CVE-2022-24120

MEDIUM

General Electric Renewable Energy <8.3.0 - Info Disclosure

Title source: llm
STIX 2.1

Description

Certain General Electric Renewable Energy products store cleartext credentials in flash memory. This affects iNET and iNET II before 8.3.0.

References (1)

Core 1
Core References
Patch, Third Party Advisory, US Government Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06

Scores

CVSS v3 4.6
EPSS 0.0018
EPSS Percentile 8.0%
Attack Vector PHYSICAL
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-312
Status published
Products (8)
ge/inet_900_firmware < 8.3.0
ge/inet_ii_900_firmware < 8.3.0
ge/sd1_firmware < 6.4.7
ge/sd2_firmware < 6.4.7
ge/sd4_firmware < 6.4.7
ge/sd9_firmware < 6.4.7
ge/td220max_firmware < 1.2.6
ge/td220x_firmware < 2.0.16
Published Dec 26, 2022
Tracked Since Feb 18, 2026