Multiple vulnerabilities in General Electric Renewable Energy MDS Radios

Apr 4, 2022 10:00 am Cyber Security 159
Published: 2022-04-04

Security Bulletin


This security bulletin contains information about 5 vulnerabilities.



1) Hidden functionality


EUVDB-ID: #VU61817


Risk: High


CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]


CVE-ID: CVE-2022-24119


CWE-ID: CWE-912 - Hidden Functionality (Backdoor)


Exploit availability: No


Description

The vulnerability allows a remote attacker to compromise vulnerable system


The vulnerability exists due to hidden functionality (backdoor) is present in software. A remote attacker can use this functionality to gain full access to the application and compromise the affected system.


Mitigation

Install updates from vendor's website.


Vulnerable software versions

iNET: before 8.3.0


iNET II: before 8.3.0


CPE2.3
  • Full software list in CPE2.3 format available after registration.

    • External links

    http://ics-cert.us-cert.gov/advisories/icsa-22-090-06


    Q & A


    Can this vulnerability be exploited remotely?


    Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.


    Is there known malware, which exploits this vulnerability?


    No. We are not aware of malware exploiting this vulnerability.




    2)
    Support the originator by clicking the read the rest link below.

    multiple vulnerabilities general electric renewable energy radios
    Read The Rest from the original source
    cybersecurity-help.cz

    Related News

    Be in Touch

    All Rights Reserved #1 Source for Cyber Security News, Reports and Threat Intelligence
    Powered By The Internet!!!!