General Electric Renewable Energy MDS iNET and iNET II Radios backdoor | CVE-2022-24119
NAME
General Electric Renewable Energy MDS iNET and iNET II Radios backdoor
- Platforms Affected:
General Electric Renewable Energy MDS iNET 8.2.9
General Electric Renewable Energy MDS iNET II 8.2.9
General Electric Renewable Energy SD 6.4.6
General Electric Renewable Energy TD220 2.0.15
General Electric Renewable Energy TD220MAX 1.2.5 - Risk Level:
10 - Exploitability:
Unproven - Consequences:
Gain Access
DESCRIPTION
General Electric Renewable Energy MDS iNET and iNET II Radios contain an undocumented backdoor account. By sending a specially-crafted HTTP request, a remote attacker could exploit this vulnerability to gain access to the device configuration shell.
CVSS 3.0 Information
- Privileges Required: None
- User Interaction: None
- Scope: Changed
- Access Vector: Network
- Access Complexity: Low
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
- Remediation Level: Official Fix
MITIGATION
Upgrade to the latest version of MDS iNET and iNET II Radios (8.3.0, or later), available from the General Electric Renewable Energy Web site. See References.
- Reference Link:
https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06 - Reference Link:
https://www.gegridsolutions.com/app/resources.aspx?prod=iNETII&type=21
If you like the site, please consider joining the telegram channel and supporting us on Patreon using the button below.
