General Electric Renewable Energy MDS iNET and iNET II, SD, TD220, TD220MAX Radios code execution | CVE-2022-24117
NAME
General Electric Renewable Energy MDS iNET and iNET II, SD, TD220, TD220MAX Radios code execution
- Platforms Affected:
General Electric Renewable Energy MDS iNET 8.2.9
General Electric Renewable Energy MDS iNET II 8.2.9
General Electric Renewable Energy SD 6.4.6
General Electric Renewable Energy TD220 2.0.15
General Electric Renewable Energy TD220MAX 1.2.5 - Risk Level:
8.4 - Exploitability:
Unproven - Consequences:
Obtain Information
DESCRIPTION
General Electric Renewable Energy MDS iNET and iNET II, SD, TD220, TD220MAX Radios could allow a remote authenticated attacker to execute arbitrary code on the system, caused by improper verification of cryptographic signature authenticity. By sending a specially-crafted request, an attacker could exploit this vulnerability to install a malicious firmware package.
CVSS 3.0 Information
- Privileges Required: High
- User Interaction: Required
- Scope: Changed
- Access Vector: Network
- Access Complexity: Low
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
- Remediation Level: Official Fix
MITIGATION
Upgrade to the latest version of MDS iNET and iNET II, SD, TD220, TD220MAX Radios (8.3.0, 6.4.7, 2.0.16, 1.2.6 respectively, or later), available from the General Electric Renewable Energy Web site. See References.
- Reference Link:
https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06 - Reference Link:
https://www.gegridsolutions.com/app/resources.aspx?prod=td-series&type=21
If you like the site, please consider joining the telegram channel and supporting us on Patreon using the button below.