CVE-2022-24118
Severity CVSS v4.0:
Pending analysis
Type:
CWE-400
Uncontrolled Resource Consumption ('Resource Exhaustion')
Publication date:
26/12/2022
Last modified:
12/04/2025
Description
Certain General Electric Renewable Energy products allow attackers to use a code to trigger a reboot into the factory default configuration. This affects iNET and iNET II before 8.3.0, SD before 6.4.7, TD220X before 2.0.16, and TD220MAX before 1.2.6.
Impact
Base Score 3.x
9.10
Severity 3.x
CRITICAL
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:ge:inet_900_firmware:*:*:*:*:*:*:*:* | 8.3.0 (excluding) | |
| cpe:2.3:h:ge:inet_900:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:ge:inet_ii_900_firmware:*:*:*:*:*:*:*:* | 8.3.0 (excluding) | |
| cpe:2.3:h:ge:inet_ii_900:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:ge:sd1_firmware:*:*:*:*:*:*:*:* | 6.4.7 (including) | |
| cpe:2.3:h:ge:sd1:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:ge:sd2_firmware:*:*:*:*:*:*:*:* | 6.4.7 (excluding) | |
| cpe:2.3:h:ge:sd2:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:ge:sd4_firmware:*:*:*:*:*:*:*:* | 6.4.7 (excluding) | |
| cpe:2.3:h:ge:sd4:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:ge:sd9_firmware:*:*:*:*:*:*:*:* | 6.4.7 (excluding) | |
| cpe:2.3:h:ge:sd9:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:ge:td220max_firmware:*:*:*:*:*:*:*:* | 1.2.6 (excluding) | |
| cpe:2.3:h:ge:td220max:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:ge:td220x_firmware:*:*:*:*:*:*:*:* | 2.0.16 (excluding) |
To consult the complete list of CPE names with products and versions, see this page