CVE-2022-24116

CRITICAL

General Electric Renewable Energy <8.3.0 - Info Disclosure

Title source: llm
STIX 2.1

Description

Certain General Electric Renewable Energy products have inadequate encryption strength. This affects iNET and iNET II before 8.3.0.

References (1)

Scores

CVSS v3 9.8
EPSS 0.0008
EPSS Percentile 23.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Details

CWE
CWE-326 CWE-325
Status published
Products (8)
ge/inet_900_firmware < 8.3.0
ge/inet_ii_900_firmware < 8.3.0
ge/sd1_firmware < 6.4.7
ge/sd2_firmware < 6.4.7
ge/sd4_firmware < 6.4.7
ge/sd9_firmware < 6.4.7
ge/td220max_firmware < 1.2.6
ge/td220x_firmware < 2.0.16
Published Dec 26, 2022
Tracked Since Feb 18, 2026