Common Weakness Enumeration

CWE-337

Allowed

Predictable Seed in Pseudo-Random Number Generator (PRNG)

Abstraction: Variant · Status: Draft

A Pseudo-Random Number Generator (PRNG) is initialized from a predictable seed, such as the process ID or system time.

23 vulnerabilities reference this CWE, most recent first.

CVE-2026-26018 (GCVE-0-2026-26018)

Vulnerability from cvelistv5 – Published: 2026-03-06 15:35 – Updated: 2026-07-15 01:15
VLAI
Title
CoreDNS Loop Detection Denial of Service Vulnerability
Summary
CoreDNS is a DNS server that chains plugins. Prior to version 1.14.2, a denial of service vulnerability exists in CoreDNS's loop detection plugin that allows an attacker to crash the DNS server by sending specially crafted DNS queries. The vulnerability stems from the use of a predictable pseudo-random number generator (PRNG) for generating a secret query name, combined with a fatal error handler that terminates the entire process. This issue has been patched in version 1.14.2.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-337 - Predictable Seed in Pseudo-Random Number Generator (PRNG)
  • CWE-770 - Allocation of Resources Without Limits or Throttling
  • CWE-400 - Uncontrolled Resource Consumption
  • CWE-1241 - Use of Predictable Algorithm in Random Number Generator
Assigner
Impacted products
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-26018",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-06T16:07:22.371186Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-06T16:07:31.587Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "affected": [
          {
            "collectionURL": "https://catalog.redhat.com/software/containers/",
            "cpes": [
              "cpe:/a:redhat:acm:2.13::el9"
            ],
            "defaultStatus": "affected",
            "packageName": "rhacm2/lighthouse-agent-rhel9",
            "product": "Red Hat Advanced Cluster Management for Kubernetes 2.13",
            "vendor": "Red Hat",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "1782924920",
                "versionType": "rpm"
              }
            ]
          },
          {
            "collectionURL": "https://catalog.redhat.com/software/containers/",
            "cpes": [
              "cpe:/a:redhat:acm:2.13::el9"
            ],
            "defaultStatus": "affected",
            "packageName": "rhacm2/lighthouse-coredns-rhel9",
            "product": "Red Hat Advanced Cluster Management for Kubernetes 2.13",
            "vendor": "Red Hat",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "1782924937",
                "versionType": "rpm"
              }
            ]
          },
          {
            "collectionURL": "https://catalog.redhat.com/software/containers/",
            "cpes": [
              "cpe:/a:redhat:acm:2.14::el9"
            ],
            "defaultStatus": "affected",
            "packageName": "rhacm2/lighthouse-agent-rhel9",
            "product": "Red Hat Advanced Cluster Management for Kubernetes 2.14",
            "vendor": "Red Hat",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "1780204232",
                "versionType": "rpm"
              }
            ]
          },
          {
            "collectionURL": "https://catalog.redhat.com/software/containers/",
            "cpes": [
              "cpe:/a:redhat:acm:2.14::el9"
            ],
            "defaultStatus": "affected",
            "packageName": "rhacm2/lighthouse-coredns-rhel9",
            "product": "Red Hat Advanced Cluster Management for Kubernetes 2.14",
            "vendor": "Red Hat",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "1780204249",
                "versionType": "rpm"
              }
            ]
          },
          {
            "collectionURL": "https://catalog.redhat.com/software/containers/",
            "cpes": [
              "cpe:/a:redhat:acm:2.15::el9"
            ],
            "defaultStatus": "affected",
            "packageName": "rhacm2/lighthouse-coredns-rhel9",
            "product": "Red Hat Advanced Cluster Management for Kubernetes 2.15",
            "vendor": "Red Hat",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "1774086225",
                "versionType": "rpm"
              }
            ]
          },
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/a:redhat:connectivity_link:1"
            ],
            "defaultStatus": "affected",
            "packageName": "rhcl-1/coredns-rhel9",
            "product": "Red Hat Connectivity Link 1",
            "vendor": "Red Hat"
          },
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/a:redhat:openshift:4"
            ],
            "defaultStatus": "unaffected",
            "packageName": "openshift4/ose-coredns-rhel9",
            "product": "Red Hat OpenShift Container Platform 4",
            "vendor": "Red Hat"
          }
        ],
        "datePublic": "2026-03-06T15:35:50.801Z",
        "descriptions": [
          {
            "lang": "en",
            "value": "A flaw was found in CoreDNS, a DNS server that chains plugins. A remote attacker can exploit this flaw by sending specially crafted DNS queries. This vulnerability exists in CoreDNS\u0027s loop detection plugin due to the use of a predictable pseudo-random number generator (PRNG) for generating a secret query name. Successful exploitation can lead to a denial of service (DoS) by crashing the DNS server."
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "namespace": "https://access.redhat.com/security/updates/classification/",
                "value": "Important"
              },
              "type": "Red Hat severity rating"
            }
          },
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            },
            "format": "CVSS"
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-1241",
                "description": "Use of Predictable Algorithm in Random Number Generator",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-15T01:15:33.876Z",
          "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
          "shortName": "redhat-SADP"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2026-26018"
          },
          {
            "name": "RHBZ#2445242",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445242"
          },
          {
            "tags": [
              "x_sadp-csaf-vex"
            ],
            "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-26018.json"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:36873"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:25127"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:8151"
          }
        ],
        "solutions": [
          {
            "lang": "en",
            "value": "RHSA-2026:36873: Red Hat Advanced Cluster Management for Kubernetes 2.13"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:25127: Red Hat Advanced Cluster Management for Kubernetes 2.14"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:8151: Red Hat Advanced Cluster Management for Kubernetes 2.15"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2026-03-06T16:01:38.150Z",
            "value": "Reported to Red Hat."
          },
          {
            "lang": "en",
            "time": "2026-03-06T15:35:50.801Z",
            "value": "Made public."
          }
        ],
        "title": "github.com/coredns/coredns: CoreDNS: Denial of Service vulnerability due to predictable pseudo-random number generation",
        "workarounds": [
          {
            "lang": "en",
            "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
          }
        ],
        "x_adpType": "supplier",
        "x_generator": {
          "engine": "sadp-cli 1.0.0"
        }
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "coredns",
          "vendor": "coredns",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.14.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "CoreDNS is a DNS server that chains plugins. Prior to version 1.14.2, a denial of service vulnerability exists in CoreDNS\u0027s loop detection plugin that allows an attacker to crash the DNS server by sending specially crafted DNS queries. The vulnerability stems from the use of a predictable pseudo-random number generator (PRNG) for generating a secret query name, combined with a fatal error handler that terminates the entire process. This issue has been patched in version 1.14.2."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-337",
              "description": "CWE-337: Predictable Seed in Pseudo-Random Number Generator (PRNG)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-770",
              "description": "CWE-770: Allocation of Resources Without Limits or Throttling",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "CWE-400: Uncontrolled Resource Consumption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-06T15:35:50.801Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/coredns/coredns/security/advisories/GHSA-h75p-j8xm-m278",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/coredns/coredns/security/advisories/GHSA-h75p-j8xm-m278"
        },
        {
          "name": "https://github.com/coredns/coredns/releases/tag/v1.14.2",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/coredns/coredns/releases/tag/v1.14.2"
        }
      ],
      "source": {
        "advisory": "GHSA-h75p-j8xm-m278",
        "discovery": "UNKNOWN"
      },
      "title": "CoreDNS Loop Detection Denial of Service Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-26018",
    "datePublished": "2026-03-06T15:35:50.801Z",
    "dateReserved": "2026-02-09T21:36:29.554Z",
    "dateUpdated": "2026-07-15T01:15:33.876Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-25235 (GCVE-0-2026-25235)

Vulnerability from cvelistv5 – Published: 2026-02-03 18:29 – Updated: 2026-02-04 20:34
VLAI
Title
PEAR Has a Predictable Verification Hash in Election Account Requests
Summary
PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, predictable verification hashes may allow attackers to guess verification tokens and potentially verify election account requests without authorization. This issue has been patched in version 1.33.0.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-337 - Predictable Seed in Pseudo-Random Number Generator (PRNG)
Assigner
References
Impacted products
Vendor Product Version
pear pearweb Affected: < 1.33.0
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-25235",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-04T20:34:51.725693Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-04T20:34:59.115Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "pearweb",
          "vendor": "pear",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.33.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, predictable verification hashes may allow attackers to guess verification tokens and potentially verify election account requests without authorization. This issue has been patched in version 1.33.0."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "NONE"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-337",
              "description": "CWE-337: Predictable Seed in Pseudo-Random Number Generator (PRNG)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-03T18:29:39.698Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/pear/pearweb/security/advisories/GHSA-477r-4cmw-3cgf",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/pear/pearweb/security/advisories/GHSA-477r-4cmw-3cgf"
        }
      ],
      "source": {
        "advisory": "GHSA-477r-4cmw-3cgf",
        "discovery": "UNKNOWN"
      },
      "title": "PEAR Has a Predictable Verification Hash in Election Account Requests"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-25235",
    "datePublished": "2026-02-03T18:29:39.698Z",
    "dateReserved": "2026-01-30T14:44:47.328Z",
    "dateUpdated": "2026-02-04T20:34:59.115Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-62710 (GCVE-0-2025-62710)

Vulnerability from cvelistv5 – Published: 2025-10-22 22:19 – Updated: 2025-10-24 18:28
VLAI
Title
Sakai kernel-impl: predictable PRNG used to generate server‑side encryption key in EncryptionUtilityServiceImpl
Summary
Sakai is a Collaboration and Learning Environment. Prior to versions 23.5 and 25.0, EncryptionUtilityServiceImpl initialized an AES256TextEncryptor password (serverSecretKey) using RandomStringUtils with the default java.util.Random. java.util.Random is a non‑cryptographic PRNG and can be predicted from limited state/seed information (e.g., start time window), substantially reducing the effective search space of the generated key. An attacker who can obtain ciphertexts (e.g., exported or at‑rest strings protected by this service) and approximate the PRNG seed can feasibly reconstruct the serverSecretKey and decrypt affected data. SAK-49866 is patched in Sakai 23.5, 25.0, and trunk.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-337 - Predictable Seed in Pseudo-Random Number Generator (PRNG)
Assigner
References
Impacted products
Vendor Product Version
sakaiproject sakai Affected: < 23.5
Affected: < 25.0
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-62710",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-23T15:37:06.777893Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-23T15:38:10.508Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "sakai",
          "vendor": "sakaiproject",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 23.5"
            },
            {
              "status": "affected",
              "version": "\u003c 25.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Sakai is a Collaboration and Learning Environment. Prior to versions 23.5 and 25.0, EncryptionUtilityServiceImpl initialized an AES256TextEncryptor password (serverSecretKey) using RandomStringUtils with the default java.util.Random. java.util.Random is a non\u2011cryptographic PRNG and can be predicted from limited state/seed information (e.g., start time window), substantially reducing the effective search space of the generated key. An attacker who can obtain ciphertexts (e.g., exported or at\u2011rest strings protected by this service) and approximate the PRNG seed can feasibly reconstruct the serverSecretKey and decrypt affected data. SAK-49866 is patched in Sakai 23.5, 25.0, and trunk."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-337",
              "description": "CWE-337: Predictable Seed in Pseudo-Random Number Generator (PRNG)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-24T18:28:07.317Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/sakaiproject/sakai/security/advisories/GHSA-gr7h-xw4f-wh86",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/sakaiproject/sakai/security/advisories/GHSA-gr7h-xw4f-wh86"
        },
        {
          "name": "https://github.com/sakaiproject/sakai/commit/bde070104b1de01f4a6458dca6d9e0880a0e3c04",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/sakaiproject/sakai/commit/bde070104b1de01f4a6458dca6d9e0880a0e3c04"
        }
      ],
      "source": {
        "advisory": "GHSA-gr7h-xw4f-wh86",
        "discovery": "UNKNOWN"
      },
      "title": "Sakai kernel-impl: predictable PRNG used to generate server\u2011side encryption key in EncryptionUtilityServiceImpl"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-62710",
    "datePublished": "2025-10-22T22:19:21.106Z",
    "dateReserved": "2025-10-20T19:41:22.739Z",
    "dateUpdated": "2025-10-24T18:28:07.317Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-55069 (GCVE-0-2025-55069)

Vulnerability from cvelistv5 – Published: 2025-09-23 22:15 – Updated: 2025-09-24 14:07
VLAI
Title
AutomationDirect CLICK PLUS Predictable Seed in Pseudo-Random Number Generator
Summary
A predictable seed in pseudo-random number generator vulnerability has been discovered in firmware version 3.60 of the Click Plus PLC. The vulnerability relies on the fact that the software implements a predictable seed for its pseudo-random number generator, which compromises the security of the generated private keys.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-337 - Predictable Seed in Pseudo-Random Number Generator
Assigner
Date Public
2025-09-23 16:00
Credits
Luca Borzacchiello and Diego Zaffaroni of Nozomi Networks reported these vulnerabilities to Automation Direct.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-55069",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-09-24T14:06:23.215875Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-09-24T14:07:59.115Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "CLICK PLUS C0-0x CPU firmware",
          "vendor": "AutomationDirect",
          "versions": [
            {
              "lessThan": "v3.71",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "CLICK PLUS C0-1x CPU firmware",
          "vendor": "AutomationDirect",
          "versions": [
            {
              "lessThan": "v3.71",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "CLICK PLUS C2-x CPU firmware",
          "vendor": "AutomationDirect",
          "versions": [
            {
              "lessThan": "v3.71",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Luca Borzacchiello and Diego Zaffaroni of Nozomi Networks reported these vulnerabilities to Automation Direct."
        }
      ],
      "datePublic": "2025-09-23T16:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA predictable seed in pseudo-random number generator vulnerability has been discovered in firmware version 3.60 of the Click Plus PLC. The vulnerability relies on the fact that the software implements a predictable seed for its pseudo-random number generator, which compromises the security of the generated private keys.\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e"
            }
          ],
          "value": "A predictable seed in pseudo-random number generator vulnerability has been discovered in firmware version 3.60 of the Click Plus PLC. The vulnerability relies on the fact that the software implements a predictable seed for its pseudo-random number generator, which compromises the security of the generated private keys."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "PASSIVE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "LOW",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 8.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-337",
              "description": "CWE-337 Predictable Seed in Pseudo-Random Number Generator",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-23T22:15:46.833Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-266-01"
        },
        {
          "url": "https://www.automationdirect.com/support/software-downloads"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eAutomationDirect recommends that users update CLICK PLUS and firmware to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.automationdirect.com/support/software-downloads\"\u003eV3.80.\u003c/a\u003e\u003c/p\u003e\u003cp\u003eIf the update cannot be applied right away, the following compensating controls are recommended until the upgrade can be performed:\u003c/p\u003e\u003cul\u003e\u003cli\u003eNetwork Isolation \u2013 Disconnect the CLICK PLUS PLC from external networks (e.g., the internet or corporate LAN) to reduce exposure.\u003c/li\u003e\u003cli\u003eSecure Communications \u2013 Use only trusted, dedicated internal networks or air-gapped systems for device communication.\u003c/li\u003e\u003cli\u003eAccess Control \u2013 Restrict both physical and logical access to authorized personnel only.\u003c/li\u003e\u003cli\u003eApplication Whitelisting \u2013 Configure whitelisting so that only trusted, pre-approved applications are allowed to run. Block any unauthorized software.\u003c/li\u003e\u003cli\u003eEndpoint Protection \u2013 Use antivirus or EDR tools and configure host-based firewalls to block unauthorized access attempts.\u003c/li\u003e\u003cli\u003eLogging \u0026amp; Monitoring \u2013 Enable and regularly review system logs to detect suspicious or unauthorized activity.\u003c/li\u003e\u003cli\u003eBackup \u0026amp; Recovery \u2013 Maintain secure, tested backups of the PLC and its configurations to minimize downtime in case of an incident.\u003c/li\u003e\u003cli\u003eOngoing Risk Assessment \u2013 Continuously evaluate risks associated with running outdated firmware and adjust compensating measures accordingly.\u003c/li\u003e\u003c/ul\u003e\n\n\u003cbr\u003e"
            }
          ],
          "value": "AutomationDirect recommends that users update CLICK PLUS and firmware to  V3.80. https://www.automationdirect.com/support/software-downloads \n\nIf the update cannot be applied right away, the following compensating controls are recommended until the upgrade can be performed:\n\n  *  Network Isolation \u2013 Disconnect the CLICK PLUS PLC from external networks (e.g., the internet or corporate LAN) to reduce exposure.\n  *  Secure Communications \u2013 Use only trusted, dedicated internal networks or air-gapped systems for device communication.\n  *  Access Control \u2013 Restrict both physical and logical access to authorized personnel only.\n  *  Application Whitelisting \u2013 Configure whitelisting so that only trusted, pre-approved applications are allowed to run. Block any unauthorized software.\n  *  Endpoint Protection \u2013 Use antivirus or EDR tools and configure host-based firewalls to block unauthorized access attempts.\n  *  Logging \u0026 Monitoring \u2013 Enable and regularly review system logs to detect suspicious or unauthorized activity.\n  *  Backup \u0026 Recovery \u2013 Maintain secure, tested backups of the PLC and its configurations to minimize downtime in case of an incident.\n  *  Ongoing Risk Assessment \u2013 Continuously evaluate risks associated with running outdated firmware and adjust compensating measures accordingly."
        }
      ],
      "source": {
        "advisory": "ICSA-25-266-01",
        "discovery": "EXTERNAL"
      },
      "title": "AutomationDirect CLICK PLUS Predictable Seed in Pseudo-Random Number Generator",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2025-55069",
    "datePublished": "2025-09-23T22:15:46.833Z",
    "dateReserved": "2025-09-16T20:09:26.643Z",
    "dateUpdated": "2025-09-24T14:07:59.115Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-20613 (GCVE-0-2025-20613)

Vulnerability from cvelistv5 – Published: 2025-08-12 16:58 – Updated: 2025-08-12 19:22
VLAI
Summary
Predictable Seed in Pseudo-Random Number Generator (PRNG) in the firmware for some Intel(R) TDX may allow an authenticated user to potentially enable information disclosure via local access.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • Information Disclosure
  • CWE-337 - Predictable Seed in Pseudo-Random Number Generator (PRNG)
Assigner
Impacted products
Vendor Product Version
n/a Intel(R) TDX Affected: See references
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-20613",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-12T19:22:09.607908Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-12T19:22:19.332Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Intel(R) TDX",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "See references"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Predictable Seed in Pseudo-Random Number Generator (PRNG) in the firmware for some Intel(R) TDX may allow an authenticated user to potentially enable information disclosure via local access."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "LOCAL",
            "baseScore": 2,
            "baseSeverity": "LOW",
            "privilegesRequired": "LOW",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "NONE"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Information Disclosure",
              "lang": "en"
            },
            {
              "cweId": "CWE-337",
              "description": "Predictable Seed in Pseudo-Random Number Generator (PRNG)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-12T16:58:20.129Z",
        "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
        "shortName": "intel"
      },
      "references": [
        {
          "name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01312.html",
          "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01312.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
    "assignerShortName": "intel",
    "cveId": "CVE-2025-20613",
    "datePublished": "2025-08-12T16:58:20.129Z",
    "dateReserved": "2025-01-08T04:00:28.773Z",
    "dateUpdated": "2025-08-12T19:22:19.332Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-7770 (GCVE-0-2025-7770)

Vulnerability from cvelistv5 – Published: 2025-08-06 20:45 – Updated: 2025-08-07 14:49
VLAI
Title
Predictable Seed in Pseudo-Random Number Generator (PRNG) in Tigo Energy Cloud Connect Advanced
Summary
Tigo Energy's CCA device is vulnerable to insecure session ID generation in their remote API. The session IDs are generated using a predictable method based on the current timestamp, allowing attackers to recreate valid session IDs. When combined with the ability to circumvent session ID requirements for certain commands, this enables unauthorized access to sensitive device functions on connected solar optimization systems.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-337 - Predictable Seed in Pseudo-Random Number Generator (PRNG)
Assigner
References
Impacted products
Vendor Product Version
Tigo Energy Cloud Connect Advanced Affected: 0 , ≤ 4.0.1 (custom)
Create a notification for this product.
Credits
Anthony Rose of BC Security Jacob Krasnov of BC Security Peter Kariuki of Ovanova
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-7770",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-07T14:48:51.061697Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-07T14:49:00.875Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Cloud Connect Advanced",
          "vendor": "Tigo Energy",
          "versions": [
            {
              "lessThanOrEqual": "4.0.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Anthony Rose of BC Security"
        },
        {
          "lang": "en",
          "type": "reporter",
          "value": "Jacob Krasnov of BC Security"
        },
        {
          "lang": "en",
          "type": "reporter",
          "value": "Peter Kariuki of Ovanova"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003e\n\n\n\n\u003c/p\u003e\u003cp\u003eTigo Energy\u0027s CCA device is vulnerable to insecure session ID generation in their remote API. The session IDs are generated using a predictable method based on the current timestamp, allowing attackers to recreate valid session IDs. When combined with the ability to circumvent session ID requirements for certain commands, this enables unauthorized access to sensitive device functions on connected solar optimization systems.\u003c/p\u003e\n\n\n\n\u003cp\u003e\u003c/p\u003e"
            }
          ],
          "value": "Tigo Energy\u0027s CCA device is vulnerable to insecure session ID generation in their remote API. The session IDs are generated using a predictable method based on the current timestamp, allowing attackers to recreate valid session IDs. When combined with the ability to circumvent session ID requirements for certain commands, this enables unauthorized access to sensitive device functions on connected solar optimization systems."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-337",
              "description": "CWE-337 Predictable Seed in Pseudo-Random Number Generator (PRNG)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-06T20:45:06.780Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "tags": [
            "government-resource"
          ],
          "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-217-02"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Predictable Seed in Pseudo-Random Number Generator (PRNG) in Tigo Energy Cloud Connect Advanced",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Tigo Energy is aware of these vulnerabilities and is actively working on a fix to address them.\u003cbr\u003e\u003cbr\u003eVisit Tigo Energy\u0027s Help Center for more specific security recommendations.\u003cbr\u003e"
            }
          ],
          "value": "Tigo Energy is aware of these vulnerabilities and is actively working on a fix to address them.\n\nVisit Tigo Energy\u0027s Help Center for more specific security recommendations."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2025-7770",
    "datePublished": "2025-08-06T20:45:06.780Z",
    "dateReserved": "2025-07-17T15:44:01.345Z",
    "dateUpdated": "2025-08-07T14:49:00.875Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-22194 (GCVE-0-2024-22194)

Vulnerability from cvelistv5 – Published: 2024-01-11 02:21 – Updated: 2025-06-03 14:25
VLAI
Title
cdo-local-uuid vulnerable to insertion of artifact derived from developer's Present Working Directory into demonstration code
Summary
cdo-local-uuid project provides a specialized UUID-generating function that can, on user request, cause a program to generate deterministic UUIDs. An information leakage vulnerability is present in `cdo-local-uuid` at version `0.4.0`, and in `case-utils` in unpatched versions (matching the pattern `0.x.0`) at and since `0.5.0`, before `0.15.0`. The vulnerability stems from a Python function, `cdo_local_uuid.local_uuid()`, and its original implementation `case_utils.local_uuid()`.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-215 - Insertion of Sensitive Information Into Debugging Code
  • CWE-337 - Predictable Seed in Pseudo-Random Number Generator (PRNG)
Assigner
Impacted products
Vendor Product Version
Cyber-Domain-Ontology CDO-Utility-Local-UUID Affected: = 0.4.0
Affected: = 0.5.0
Affected: = 0.6.0
Affected: = 0.7.0
Affected: = 0.8.0
Affected: = 0.9.0
Affected: = 0.10.0
Affected: = 0.11.0
Affected: = 0.12.0
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:35:34.933Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID/security/advisories/GHSA-rgrf-6mf5-m882",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID/security/advisories/GHSA-rgrf-6mf5-m882"
          },
          {
            "name": "https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID/pull/3",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID/pull/3"
          },
          {
            "name": "https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID/pull/4",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID/pull/4"
          },
          {
            "name": "https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID/commit/9e78f7cb1075728d0aafc918514f32a1392cd235",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID/commit/9e78f7cb1075728d0aafc918514f32a1392cd235"
          },
          {
            "name": "https://github.com/casework/CASE-Utilities-Python/commit/00864cd12de7c50d882dd1a74915d32e939c25f9",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/casework/CASE-Utilities-Python/commit/00864cd12de7c50d882dd1a74915d32e939c25f9"
          },
          {
            "name": "https://github.com/casework/CASE-Utilities-Python/commit/1cccae8eb3cf94b3a28f6490efa0fbf5c82ebd6b",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/casework/CASE-Utilities-Python/commit/1cccae8eb3cf94b3a28f6490efa0fbf5c82ebd6b"
          },
          {
            "name": "https://github.com/casework/CASE-Utilities-Python/commit/5acb929dfb599709d1c8c90d1824dd79e0fd9e10",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/casework/CASE-Utilities-Python/commit/5acb929dfb599709d1c8c90d1824dd79e0fd9e10"
          },
          {
            "name": "https://github.com/casework/CASE-Utilities-Python/commit/7e02d18383eabbeb9fb4ec97d81438c9980a4790",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/casework/CASE-Utilities-Python/commit/7e02d18383eabbeb9fb4ec97d81438c9980a4790"
          },
          {
            "name": "https://github.com/casework/CASE-Utilities-Python/commit/80551f49241c874c7c50e14abe05c5017630dad2",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/casework/CASE-Utilities-Python/commit/80551f49241c874c7c50e14abe05c5017630dad2"
          },
          {
            "name": "https://github.com/casework/CASE-Utilities-Python/commit/939775f956796d0432ecabbf62782ed7ad1007b5",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/casework/CASE-Utilities-Python/commit/939775f956796d0432ecabbf62782ed7ad1007b5"
          },
          {
            "name": "https://github.com/casework/CASE-Utilities-Python/commit/db428a0745dac4fdd888ced9c52f617695519f9d",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/casework/CASE-Utilities-Python/commit/db428a0745dac4fdd888ced9c52f617695519f9d"
          },
          {
            "name": "https://github.com/casework/CASE-Utilities-Python/commit/e4ffadc3d56fd303b8f465d727c4a58213d311a1",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/casework/CASE-Utilities-Python/commit/e4ffadc3d56fd303b8f465d727c4a58213d311a1"
          },
          {
            "name": "https://github.com/casework/CASE-Utilities-Python/commit/fca7388f09feccd3b9ea88e6df9c7a43a5349452",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/casework/CASE-Utilities-Python/commit/fca7388f09feccd3b9ea88e6df9c7a43a5349452"
          },
          {
            "name": "https://github.com/casework/CASE-Utilities-Python/commit/fdc32414eccfcbde6be0fd91b7f491cc0779b02d#diff-e60b9cb8fb480ed27283a030a0898be3475992d78228f4045b12ce5cbb2f0509",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/casework/CASE-Utilities-Python/commit/fdc32414eccfcbde6be0fd91b7f491cc0779b02d#diff-e60b9cb8fb480ed27283a030a0898be3475992d78228f4045b12ce5cbb2f0509"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-22194",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-08T20:11:54.538835Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-03T14:25:30.740Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "CDO-Utility-Local-UUID",
          "vendor": "Cyber-Domain-Ontology",
          "versions": [
            {
              "status": "affected",
              "version": "= 0.4.0"
            },
            {
              "status": "affected",
              "version": "= 0.5.0"
            },
            {
              "status": "affected",
              "version": "= 0.6.0"
            },
            {
              "status": "affected",
              "version": "= 0.7.0"
            },
            {
              "status": "affected",
              "version": "= 0.8.0"
            },
            {
              "status": "affected",
              "version": "= 0.9.0"
            },
            {
              "status": "affected",
              "version": "= 0.10.0"
            },
            {
              "status": "affected",
              "version": "= 0.11.0"
            },
            {
              "status": "affected",
              "version": "= 0.12.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "cdo-local-uuid project provides a specialized UUID-generating function that can, on user request, cause a program to generate deterministic UUIDs. An information leakage vulnerability is present in `cdo-local-uuid` at version `0.4.0`, and in `case-utils` in unpatched versions (matching the pattern `0.x.0`) at and since `0.5.0`, before `0.15.0`. The vulnerability stems from a Python function, `cdo_local_uuid.local_uuid()`, and its original implementation `case_utils.local_uuid()`. "
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.2,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-215",
              "description": "CWE-215: Insertion of Sensitive Information Into Debugging Code",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-337",
              "description": "CWE-337: Predictable Seed in Pseudo-Random Number Generator (PRNG)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-11T02:21:53.758Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID/security/advisories/GHSA-rgrf-6mf5-m882",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID/security/advisories/GHSA-rgrf-6mf5-m882"
        },
        {
          "name": "https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID/pull/3",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID/pull/3"
        },
        {
          "name": "https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID/pull/4",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID/pull/4"
        },
        {
          "name": "https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID/commit/9e78f7cb1075728d0aafc918514f32a1392cd235",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID/commit/9e78f7cb1075728d0aafc918514f32a1392cd235"
        },
        {
          "name": "https://github.com/casework/CASE-Utilities-Python/commit/00864cd12de7c50d882dd1a74915d32e939c25f9",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/casework/CASE-Utilities-Python/commit/00864cd12de7c50d882dd1a74915d32e939c25f9"
        },
        {
          "name": "https://github.com/casework/CASE-Utilities-Python/commit/1cccae8eb3cf94b3a28f6490efa0fbf5c82ebd6b",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/casework/CASE-Utilities-Python/commit/1cccae8eb3cf94b3a28f6490efa0fbf5c82ebd6b"
        },
        {
          "name": "https://github.com/casework/CASE-Utilities-Python/commit/5acb929dfb599709d1c8c90d1824dd79e0fd9e10",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/casework/CASE-Utilities-Python/commit/5acb929dfb599709d1c8c90d1824dd79e0fd9e10"
        },
        {
          "name": "https://github.com/casework/CASE-Utilities-Python/commit/7e02d18383eabbeb9fb4ec97d81438c9980a4790",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/casework/CASE-Utilities-Python/commit/7e02d18383eabbeb9fb4ec97d81438c9980a4790"
        },
        {
          "name": "https://github.com/casework/CASE-Utilities-Python/commit/80551f49241c874c7c50e14abe05c5017630dad2",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/casework/CASE-Utilities-Python/commit/80551f49241c874c7c50e14abe05c5017630dad2"
        },
        {
          "name": "https://github.com/casework/CASE-Utilities-Python/commit/939775f956796d0432ecabbf62782ed7ad1007b5",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/casework/CASE-Utilities-Python/commit/939775f956796d0432ecabbf62782ed7ad1007b5"
        },
        {
          "name": "https://github.com/casework/CASE-Utilities-Python/commit/db428a0745dac4fdd888ced9c52f617695519f9d",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/casework/CASE-Utilities-Python/commit/db428a0745dac4fdd888ced9c52f617695519f9d"
        },
        {
          "name": "https://github.com/casework/CASE-Utilities-Python/commit/e4ffadc3d56fd303b8f465d727c4a58213d311a1",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/casework/CASE-Utilities-Python/commit/e4ffadc3d56fd303b8f465d727c4a58213d311a1"
        },
        {
          "name": "https://github.com/casework/CASE-Utilities-Python/commit/fca7388f09feccd3b9ea88e6df9c7a43a5349452",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/casework/CASE-Utilities-Python/commit/fca7388f09feccd3b9ea88e6df9c7a43a5349452"
        },
        {
          "name": "https://github.com/casework/CASE-Utilities-Python/commit/fdc32414eccfcbde6be0fd91b7f491cc0779b02d#diff-e60b9cb8fb480ed27283a030a0898be3475992d78228f4045b12ce5cbb2f0509",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/casework/CASE-Utilities-Python/commit/fdc32414eccfcbde6be0fd91b7f491cc0779b02d#diff-e60b9cb8fb480ed27283a030a0898be3475992d78228f4045b12ce5cbb2f0509"
        }
      ],
      "source": {
        "advisory": "GHSA-rgrf-6mf5-m882",
        "discovery": "UNKNOWN"
      },
      "title": "cdo-local-uuid vulnerable to insertion of artifact derived from developer\u0027s Present Working Directory into demonstration code"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-22194",
    "datePublished": "2024-01-11T02:21:53.758Z",
    "dateReserved": "2024-01-08T04:59:27.371Z",
    "dateUpdated": "2025-06-03T14:25:30.740Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-7558 (GCVE-0-2024-7558)

Vulnerability from cvelistv5 – Published: 2024-10-02 10:06 – Updated: 2024-10-02 13:59
VLAI
Summary
JUJU_CONTEXT_ID is a predictable authentication secret. On a Juju machine (non-Kubernetes) or Juju charm container (on Kubernetes), an unprivileged user in the same network namespace can connect to an abstract domain socket and guess the JUJU_CONTEXT_ID value. This gives the unprivileged user access to the same information and tools as the Juju charm.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-337 - Predictable Seed in Pseudo-Random Number Generator (PRNG)
  • CWE-340 - Generation of Predictable Numbers or Identifiers
  • CWE-1391 - Use of Weak Credentials
Assigner
References
Impacted products
Vendor Product Version
Canonical Ltd. Juju Affected: 3.5 , < 3.5.4 (semver)
Affected: 3.4 , < 3.4.6 (semver)
Affected: 3.3 , < 3.3.7 (semver)
Affected: 3.1 , < 3.1.10 (semver)
Affected: 2.9 , < 2.9.51 (semver)
Create a notification for this product.
Credits
Harry Pidcock Harry Pidcock Mark Esler
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-7558",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-02T13:58:28.823188Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-02T13:59:04.171Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "packageName": "juju",
          "platforms": [
            "Linux"
          ],
          "product": "Juju",
          "repo": "https://github.com/juju/juju",
          "vendor": "Canonical Ltd.",
          "versions": [
            {
              "lessThan": "3.5.4",
              "status": "affected",
              "version": "3.5",
              "versionType": "semver"
            },
            {
              "lessThan": "3.4.6",
              "status": "affected",
              "version": "3.4",
              "versionType": "semver"
            },
            {
              "lessThan": "3.3.7",
              "status": "affected",
              "version": "3.3",
              "versionType": "semver"
            },
            {
              "lessThan": "3.1.10",
              "status": "affected",
              "version": "3.1",
              "versionType": "semver"
            },
            {
              "lessThan": "2.9.51",
              "status": "affected",
              "version": "2.9",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Harry Pidcock"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "Harry Pidcock"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "Mark Esler"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "JUJU_CONTEXT_ID is a predictable authentication secret. On a Juju machine (non-Kubernetes) or Juju charm container (on Kubernetes), an unprivileged user in the same network namespace can connect to an abstract domain socket and guess the JUJU_CONTEXT_ID value. This gives the unprivileged user access to the same information and tools as the Juju charm."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-337",
              "description": "CWE-337: Predictable Seed in Pseudo-Random Number Generator (PRNG)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-340",
              "description": "CWE-340: Generation of Predictable Numbers or Identifiers",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-1391",
              "description": "CWE-1391: Use of Weak Credentials",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-02T10:06:31.098Z",
        "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
        "shortName": "canonical"
      },
      "references": [
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://github.com/juju/juju/security/advisories/GHSA-mh98-763h-m9v4"
        },
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-7558"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
    "assignerShortName": "canonical",
    "cveId": "CVE-2024-7558",
    "datePublished": "2024-10-02T10:06:31.098Z",
    "dateReserved": "2024-08-06T13:45:13.579Z",
    "dateUpdated": "2024-10-02T13:59:04.171Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-49343 (GCVE-0-2023-49343)

Vulnerability from cvelistv5 – Published: 2023-12-14 21:31 – Updated: 2024-08-02 21:53
VLAI
Summary
Temporary data passed between application components by Budgie Extras Dropby applet could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may pre-create and control this file to present false information to users or deny access to the application and panel.
Assigner
Impacted products
Vendor Product Version
Ubuntu Budgie Budgie Extras Affected: v1.4.0 , < v1.7.1 (semver)
Create a notification for this product.
Date Public
2023-12-14 00:00
Credits
Sam Lane David Mohammed
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T21:53:44.977Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "issue-tracking",
              "x_transferred"
            ],
            "url": "https://github.com/UbuntuBudgie/budgie-extras/security/advisories/GHSA-27g2-7x65-3cc5"
          },
          {
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "https://ubuntu.com/security/notices/USN-6556-1"
          },
          {
            "tags": [
              "issue-tracking",
              "x_transferred"
            ],
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49343"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "packageName": "budgie-extras",
          "platforms": [
            "Linux"
          ],
          "product": "Budgie Extras",
          "vendor": "Ubuntu Budgie",
          "versions": [
            {
              "lessThan": "v1.7.1",
              "status": "affected",
              "version": "v1.4.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "analyst",
          "value": "Sam Lane"
        },
        {
          "lang": "en",
          "type": "remediation verifier",
          "value": "David Mohammed"
        }
      ],
      "datePublic": "2023-12-14T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Temporary data passed between application components by Budgie Extras Dropby applet could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may pre-create and control this file to present false information to users or deny access to the application and panel."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-337",
              "description": "CWE-337",
              "lang": "en",
              "type": "CWE"
            },
            {
              "cweId": "CWE-668",
              "description": "CWE-668",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-12-14T21:31:00.844Z",
        "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
        "shortName": "canonical"
      },
      "references": [
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://github.com/UbuntuBudgie/budgie-extras/security/advisories/GHSA-27g2-7x65-3cc5"
        },
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://ubuntu.com/security/notices/USN-6556-1"
        },
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49343"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
    "assignerShortName": "canonical",
    "cveId": "CVE-2023-49343",
    "datePublished": "2023-12-14T21:31:00.844Z",
    "dateReserved": "2023-11-27T03:17:52.865Z",
    "dateUpdated": "2024-08-02T21:53:44.977Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-40267 (GCVE-0-2022-40267)

Vulnerability from cvelistv5 – Published: 2023-01-20 07:52 – Updated: 2024-08-03 12:14
VLAI
Title
Authentication Bypass Vulnerability in Web Server Function on MELSEC Series
Summary
Predictable Seed in Pseudo-Random Number Generator (PRNG) vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-xMy/z (x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) with serial number 17X**** or later, and versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-xMy/z (x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) with serial number 179**** and prior, and versions 1.074 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-xMy/z (x=32,64,96, y=T, z=D,DSS)) with serial number 17X**** or later, and versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-xMy/z (x=32,64,96, y=T, z=D,DSS)) with serial number 179**** and prior, and versions 1.074 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-32MT/DS-TS versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-32MT/DSS-TS versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-xMy/z (x=24,40,60, y=T,R, z=ES,ESS) versions 1.042 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-xMy/ES-A (x=24,40,60, y=T,R) versions 1.043 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5S-xMy/z (x=30,40,60,80, y=T,R, z=ES,ESS) versions 1.003 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-32MR/DS-TS versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R00/01/02CPU versions 33 and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120(EN)CPU versions 66 and prior allows a remote unauthenticated attacker to access the Web server function by guessing the random numbers used for authentication from several used random numbers.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-337 - Predictable Seed in Pseudo-Random Number Generator (PRNG)
Assigner
Impacted products
Vendor Product Version
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-32MT/ES Affected: serial number 17X**** or later, and versions 1.280 and prior
Affected: serial number 179**** and prior, and versions 1.074 and prior
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-64MT/ES Affected: serial number 17X**** or later, and versions 1.280 and prior
Affected: serial number 179**** and prior, and versions 1.074 and prior
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Seres FX5U-80MT/ES Affected: serial number 17X**** or later, and versions 1.280 and prior
Affected: serial number 179**** and prior, and versions 1.074 and prior
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-32MR/ES Affected: serial number 17X**** or later, and versions 1.280 and prior
Affected: serial number 179**** and prior, and versions 1.074 and prior
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-64MR/ES Affected: serial number 17X**** or later, and versions 1.280 and prior
Affected: serial number 179**** and prior, and versions 1.074 and prior
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-80MR/ES Affected: serial number 17X**** or later, and versions 1.280 and prior
Affected: serial number 179**** and prior, and versions 1.074 and prior
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-32MT/DS Affected: serial number 17X**** or later, and versions 1.280 and prior
Affected: serial number 179**** and prior, and versions 1.074 and prior
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-64MT/DS Affected: serial number 17X**** or later, and versions 1.280 and prior
Affected: serial number 179**** and prior, and versions 1.074 and prior
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-80MT/DS Affected: serial number 17X**** or later, and versions 1.280 and prior
Affected: serial number 179**** and prior, and versions 1.074 and prior
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-32MR/DS Affected: serial number 17X**** or later, and versions 1.280 and prior
Affected: serial number 179**** and prior, and versions 1.074 and prior
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-64MR/DS Affected: serial number 17X**** or later, and versions 1.280 and prior
Affected: serial number 179**** and prior, and versions 1.074 and prior
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-80MR/DS Affected: serial number 17X**** or later, and versions 1.280 and prior
Affected: serial number 179**** and prior, and versions 1.074 and prior
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-32MT/ESS Affected: serial number 17X**** or later, and versions 1.280 and prior
Affected: serial number 179**** and prior, and versions 1.074 and prior
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-64MT/ESS Affected: serial number 17X**** or later, and versions 1.280 and prior
Affected: serial number 179**** and prior, and versions 1.074 and prior
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-80MT/ESS Affected: serial number 17X**** or later, and versions 1.280 and prior
Affected: serial number 179**** and prior, and versions 1.074 and prior
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-32MT/DSS Affected: serial number 17X**** or later, and versions 1.280 and prior
Affected: serial number 179**** and prior, and versions 1.074 and prior
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-64MT/DSS Affected: serial number 17X**** or later, and versions 1.280 and prior
Affected: serial number 179**** and prior, and versions 1.074 and prior
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-80MT/DSS Affected: serial number 17X**** or later, and versions 1.280 and prior
Affected: serial number 179**** and prior, and versions 1.074 and prior
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-32MT/D Affected: serial number 17X**** or later, and versions 1.280 and prior
Affected: serial number 179**** and prior, and versions 1.074 and prior
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-64MT/D Affected: serial number 17X**** or later, and versions 1.280 and prior
Affected: serial number 179**** and prior, and versions 1.074 and prior
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-96MT/D Affected: serial number 17X**** or later, and versions 1.280 and prior
Affected: serial number 179**** and prior, and versions 1.074 and prior
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-32MT/DSS Affected: serial number 17X**** or later, and versions 1.280 and prior
Affected: serial number 179**** and prior, and versions 1.074 and prior
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-64MT/DSS Affected: serial number 17X**** or later, and versions 1.280 and prior
Affected: serial number 179**** and prior, and versions 1.074 and prior
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-96MT/DSS Affected: serial number 17X**** or later, and versions 1.280 and prior
Affected: serial number 179**** and prior, and versions 1.074 and prior
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-32MT/DS-TS Affected: versions 1.280 and prior
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-32MT/DSS-TS Affected: versions 1.280 and prior
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-32MR/DS-TS Affected: versions 1.280 and prior
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-R Series R00CPU Affected: versions 33 and prior
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-R Series R01CPU Affected: versions 33 and prior
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-R Series R02CPU Affected: versions 33 and prior
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-R Series R04CPU Affected: versions 66 and prior
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-R Series R08CPU Affected: versions 66 and prior
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-R Series R16CPU Affected: versions 66 and prior
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-R Series R32CPU Affected: versions 66 and prior
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-R Series R120CPU Affected: versions 66 and prior
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-R Series R04ENCPU Affected: versions 66 and prior
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-R Series R08ENCPU Affected: versions 66 and prior
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-R Series R16ENCPU Affected: versions 66 and prior
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-R Series R32ENCPU Affected: versions 66 and prior
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-R Series R120ENCPU Affected: versions 66 and prior
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-24MT/ES Affected: 1.042 and prior
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-40MT/ES Affected: 1.042 and prior
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-60MT/ES Affected: 1.042 and prior
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-24MR/ES Affected: 1.042 and prior
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-40MR/ES Affected: 1.042 and prior
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-60MR/ES Affected: 1.042 and prior
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-24MT/ESS Affected: 1.042 and prior
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-40MT/ESS Affected: 1.042 and prior
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-60MT/ESS Affected: 1.042 and prior
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-24MT/ES-A Affected: 1.043 and prior
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-40MT/ES-A Affected: 1.043 and prior
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-60MT/ES-A Affected: 1.043 and prior
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-24MR/ES-A Affected: 1.043 and prior
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-40MR/ES-A Affected: 1.043 and prior
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-60MR/ES-A Affected: 1.043 and prior
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5S-30MT/ES Affected: 1.003 and prior
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5S-40MT/ES Affected: 1.003 and prior
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5S-60MT/ES Affected: 1.003 and prior
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5S-80MT/ES Affected: 1.003 and prior
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5S-30MR/ES Affected: 1.003 and prior
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5S-40MR/ES Affected: 1.003 and prior
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5S-60MR/ES Affected: 1.003 and prior
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5S-80MR/ES Affected: 1.003 and prior
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5S-30MT/ESS Affected: 1.003 and prior
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5S-40MT/ESS Affected: 1.003 and prior
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5S-60MT/ESS Affected: 1.003 and prior
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5S-80MT/ESS Affected: 1.003 and prior
Create a notification for this product.
mitsubishielectric fx5u-80mt\/ess_firmware Affected: 0 , ≤ 1.042 (custom)
    cpe:2.3:o:mitsubishielectric:fx5u-80mt\/ess_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
mitsubishielectric fx5u-32mt\/dss_firmware Affected: 0 , ≤ 1.042 (custom)
    cpe:2.3:o:mitsubishielectric:fx5u-32mt\/dss_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
mitsubishielectric fx5u-64mt\/dss_firmware Affected: 0 , ≤ 1.042 (custom)
    cpe:2.3:o:mitsubishielectric:fx5u-64mt\/dss_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
mitsubishielectric fx5u-80mt\/dss_firmware Affected: 0 , ≤ 1.042 (custom)
    cpe:2.3:o:mitsubishielectric:fx5u-80mt\/dss_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
mitsubishielectric fx5uc-32mt\/d_firmware Affected: 0 , ≤ 1.042 (custom)
    cpe:2.3:o:mitsubishielectric:fx5uc-32mt\/d_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
mitsubishielectric fx5uc-64mt\/d_firmware Affected: 0 , ≤ 1.042 (custom)
    cpe:2.3:o:mitsubishielectric:fx5uc-64mt\/d_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
mitsubishielectric fx5uc-96mt\/d_firmware Affected: 0 , ≤ 1.042 (custom)
    cpe:2.3:o:mitsubishielectric:fx5uc-96mt\/d_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
mitsubishielectric fx5uc-32mt\/dss_firmware Affected: 0 , ≤ 1.042 (custom)
    cpe:2.3:o:mitsubishielectric:fx5uc-32mt\/dss_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
mitsubishielectric fx5uc-64mt\/dss_firmware Affected: 0 , ≤ 1.042 (custom)
    cpe:2.3:o:mitsubishielectric:fx5uc-64mt\/dss_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
mitsubishielectric fx5uc-96mt\/dss_firmware Affected: 0 , ≤ 1.042 (custom)
    cpe:2.3:o:mitsubishielectric:fx5uc-96mt\/dss_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
mitsubishielectric fx5uc-32mt\/ds-ts_firmware Affected: 0 , ≤ 1.042 (custom)
    cpe:2.3:o:mitsubishielectric:fx5uc-32mt\/ds-ts_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
mitsubishielectric fx5uc-32mt\/dss-ts_firmware Affected: 0 , ≤ 1.042 (custom)
    cpe:2.3:o:mitsubishielectric:fx5uc-32mt\/dss-ts_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
mitsubishielectric fx5uc-32mr\/ds-ts_firmware Affected: 0 , ≤ 1.042 (custom)
    cpe:2.3:o:mitsubishielectric:fx5uc-32mr\/ds-ts_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
mitsubishielectric r00cpu_firmware Affected: 0 , ≤ 1.042 (custom)
    cpe:2.3:o:mitsubishielectric:r00cpu_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
mitsubishielectric r01cpu_firmware Affected: 0 , ≤ 1.042 (custom)
    cpe:2.3:o:mitsubishielectric:r01cpu_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
mitsubishielectric r02cpu_firmware Affected: 0 , ≤ 1.042 (custom)
    cpe:2.3:o:mitsubishielectric:r02cpu_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
mitsubishielectric r04cpu_firmware Affected: 0 , ≤ 1.042 (custom)
    cpe:2.3:o:mitsubishielectric:r04cpu_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
mitsubishielectric r08cpu_firmware Affected: 0 , ≤ 1.042 (custom)
    cpe:2.3:o:mitsubishielectric:r08cpu_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
mitsubishielectric r16cpu_firmware Affected: 0 , ≤ 1.042 (custom)
    cpe:2.3:o:mitsubishielectric:r16cpu_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
mitsubishielectric r32cpu_firmware Affected: 0 , ≤ 1.042 (custom)
    cpe:2.3:o:mitsubishielectric:r32cpu_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
mitsubishielectric r120cpu_firmware Affected: 0 , ≤ 1.042 (custom)
    cpe:2.3:o:mitsubishielectric:r120cpu_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
mitsubishielectric r04encpu_firmware Affected: 0 , ≤ 1.042 (custom)
    cpe:2.3:o:mitsubishielectric:r04encpu_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
mitsubishielectric r08encpu_firmware Affected: 0 , ≤ 1.042 (custom)
    cpe:2.3:o:mitsubishielectric:r08encpu_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
mitsubishielectric r16encpu_firmware Affected: 0 , ≤ 1.042 (custom)
    cpe:2.3:o:mitsubishielectric:r16encpu_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
mitsubishielectric r32encpu_firmware Affected: 0 , ≤ 1.042 (custom)
    cpe:2.3:o:mitsubishielectric:r32encpu_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
mitsubishielectric r120encpu_firmware Affected: 0 , ≤ 1.042 (custom)
    cpe:2.3:o:mitsubishielectric:r120encpu_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
mitsubishielectric fx5uj-24mt\/es_firmware Affected: 0 , ≤ 1.042 (custom)
    cpe:2.3:o:mitsubishielectric:fx5uj-24mt\/es_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
mitsubishielectric fx5uj-40mt\/es_firmware Affected: 0 , ≤ 1.042 (custom)
    cpe:2.3:o:mitsubishielectric:fx5uj-40mt\/es_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
mitsubishielectric fx5uj-60mt\/es_firmware Affected: 0 , ≤ 1.042 (custom)
    cpe:2.3:o:mitsubishielectric:fx5uj-60mt\/es_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
mitsubishielectric fx5uj-24mr\/es_firmware Affected: 0 , ≤ 1.042 (custom)
    cpe:2.3:o:mitsubishielectric:fx5uj-24mr\/es_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
mitsubishielectric fx5uj-40mr\/es_firmware Affected: 0 , ≤ 1.042 (custom)
    cpe:2.3:o:mitsubishielectric:fx5uj-40mr\/es_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
mitsubishielectric fx5uj-60mr\/es_firmware Affected: 0 , ≤ 1.042 (custom)
    cpe:2.3:o:mitsubishielectric:fx5uj-60mr\/es_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
mitsubishielectric fx5uj-24mt\/ess_firmware Affected: 0 , ≤ 1.042 (custom)
    cpe:2.3:o:mitsubishielectric:fx5uj-24mt\/ess_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
mitsubishielectric fx5uj-40mt\/ess_firmware Affected: 0 , ≤ 1.042 (custom)
    cpe:2.3:o:mitsubishielectric:fx5uj-40mt\/ess_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
mitsubishielectric fx5uj-60mt\/ess_firmware Affected: 0 , ≤ 1.042 (custom)
    cpe:2.3:o:mitsubishielectric:fx5uj-60mt\/ess_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
mitsubishielectric fx5uj-24mt\/es-a_firmware Affected: 0 , ≤ 1.042 (custom)
    cpe:2.3:o:mitsubishielectric:fx5uj-24mt\/es-a_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
mitsubishielectric fx5uj-40mt\/es-a_firmware Affected: 0 , ≤ 1.042 (custom)
    cpe:2.3:o:mitsubishielectric:fx5uj-40mt\/es-a_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
mitsubishielectric fx5uj-60mt\/es-a_firmware Affected: 0 , ≤ 1.042 (custom)
    cpe:2.3:o:mitsubishielectric:fx5uj-60mt\/es-a_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
mitsubishielectric fx5uj-24mr\/es-a_firmware Affected: 0 , ≤ 1.042 (custom)
    cpe:2.3:o:mitsubishielectric:fx5uj-24mr\/es-a_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
mitsubishielectric fx5uj-40mr\/es-a_firmware Affected: 0 , ≤ 1.042 (custom)
    cpe:2.3:o:mitsubishielectric:fx5uj-40mr\/es-a_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
mitsubishielectric fx5uj-60mr\/es-a_firmware Affected: 0 , ≤ 1.042 (custom)
    cpe:2.3:o:mitsubishielectric:fx5uj-60mr\/es-a_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
mitsubishielectric fx5s-30mt\/es_firmware Affected: 0 , ≤ 1.042 (custom)
    cpe:2.3:o:mitsubishielectric:fx5s-30mt\/es_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
mitsubishielectric fx5s-40mt\/es_firmware Affected: 0 , ≤ 1.042 (custom)
    cpe:2.3:o:mitsubishielectric:fx5s-40mt\/es_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
mitsubishielectric fx5s-60mt\/es_firmware Affected: 0 , ≤ 1.042 (custom)
    cpe:2.3:o:mitsubishielectric:fx5s-60mt\/es_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
mitsubishielectric fx5s-80mt\/es_firmware Affected: 0 , ≤ 1.042 (custom)
    cpe:2.3:o:mitsubishielectric:fx5s-80mt\/es_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
mitsubishielectric fx5s-30mr\/es_firmware Affected: 0 , ≤ 1.042 (custom)
    cpe:2.3:o:mitsubishielectric:fx5s-30mr\/es_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
mitsubishielectric fx5s-40mr\/es_firmware Affected: 0 , ≤ 1.042 (custom)
    cpe:2.3:o:mitsubishielectric:fx5s-40mr\/es_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
mitsubishielectric fx5s-60mr\/es_firmware Affected: 0 , ≤ 1.042 (custom)
    cpe:2.3:o:mitsubishielectric:fx5s-60mr\/es_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
mitsubishielectric fx5s-80mr\/es_firmware Affected: 0 , ≤ 1.042 (custom)
    cpe:2.3:o:mitsubishielectric:fx5s-80mr\/es_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
mitsubishielectric fx5s-30mt\/ess_firmware Affected: 0 , ≤ 1.042 (custom)
    cpe:2.3:o:mitsubishielectric:fx5s-30mt\/ess_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
mitsubishielectric fx5s-40mt\/ess_firmware Affected: 0 , ≤ 1.042 (custom)
    cpe:2.3:o:mitsubishielectric:fx5s-40mt\/ess_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
mitsubishielectric fx5s-60mt\/ess_firmware Affected: 0 , ≤ 1.042 (custom)
    cpe:2.3:o:mitsubishielectric:fx5s-60mt\/ess_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
mitsubishielectric fx5s-80mt\/ess_firmware Affected: 0 , ≤ 1.042 (custom)
    cpe:2.3:o:mitsubishielectric:fx5s-80mt\/ess_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T12:14:39.972Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1646"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-019_en.pdf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://jvn.jp/vu/JVNVU99673580/index.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-017-02"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:mitsubishielectric:fx5u-80mt\\/ess_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "fx5u-80mt\\/ess_firmware",
            "vendor": "mitsubishielectric",
            "versions": [
              {
                "lessThanOrEqual": "1.042",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:mitsubishielectric:fx5u-32mt\\/dss_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "fx5u-32mt\\/dss_firmware",
            "vendor": "mitsubishielectric",
            "versions": [
              {
                "lessThanOrEqual": "1.042",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:mitsubishielectric:fx5u-64mt\\/dss_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "fx5u-64mt\\/dss_firmware",
            "vendor": "mitsubishielectric",
            "versions": [
              {
                "lessThanOrEqual": "1.042",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:mitsubishielectric:fx5u-80mt\\/dss_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "fx5u-80mt\\/dss_firmware",
            "vendor": "mitsubishielectric",
            "versions": [
              {
                "lessThanOrEqual": "1.042",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:mitsubishielectric:fx5uc-32mt\\/d_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "fx5uc-32mt\\/d_firmware",
            "vendor": "mitsubishielectric",
            "versions": [
              {
                "lessThanOrEqual": "1.042",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:mitsubishielectric:fx5uc-64mt\\/d_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "fx5uc-64mt\\/d_firmware",
            "vendor": "mitsubishielectric",
            "versions": [
              {
                "lessThanOrEqual": "1.042",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:mitsubishielectric:fx5uc-96mt\\/d_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "fx5uc-96mt\\/d_firmware",
            "vendor": "mitsubishielectric",
            "versions": [
              {
                "lessThanOrEqual": "1.042",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:mitsubishielectric:fx5uc-32mt\\/dss_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "fx5uc-32mt\\/dss_firmware",
            "vendor": "mitsubishielectric",
            "versions": [
              {
                "lessThanOrEqual": "1.042",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:mitsubishielectric:fx5uc-64mt\\/dss_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "fx5uc-64mt\\/dss_firmware",
            "vendor": "mitsubishielectric",
            "versions": [
              {
                "lessThanOrEqual": "1.042",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:mitsubishielectric:fx5uc-96mt\\/dss_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "fx5uc-96mt\\/dss_firmware",
            "vendor": "mitsubishielectric",
            "versions": [
              {
                "lessThanOrEqual": "1.042",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:mitsubishielectric:fx5uc-32mt\\/ds-ts_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "fx5uc-32mt\\/ds-ts_firmware",
            "vendor": "mitsubishielectric",
            "versions": [
              {
                "lessThanOrEqual": "1.042",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:mitsubishielectric:fx5uc-32mt\\/dss-ts_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "fx5uc-32mt\\/dss-ts_firmware",
            "vendor": "mitsubishielectric",
            "versions": [
              {
                "lessThanOrEqual": "1.042",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:mitsubishielectric:fx5uc-32mr\\/ds-ts_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "fx5uc-32mr\\/ds-ts_firmware",
            "vendor": "mitsubishielectric",
            "versions": [
              {
                "lessThanOrEqual": "1.042",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:mitsubishielectric:r00cpu_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "r00cpu_firmware",
            "vendor": "mitsubishielectric",
            "versions": [
              {
                "lessThanOrEqual": "1.042",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:mitsubishielectric:r01cpu_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "r01cpu_firmware",
            "vendor": "mitsubishielectric",
            "versions": [
              {
                "lessThanOrEqual": "1.042",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:mitsubishielectric:r02cpu_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "r02cpu_firmware",
            "vendor": "mitsubishielectric",
            "versions": [
              {
                "lessThanOrEqual": "1.042",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:mitsubishielectric:r04cpu_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "r04cpu_firmware",
            "vendor": "mitsubishielectric",
            "versions": [
              {
                "lessThanOrEqual": "1.042",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:mitsubishielectric:r08cpu_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "r08cpu_firmware",
            "vendor": "mitsubishielectric",
            "versions": [
              {
                "lessThanOrEqual": "1.042",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:mitsubishielectric:r16cpu_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "r16cpu_firmware",
            "vendor": "mitsubishielectric",
            "versions": [
              {
                "lessThanOrEqual": "1.042",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:mitsubishielectric:r32cpu_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "r32cpu_firmware",
            "vendor": "mitsubishielectric",
            "versions": [
              {
                "lessThanOrEqual": "1.042",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:mitsubishielectric:r120cpu_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "r120cpu_firmware",
            "vendor": "mitsubishielectric",
            "versions": [
              {
                "lessThanOrEqual": "1.042",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:mitsubishielectric:r04encpu_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "r04encpu_firmware",
            "vendor": "mitsubishielectric",
            "versions": [
              {
                "lessThanOrEqual": "1.042",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:mitsubishielectric:r08encpu_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "r08encpu_firmware",
            "vendor": "mitsubishielectric",
            "versions": [
              {
                "lessThanOrEqual": "1.042",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:mitsubishielectric:r16encpu_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "r16encpu_firmware",
            "vendor": "mitsubishielectric",
            "versions": [
              {
                "lessThanOrEqual": "1.042",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:mitsubishielectric:r32encpu_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "r32encpu_firmware",
            "vendor": "mitsubishielectric",
            "versions": [
              {
                "lessThanOrEqual": "1.042",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:mitsubishielectric:r120encpu_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "r120encpu_firmware",
            "vendor": "mitsubishielectric",
            "versions": [
              {
                "lessThanOrEqual": "1.042",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:mitsubishielectric:fx5uj-24mt\\/es_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "fx5uj-24mt\\/es_firmware",
            "vendor": "mitsubishielectric",
            "versions": [
              {
                "lessThanOrEqual": "1.042",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:mitsubishielectric:fx5uj-40mt\\/es_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "fx5uj-40mt\\/es_firmware",
            "vendor": "mitsubishielectric",
            "versions": [
              {
                "lessThanOrEqual": "1.042",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:mitsubishielectric:fx5uj-60mt\\/es_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "fx5uj-60mt\\/es_firmware",
            "vendor": "mitsubishielectric",
            "versions": [
              {
                "lessThanOrEqual": "1.042",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:mitsubishielectric:fx5uj-24mr\\/es_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "fx5uj-24mr\\/es_firmware",
            "vendor": "mitsubishielectric",
            "versions": [
              {
                "lessThanOrEqual": "1.042",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:mitsubishielectric:fx5uj-40mr\\/es_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "fx5uj-40mr\\/es_firmware",
            "vendor": "mitsubishielectric",
            "versions": [
              {
                "lessThanOrEqual": "1.042",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:mitsubishielectric:fx5uj-60mr\\/es_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "fx5uj-60mr\\/es_firmware",
            "vendor": "mitsubishielectric",
            "versions": [
              {
                "lessThanOrEqual": "1.042",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:mitsubishielectric:fx5uj-24mt\\/ess_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "fx5uj-24mt\\/ess_firmware",
            "vendor": "mitsubishielectric",
            "versions": [
              {
                "lessThanOrEqual": "1.042",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:mitsubishielectric:fx5uj-40mt\\/ess_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "fx5uj-40mt\\/ess_firmware",
            "vendor": "mitsubishielectric",
            "versions": [
              {
                "lessThanOrEqual": "1.042",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:mitsubishielectric:fx5uj-60mt\\/ess_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "fx5uj-60mt\\/ess_firmware",
            "vendor": "mitsubishielectric",
            "versions": [
              {
                "lessThanOrEqual": "1.042",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:mitsubishielectric:fx5uj-24mt\\/es-a_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "fx5uj-24mt\\/es-a_firmware",
            "vendor": "mitsubishielectric",
            "versions": [
              {
                "lessThanOrEqual": "1.042",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:mitsubishielectric:fx5uj-40mt\\/es-a_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "fx5uj-40mt\\/es-a_firmware",
            "vendor": "mitsubishielectric",
            "versions": [
              {
                "lessThanOrEqual": "1.042",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:mitsubishielectric:fx5uj-60mt\\/es-a_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "fx5uj-60mt\\/es-a_firmware",
            "vendor": "mitsubishielectric",
            "versions": [
              {
                "lessThanOrEqual": "1.042",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:mitsubishielectric:fx5uj-24mr\\/es-a_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "fx5uj-24mr\\/es-a_firmware",
            "vendor": "mitsubishielectric",
            "versions": [
              {
                "lessThanOrEqual": "1.042",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:mitsubishielectric:fx5uj-40mr\\/es-a_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "fx5uj-40mr\\/es-a_firmware",
            "vendor": "mitsubishielectric",
            "versions": [
              {
                "lessThanOrEqual": "1.042",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:mitsubishielectric:fx5uj-60mr\\/es-a_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "fx5uj-60mr\\/es-a_firmware",
            "vendor": "mitsubishielectric",
            "versions": [
              {
                "lessThanOrEqual": "1.042",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:mitsubishielectric:fx5s-30mt\\/es_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "fx5s-30mt\\/es_firmware",
            "vendor": "mitsubishielectric",
            "versions": [
              {
                "lessThanOrEqual": "1.042",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:mitsubishielectric:fx5s-40mt\\/es_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "fx5s-40mt\\/es_firmware",
            "vendor": "mitsubishielectric",
            "versions": [
              {
                "lessThanOrEqual": "1.042",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:mitsubishielectric:fx5s-60mt\\/es_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "fx5s-60mt\\/es_firmware",
            "vendor": "mitsubishielectric",
            "versions": [
              {
                "lessThanOrEqual": "1.042",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:mitsubishielectric:fx5s-80mt\\/es_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "fx5s-80mt\\/es_firmware",
            "vendor": "mitsubishielectric",
            "versions": [
              {
                "lessThanOrEqual": "1.042",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:mitsubishielectric:fx5s-30mr\\/es_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "fx5s-30mr\\/es_firmware",
            "vendor": "mitsubishielectric",
            "versions": [
              {
                "lessThanOrEqual": "1.042",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:mitsubishielectric:fx5s-40mr\\/es_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "fx5s-40mr\\/es_firmware",
            "vendor": "mitsubishielectric",
            "versions": [
              {
                "lessThanOrEqual": "1.042",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:mitsubishielectric:fx5s-60mr\\/es_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "fx5s-60mr\\/es_firmware",
            "vendor": "mitsubishielectric",
            "versions": [
              {
                "lessThanOrEqual": "1.042",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:mitsubishielectric:fx5s-80mr\\/es_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "fx5s-80mr\\/es_firmware",
            "vendor": "mitsubishielectric",
            "versions": [
              {
                "lessThanOrEqual": "1.042",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:mitsubishielectric:fx5s-30mt\\/ess_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "fx5s-30mt\\/ess_firmware",
            "vendor": "mitsubishielectric",
            "versions": [
              {
                "lessThanOrEqual": "1.042",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:mitsubishielectric:fx5s-40mt\\/ess_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "fx5s-40mt\\/ess_firmware",
            "vendor": "mitsubishielectric",
            "versions": [
              {
                "lessThanOrEqual": "1.042",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:mitsubishielectric:fx5s-60mt\\/ess_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "fx5s-60mt\\/ess_firmware",
            "vendor": "mitsubishielectric",
            "versions": [
              {
                "lessThanOrEqual": "1.042",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:mitsubishielectric:fx5s-80mt\\/ess_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "fx5s-80mt\\/ess_firmware",
            "vendor": "mitsubishielectric",
            "versions": [
              {
                "lessThanOrEqual": "1.042",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-40267",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-01T16:29:24.302691Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-01T17:23:35.219Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5U-32MT/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "serial number 17X**** or later, and versions 1.280 and prior"
            },
            {
              "status": "affected",
              "version": "serial number 179**** and prior, and versions 1.074 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5U-64MT/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "serial number 17X**** or later, and versions 1.280 and prior"
            },
            {
              "status": "affected",
              "version": "serial number 179**** and prior, and versions 1.074 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Seres FX5U-80MT/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "serial number 17X**** or later, and versions 1.280 and prior"
            },
            {
              "status": "affected",
              "version": "serial number 179**** and prior, and versions 1.074 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5U-32MR/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "serial number 17X**** or later, and versions 1.280 and prior"
            },
            {
              "status": "affected",
              "version": "serial number 179**** and prior, and versions 1.074 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5U-64MR/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "serial number 17X**** or later, and versions 1.280 and prior"
            },
            {
              "status": "affected",
              "version": "serial number 179**** and prior, and versions 1.074 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5U-80MR/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "serial number 17X**** or later, and versions 1.280 and prior"
            },
            {
              "status": "affected",
              "version": "serial number 179**** and prior, and versions 1.074 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5U-32MT/DS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "serial number 17X**** or later, and versions 1.280 and prior"
            },
            {
              "status": "affected",
              "version": "serial number 179**** and prior, and versions 1.074 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5U-64MT/DS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "serial number 17X**** or later, and versions 1.280 and prior"
            },
            {
              "status": "affected",
              "version": "serial number 179**** and prior, and versions 1.074 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5U-80MT/DS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "serial number 17X**** or later, and versions 1.280 and prior"
            },
            {
              "status": "affected",
              "version": "serial number 179**** and prior, and versions 1.074 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5U-32MR/DS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "serial number 17X**** or later, and versions 1.280 and prior"
            },
            {
              "status": "affected",
              "version": "serial number 179**** and prior, and versions 1.074 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5U-64MR/DS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "serial number 17X**** or later, and versions 1.280 and prior"
            },
            {
              "status": "affected",
              "version": "serial number 179**** and prior, and versions 1.074 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5U-80MR/DS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "serial number 17X**** or later, and versions 1.280 and prior"
            },
            {
              "status": "affected",
              "version": "serial number 179**** and prior, and versions 1.074 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5U-32MT/ESS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "serial number 17X**** or later, and versions 1.280 and prior"
            },
            {
              "status": "affected",
              "version": "serial number 179**** and prior, and versions 1.074 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5U-64MT/ESS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "serial number 17X**** or later, and versions 1.280 and prior"
            },
            {
              "status": "affected",
              "version": "serial number 179**** and prior, and versions 1.074 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5U-80MT/ESS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "serial number 17X**** or later, and versions 1.280 and prior"
            },
            {
              "status": "affected",
              "version": "serial number 179**** and prior, and versions 1.074 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5U-32MT/DSS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "serial number 17X**** or later, and versions 1.280 and prior"
            },
            {
              "status": "affected",
              "version": "serial number 179**** and prior, and versions 1.074 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5U-64MT/DSS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "serial number 17X**** or later, and versions 1.280 and prior"
            },
            {
              "status": "affected",
              "version": "serial number 179**** and prior, and versions 1.074 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5U-80MT/DSS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "serial number 17X**** or later, and versions 1.280 and prior"
            },
            {
              "status": "affected",
              "version": "serial number 179**** and prior, and versions 1.074 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5UC-32MT/D",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "serial number 17X**** or later, and versions 1.280 and prior"
            },
            {
              "status": "affected",
              "version": "serial number 179**** and prior, and versions 1.074 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5UC-64MT/D",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "serial number 17X**** or later, and versions 1.280 and prior"
            },
            {
              "status": "affected",
              "version": "serial number 179**** and prior, and versions 1.074 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5UC-96MT/D",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "serial number 17X**** or later, and versions 1.280 and prior"
            },
            {
              "status": "affected",
              "version": "serial number 179**** and prior, and versions 1.074 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5UC-32MT/DSS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "serial number 17X**** or later, and versions 1.280 and prior"
            },
            {
              "status": "affected",
              "version": "serial number 179**** and prior, and versions 1.074 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5UC-64MT/DSS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "serial number 17X**** or later, and versions 1.280 and prior"
            },
            {
              "status": "affected",
              "version": "serial number 179**** and prior, and versions 1.074 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5UC-96MT/DSS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "serial number 17X**** or later, and versions 1.280 and prior"
            },
            {
              "status": "affected",
              "version": "serial number 179**** and prior, and versions 1.074 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5UC-32MT/DS-TS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "versions 1.280 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5UC-32MT/DSS-TS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "versions 1.280 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5UC-32MR/DS-TS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "versions 1.280 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-R Series R00CPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "versions 33 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-R Series R01CPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "versions 33 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-R Series R02CPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "versions 33 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-R Series R04CPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "versions 66 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-R Series R08CPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "versions 66 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-R Series R16CPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "versions 66 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-R Series R32CPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "versions 66 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-R Series R120CPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "versions 66 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-R Series R04ENCPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "versions 66 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-R Series R08ENCPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "versions 66 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-R Series R16ENCPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "versions 66 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-R Series R32ENCPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "versions 66 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-R Series R120ENCPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "versions 66 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5UJ-24MT/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "1.042 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5UJ-40MT/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "1.042 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5UJ-60MT/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "1.042 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5UJ-24MR/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "1.042 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5UJ-40MR/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "1.042 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5UJ-60MR/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "1.042 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5UJ-24MT/ESS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "1.042 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5UJ-40MT/ESS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "1.042 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5UJ-60MT/ESS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "1.042 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5UJ-24MT/ES-A",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "1.043 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5UJ-40MT/ES-A",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "1.043 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5UJ-60MT/ES-A",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "1.043 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5UJ-24MR/ES-A",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "1.043 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5UJ-40MR/ES-A",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "1.043 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5UJ-60MR/ES-A",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "1.043 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5S-30MT/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "1.003 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5S-40MT/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "1.003 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5S-60MT/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "1.003 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5S-80MT/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "1.003 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5S-30MR/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "1.003 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5S-40MR/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "1.003 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5S-60MR/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "1.003 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5S-80MR/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "1.003 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5S-30MT/ESS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "1.003 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5S-40MT/ESS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "1.003 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5S-60MT/ESS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "1.003 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5S-80MT/ESS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "1.003 and prior"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Predictable Seed in Pseudo-Random Number Generator (PRNG) vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-xMy/z (x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) with serial number 17X**** or later, and versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-xMy/z (x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) with serial number 179**** and prior, and versions 1.074 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-xMy/z (x=32,64,96, y=T, z=D,DSS)) with serial number 17X**** or later, and versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-xMy/z (x=32,64,96, y=T, z=D,DSS)) with serial number 179**** and prior, and versions 1.074 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-32MT/DS-TS versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-32MT/DSS-TS versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-xMy/z (x=24,40,60, y=T,R, z=ES,ESS) versions 1.042 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-xMy/ES-A (x=24,40,60, y=T,R) versions 1.043 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5S-xMy/z (x=30,40,60,80, y=T,R, z=ES,ESS) versions 1.003 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-32MR/DS-TS versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R00/01/02CPU versions 33 and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120(EN)CPU versions 66 and prior allows a remote unauthenticated attacker to access the Web server function by guessing the random numbers used for authentication from several used random numbers."
            }
          ],
          "value": "Predictable Seed in Pseudo-Random Number Generator (PRNG) vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-xMy/z (x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) with serial number 17X**** or later, and versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-xMy/z (x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) with serial number 179**** and prior, and versions 1.074 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-xMy/z (x=32,64,96, y=T, z=D,DSS)) with serial number 17X**** or later, and versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-xMy/z (x=32,64,96, y=T, z=D,DSS)) with serial number 179**** and prior, and versions 1.074 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-32MT/DS-TS versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-32MT/DSS-TS versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-xMy/z (x=24,40,60, y=T,R, z=ES,ESS) versions 1.042 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-xMy/ES-A (x=24,40,60, y=T,R) versions 1.043 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5S-xMy/z (x=30,40,60,80, y=T,R, z=ES,ESS) versions 1.003 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-32MR/DS-TS versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R00/01/02CPU versions 33 and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120(EN)CPU versions 66 and prior allows a remote unauthenticated attacker to access the Web server function by guessing the random numbers used for authentication from several used random numbers."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-337",
              "description": "CWE-337 Predictable Seed in Pseudo-Random Number Generator (PRNG) ",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-04-18T03:55:27.038Z",
        "orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
        "shortName": "Mitsubishi"
      },
      "references": [
        {
          "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-019_en.pdf"
        },
        {
          "url": "https://jvn.jp/vu/JVNVU99673580/index.html"
        },
        {
          "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-017-02"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Authentication Bypass Vulnerability in Web Server Function on MELSEC Series",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
    "assignerShortName": "Mitsubishi",
    "cveId": "CVE-2022-40267",
    "datePublished": "2023-01-20T07:52:56.784Z",
    "dateReserved": "2022-09-08T19:40:16.931Z",
    "dateUpdated": "2024-08-03T12:14:39.972Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Mitigation

Use non-predictable inputs for seed generation.

Mitigation MIT-2
Architecture and Design Requirements

Strategy: Libraries or Frameworks

Use products or modules that conform to FIPS 140-2 [REF-267] to avoid obvious entropy problems, or use the more recent FIPS 140-3 [REF-1192] if possible.

Mitigation MIT-50
Implementation

Use a PRNG that periodically re-seeds itself using input from high-quality sources, such as hardware devices with high entropy. However, do not re-seed too frequently, or else the entropy source might block.

No CAPEC attack patterns related to this CWE.