Lucene search

[email protected]NVD:CVE-2022-24120

HistoryDec 26, 2022 - 5:15 a.m.

CVE-2022-24120

2022-12-2605:15:11

CWE-312

[email protected]

web.nvd.nist.gov

general electric

renewable energy

cleartext credentials

flash memory

inet

inet ii

version 8.3.0

cve-2022-24120

CVSS3

4.6

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

25.3%

JSON

Certain General Electric Renewable Energy products store cleartext credentials in flash memory. This affects iNET and iNET II before 8.3.0.

Affected configurations

Nvd

Node

geinet_900_firmwareRange<8.3.0

AND

geinet_900Match-

Node

geinet_ii_900_firmwareRange<8.3.0

AND

geinet_ii_900Match-

Node

gesd1_firmwareRange≤6.4.7

AND

gesd1Match-

Node

gesd2_firmwareRange<6.4.7

AND

gesd2Match-

Node

gesd4_firmwareRange<6.4.7

AND

gesd4Match-

Node

gesd9_firmwareRange<6.4.7

AND

gesd9Match-

Node

getd220max_firmwareRange<1.2.6

AND

getd220maxMatch-

Node

getd220x_firmwareRange<2.0.16

AND

getd220xMatch-

VendorProductVersionCPE
geinet_900_firmware*cpe:2.3:o:ge:inet_900_firmware:*:*:*:*:*:*:*:*
geinet_900-cpe:2.3:h:ge:inet_900:-:*:*:*:*:*:*:*
geinet_ii_900_firmware*cpe:2.3:o:ge:inet_ii_900_firmware:*:*:*:*:*:*:*:*
geinet_ii_900-cpe:2.3:h:ge:inet_ii_900:-:*:*:*:*:*:*:*
gesd1_firmware*cpe:2.3:o:ge:sd1_firmware:*:*:*:*:*:*:*:*
gesd1-cpe:2.3:h:ge:sd1:-:*:*:*:*:*:*:*
gesd2_firmware*cpe:2.3:o:ge:sd2_firmware:*:*:*:*:*:*:*:*
gesd2-cpe:2.3:h:ge:sd2:-:*:*:*:*:*:*:*
gesd4_firmware*cpe:2.3:o:ge:sd4_firmware:*:*:*:*:*:*:*:*
gesd4-cpe:2.3:h:ge:sd4:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ge	inet_900_firmware	*	cpe:2.3:o:ge:inet_900_firmware::::::::
ge	inet_900	-	cpe:2.3:h:ge:inet_900:-:::::::*
ge	inet_ii_900_firmware	*	cpe:2.3:o:ge:inet_ii_900_firmware::::::::
ge	inet_ii_900	-	cpe:2.3:h:ge:inet_ii_900:-:::::::*
ge	sd1_firmware	*	cpe:2.3:o:ge:sd1_firmware::::::::
ge	sd1	-	cpe:2.3:h:ge:sd1:-:::::::*
ge	sd2_firmware	*	cpe:2.3:o:ge:sd2_firmware::::::::
ge	sd2	-	cpe:2.3:h:ge:sd2:-:::::::*
ge	sd4_firmware	*	cpe:2.3:o:ge:sd4_firmware::::::::
ge	sd4	-	cpe:2.3:h:ge:sd4:-:::::::*

Rows per page:

1-10 of 161

References

www.cisa.gov/uscert/ics/advisories/icsa-22-090-06

CVSS3

4.6

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

25.3%

JSON

Related for NVD:CVE-2022-24120

prion1 cvelist1 cve1 ics1