CVE-2022-24120

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions General Electric Renewable Energy iNET versions prior to 8.3.0 General Electric Renewable Energy iNET II versions prior to 8.3.0

Description The issue is related to the storage of passwords in cleartext. This allows an attacker to view the contents of the configuration file and gain access to passwords. The problem affects certain General Electric Renewable Energy products, where cleartext credentials are stored in flash memory.

Recommendations For General Electric Renewable Energy iNET versions prior to 8.3.0, update to version 8.3.0 or later to resolve the issue. For General Electric Renewable Energy iNET II versions prior to 8.3.0, update to version 8.3.0 or later to resolve the issue.

Fix

Cleartext Storage of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-312CWE-256

Related Identifiers

BDU:2022-04711

CVE-2022-24120

Affected Products

Inet

Inet Ii

CVE-2022-24120

Weakness Enumeration

Related Identifiers

Affected Products

References · 8