CVE-2022-24119

Name of the Vulnerable Software and Affected Versions General Electric Renewable Energy iNET versions prior to 8.3.0 General Electric Renewable Energy iNET II versions prior to 8.3.0

Description The issue is related to the presence of undocumented configuration commands in the software of General Electric Renewable Energy's iNET and iNET II products. This allows a remote attacker to gain full access to the application and compromise the target system. The vulnerability is associated with a hidden feature for unauthenticated remote access to the device configuration shell.

Recommendations For General Electric Renewable Energy iNET versions prior to 8.3.0, update to version 8.3.0 or later to resolve the issue. For General Electric Renewable Energy iNET II versions prior to 8.3.0, update to version 8.3.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the device configuration shell until a patch is available.