CVE-2022-24118
CRITICAL WAF: Medium
CVSS 9.1
Published: 2022-12-26
CWE-400 CWE-400
Certain General Electric Renewable Energy products allow attackers to use a code to trigger a reboot into the factory default configuration. This affects iNET and iNET II before 8.3.0, SD before 6.4.7, TD220X before 2.0.16, and TD220MAX before 1.2.6.
WAF Coverage Analysis
Uncontrolled Resource Consumption
Medium WAF Coverage
OWASP: A05:2021 Security Misconfiguration
912xxx - DOS Protection
Uncontrolled Resource Consumption
Medium WAF Coverage
OWASP: A05:2021 Security Misconfiguration
912xxx - DOS Protection
Affected Software
| Vendor | Product | Version |
|---|---|---|
| ge | inet_900_firmware | up to 8.3.0 |
| ge | inet_ii_900_firmware | up to 8.3.0 |
| ge | sd1_firmware | up to 6.4.7 |
| ge | sd2_firmware | up to 6.4.7 |
| ge | sd4_firmware | up to 6.4.7 |
| ge | sd9_firmware | up to 6.4.7 |
| ge | td220max_firmware | up to 1.2.6 |
| ge | td220x_firmware | up to 2.0.16 |
References
- www.cisa.gov (Patch, Third Party Advisory, US Government Resource)