CVE-2022-24117

CRITICAL

General Electric Renewable Energy - Info Disclosure

Title source: llm

Description

Certain General Electric Renewable Energy products download firmware without an integrity check. This affects iNET and iNET II before 8.3.0, SD before 6.4.7, TD220X before 2.0.16, and TD220MAX before 1.2.6.

References (1)

[Patch, Third Party Advisory, US Government Resource] https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06

Scores

CVSS v3 9.8

EPSS 0.0011

EPSS Percentile 29.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-494

Status published

Products (8)

ge/inet_900_firmware < 8.3.0

ge/inet_ii_900_firmware < 8.3.0

ge/sd1_firmware < 6.4.7

ge/sd2_firmware < 6.4.7

ge/sd4_firmware < 6.4.7

ge/sd9_firmware < 6.4.7

ge/td220max_firmware < 1.2.6

ge/td220x_firmware < 2.0.16

Published Dec 26, 2022

Tracked Since Feb 18, 2026