cbcvebase.
CVE-2022-24117
published 2022-12-26

CVE-2022-24117: Certain General Electric Renewable Energy products download firmware without an integrity check. This affects iNET and iNET II before 8.3.0, SD before 6.4.7…

PriorityP349critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.35%
27.2th percentile
Certain General Electric Renewable Energy products download firmware without an integrity check. This affects iNET and iNET II before 8.3.0, SD before 6.4.7, TD220X before 2.0.16, and TD220MAX before 1.2.6.

Affected

8 ranges
VendorProductVersion rangeFixed in
geinet_900_firmware< 8.3.08.3.0
geinet_ii_900_firmware< 8.3.08.3.0
gesd1_firmware<= 6.4.7
gesd2_firmware< 6.4.76.4.7
gesd4_firmware< 6.4.76.4.7
gesd9_firmware< 6.4.76.4.7
getd220max_firmware< 1.2.61.2.6
getd220x_firmware< 2.0.162.0.16
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.