details": "GE also recommends the use of other protections inside the radio such as MAC address allow-listing, IEEE 802.1x authentication, or encrypt traffic at the application level with protocols such as HTTPS or SSH. GE provides additional mitigations and information about these vulnerabilities in GE publication number: GES-2021-18 TD220 - GES-2021-17 iNET - GES-2021-16",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "https://www.gegridsolutions.com/communications/wireless.htm"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
}
]
},
{
"cve": "CVE-2022-24120",
"cwe": {
"id": "CWE-256",
"name": "Plaintext Storage of a Password"
},
"notes": [
{
"category": "summary",
"text": "iNET and iNET II series radios store credentials in plaintext on the system flash memory.CVE-2022-24120 has been assigned to this vulnerability. A CVSS v3 base score of 6.8 has been calculated; the CVSS vector string is (AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-24120"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "iNET/iNET II series radio firmware rev.8.3.0",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "https://www.gegridsolutions.com/app/resources.aspx?prod=iNETII\u0026type=21"
},
{
"category": "mitigation",
"details": "SD series radio firmware rev. 6.4.7",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "https://www.gegridsolutions.com/app/resources.aspx?prod=SDseries\u0026type=21"
},
{
"category": "vendor_fix",
"details": "TD220X series radio firmware rev. 2.0.16",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "https://www.gegridsolutions.com/app/resources.aspx?prod=td-series\u0026type=21"
},
{
"category": "mitigation",
"details": "TD220MAX series radio firmware rev. 1.2.6",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "https://www.gegridsolutions.com/app/resources.aspx?prod=td-series\u0026type=21"
},
{
"category": "mitigation",
"details": "GE also recommends the use of other protections inside the radio such as MAC address allow-listing, IEEE 802.1x authentication, or encrypt traffic at the application level with protocols such as HTTPS or SSH. GE provides additional mitigations and information about these vulnerabilities in GE publication number: GES-2021-18 TD220 - GES-2021-17 iNET - GES-2021-16",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "https://www.gegridsolutions.com/communications/wireless.htm"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
}
]
},
{
"cve": "CVE-2022-24117",
"cwe": {
"id": "CWE-494",
"name": "Download of Code Without Integrity Check"
},
"notes": [
{
"category": "summary",
"text": "There is no cryptographic signature to verify authenticity of firmware.CVE-2022-24117 has been assigned to this vulnerability. A CVSS v3 base score of 8.4 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-24117"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "iNET/iNET II series radio firmware rev.8.3.0",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "https://www.gegridsolutions.com/app/resources.aspx?prod=iNETII\u0026type=21"
},
{
"category": "mitigation",
"details": "SD series radio firmware rev. 6.4.7",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "https://www.gegridsolutions.com/app/resources.aspx?prod=SDseries\u0026type=21"
},
{
"category": "vendor_fix",
"details": "TD220X series radio firmware rev. 2.0.16",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "https://www.gegridsolutions.com/app/resources.aspx?prod=td-series\u0026type=21"
},
{
"category": "mitigation",
"details": "TD220MAX series radio firmware rev. 1.2.6",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "https://www.gegridsolutions.com/app/resources.aspx?prod=td-series\u0026type=21"
},
{
"category": "mitigation",
"details": "GE also recommends the use of other protections inside the radio such as MAC address allow-listing, IEEE 802.1x authentication, or encrypt traffic at the application level with protocols such as HTTPS or SSH. GE provides additional mitigations and information about these vulnerabilities in GE publication number: GES-2021-18 TD220 - GES-2021-17 iNET - GES-2021-16",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "https://www.gegridsolutions.com/communications/wireless.htm"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
}
]
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…