Description
Certain General Electric Renewable Energy products allow attackers to use a code to trigger a reboot into the factory default configuration. This affects iNET and iNET II before 8.3.0, SD before 6.4.7, TD220X before 2.0.16, and TD220MAX before 1.2.6.
References (1)
Core 1
Core References
Patch, Third Party Advisory, US Government Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06
Scores
CVSS v3
9.1
EPSS
0.0063
EPSS Percentile
45.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-400
Status
published
Products (8)
ge/inet_900_firmware
< 8.3.0
ge/inet_ii_900_firmware
< 8.3.0
ge/sd1_firmware
< 6.4.7
ge/sd2_firmware
< 6.4.7
ge/sd4_firmware
< 6.4.7
ge/sd9_firmware
< 6.4.7
ge/td220max_firmware
< 1.2.6
ge/td220x_firmware
< 2.0.16
Published
Dec 26, 2022
Tracked Since
Feb 18, 2026