Vulnerabilites related to mitsubishielectric - fx5uj
Vulnerability from fkie_nvd
Published
2022-04-01 23:15
Modified
2024-11-21 06:51
Severity ?
Summary
Use of Password Hash Instead of Password for Authentication vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions, Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU all versions, Mitsubishi Electric MELSEC iQ-R series RJ71GN11-T2 all versions, Mitsubishi Electric MELSEC iQ-R series RJ71GN11-EIP all versions, Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4) all versions, Mitsubishi Electric MELSEC iQ-R series RJ71EN71 all versions, Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2 all versions, Mitsubishi Electric MELSEC Q series Q03UDECPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/10/13/20/26/50/100UDEHCPU all versions, Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU all versions, Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4) all versions, Mitsubishi Electric MELSEC Q series QJ71E71-100 all versions, Mitsubishi Electric MELSEC Q series QJ72BR15 all versions, Mitsubishi Electric MELSEC Q series QJ72LP25(-25/G/GE) all versions, Mitsubishi Electric MELSEC L series L02/06/26CPU(-P) all versions, Mitsubishi Electric MELSEC L series L26CPU-(P)BT all versions, Mitsubishi Electric MELSEC L series LJ71C24(-R2) all versions, Mitsubishi Electric MELSEC L series LJ71E71-100 all versions and Mitsubishi Electric MELSEC L series LJ72GF15-T2 all versions allows a remote unauthenticated attacker to login to the product by replaying an eavesdropped password hash.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp | https://jvn.jp/vu/JVNVU96577897/index.html | Third Party Advisory | |
| Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp | https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-04 | Third Party Advisory, US Government Resource | |
| Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp | https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-031_en.pdf | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/vu/JVNVU96577897/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-04 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-031_en.pdf | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uc_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "66B8BB34-6DC1-459A-9C82-C54CC44F9D03",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "58019A30-5F53-4E6A-AADA-A002C8B73C24",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uc-32mr\\/ds-ts_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E10C7797-2505-4B69-94E9-78F931A72D0B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uc-32mr\\/ds-ts:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6319D639-CC7B-414E-9DCB-F9D427E8FEF2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uc-32mt\\/d_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9E2293F8-1A3F-4880-BCF5-B3A7DFF01F35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uc-32mt\\/d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EBBFA917-5DCF-4B0C-8C32-AC384FB880AC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uc-32mt\\/dss_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C554660B-CDC7-4DAA-8741-CFC546A6D678",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uc-32mt\\/dss:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2CFE160B-32CC-4529-AD35-7467A32B609E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uj-24mr\\/es_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5192EC31-9128-4DCB-ABEA-2EDE141B251C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uj-24mr\\/es:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3F4BA009-4F0A-427C-9D4A-F8A128F5F8C9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uj-24mt\\/es_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0C1BD07A-538D-44BC-A50E-0CD12303EE6E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uj-24mt\\/es:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B284B91-7571-4614-A721-676D1972E2D0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uj-24mt\\/ess_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EFC5E3AC-5403-46FE-8E8D-B2970BC18192",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uj-24mt\\/ess:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7D8A69D9-DE42-4953-AD81-40EF7A003823",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uj-40mr\\/es_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E437415B-3072-438C-8054-FB4C8AD780D4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uj-40mr\\/es:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B0AA6C3-68CC-454B-A959-707BB20F4E07",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uj-40mt\\/es_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "63BA3EA7-C2A4-4A58-914C-63DDB958548B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uj-40mt\\/es:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8ED5C2F9-C203-40FD-B15C-F91A68FA0DCC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uj-40mt\\/ess_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE6A1EF8-C44A-466A-BDD2-BED016A9BED2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uj-40mt\\/ess:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1A38E527-6290-49AE-885A-21C4FC77EE96",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uj-60mr\\/es_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B59ED412-6D2A-4B07-B665-6B8EB9FFF173",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uj-60mr\\/es:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8CAF8ED8-B265-4FC5-91AE-CFA4C282E27F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uj-60mt\\/es_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EF1D2D59-F506-45D4-BD4A-D69CFDDCD50F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uj-60mt\\/es:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8F5B2760-4E56-4FAA-A723-BB7CC28FAFD2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uj-60mt\\/ess_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1AADFEEA-40C3-4F4B-ADFD-4B58DF06E6A3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uj-60mt\\/ess:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7625B11E-0A91-46D2-8952-AC0BA956D7A8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uc-32mt\\/dss-ts_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "62AF044F-84FF-4EEB-A0ED-755B94BE8A3B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uc-32mt\\/dss-ts:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2122A970-5A7D-40A6-BB97-622B695713ED",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uc-32mt\\/ds-ts_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D9666151-FC68-471D-960F-9A85B2AE513B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uc-32mt\\/ds-ts:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C4B64FFA-59CE-46E9-B240-F083B332BFD1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uj_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2526AE1D-EE80-4828-AD4B-DD1E985F238B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uj:-:*:*:*:*:*:*:*",
"matchCriteriaId": "71622C45-9436-4AC0-8DFC-C05E4F92EA61",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Use of Password Hash Instead of Password for Authentication vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions, Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU all versions, Mitsubishi Electric MELSEC iQ-R series RJ71GN11-T2 all versions, Mitsubishi Electric MELSEC iQ-R series RJ71GN11-EIP all versions, Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4) all versions, Mitsubishi Electric MELSEC iQ-R series RJ71EN71 all versions, Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2 all versions, Mitsubishi Electric MELSEC Q series Q03UDECPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/10/13/20/26/50/100UDEHCPU all versions, Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU all versions, Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4) all versions, Mitsubishi Electric MELSEC Q series QJ71E71-100 all versions, Mitsubishi Electric MELSEC Q series QJ72BR15 all versions, Mitsubishi Electric MELSEC Q series QJ72LP25(-25/G/GE) all versions, Mitsubishi Electric MELSEC L series L02/06/26CPU(-P) all versions, Mitsubishi Electric MELSEC L series L26CPU-(P)BT all versions, Mitsubishi Electric MELSEC L series LJ71C24(-R2) all versions, Mitsubishi Electric MELSEC L series LJ71E71-100 all versions and Mitsubishi Electric MELSEC L series LJ72GF15-T2 all versions allows a remote unauthenticated attacker to login to the product by replaying an eavesdropped password hash."
},
{
"lang": "es",
"value": "Vulnerabilidad en el uso del hash de la contrase\u00f1a en lugar de la contrase\u00f1a para la autenticaci\u00f3n en Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU todas las versiones, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU todas las versiones, Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU todas las versiones, Mitsubishi Electric MELSEC iQ-R serie R04/08/16/32/120(ES)CPU todas las versiones, Mitsubishi Electric MELSEC iQ-R serie R08/16/32/120SFCPU todas las versiones, Mitsubishi Electric MELSEC iQ-R serie R08/16/32/120PCPU todas las versiones, Mitsubishi Electric MELSEC iQ-R serie R08/16/32/120PSFCPU todas las versiones, Mitsubishi Electric MELSEC iQ-R serie RJ71GN11-T2 todas las versiones, Mitsubishi Electric MELSEC iQ-R serie RJ71GN11-EIP todas las versiones, Mitsubishi Electric MELSEC iQ-R serie RJ71C24(-R2/R4) todas las versiones, Mitsubishi Electric MELSEC iQ-R serie RJ71EN71 todas las versiones, Mitsubishi Electric MELSEC iQ-R serie RJ72GF15-T2 todas las versiones, Mitsubishi Electric MELSEC Q serie Q03UDECPU todas las versiones, Mitsubishi Electric MELSEC Q serie Q04/06/10/13/20/26/50/100UDEHCPU todas las versiones, Mitsubishi Electric MELSEC Q serie Q03/04/06/13/26UDVCPU todas las versiones, Mitsubishi Electric MELSEC Q serie Q04/06/13/26UDPVCPU todas las versiones, Mitsubishi Electric MELSEC Q serie QJ71C24N(-R2/R4) todas las versiones, Mitsubishi Electric MELSEC Q serie QJ71E71-100 todas las versiones, Mitsubishi Electric MELSEC Q serie QJ72BR15 todas las versiones, Mitsubishi Electric MELSEC Q serie QJ72LP25(-25/G/GE) todas las versiones, Mitsubishi Electric MELSEC serie L L02/06/26CPU(-P) todas las versiones, Mitsubishi Electric MELSEC serie L L26CPU-(P)BT todas las versiones, Mitsubishi Electric MELSEC serie L LJ71C24(-R2) todas las versiones, Mitsubishi Electric MELSEC serie L LJ71E71-100 todas las versiones y Mitsubishi Electric MELSEC serie L LJ72GF15-T2 todas las versiones permiten que un atacante remoto no autenticado inicie sesi\u00f3n en el producto reproduciendo un hash de contrase\u00f1a interceptado"
}
],
"id": "CVE-2022-25155",
"lastModified": "2024-11-21T06:51:42.563",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-01T23:15:14.060",
"references": [
{
"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/vu/JVNVU96577897/index.html"
},
{
"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-04"
},
{
"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-031_en.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/vu/JVNVU96577897/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-04"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-031_en.pdf"
}
],
"sourceIdentifier": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-04-01 23:15
Modified
2024-11-21 06:51
Severity ?
Summary
Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions, Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU all versions, Mitsubishi Electric MELSEC iQ-R series R16/32/64MTCPU all versions, Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4) all versions, Mitsubishi Electric MELSEC iQ-R series RJ71EN71 all versions, Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2 all versions, Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU all versions, Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4) all versions and Mitsubishi Electric MELSEC Q series QJ71E71-100 all versions allows a remote unauthenticated attacker to disclose a file in a legitimate user's product by using previously eavesdropped cleartext information and to counterfeit a legitimate user’s system.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp | https://jvn.jp/vu/JVNVU96577897/index.html | Third Party Advisory | |
| Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp | https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-04 | Third Party Advisory, US Government Resource | |
| Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp | https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-031_en.pdf | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/vu/JVNVU96577897/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-04 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-031_en.pdf | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uc_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "66B8BB34-6DC1-459A-9C82-C54CC44F9D03",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "58019A30-5F53-4E6A-AADA-A002C8B73C24",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uc-32mr\\/ds-ts_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E10C7797-2505-4B69-94E9-78F931A72D0B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uc-32mr\\/ds-ts:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6319D639-CC7B-414E-9DCB-F9D427E8FEF2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uc-32mt\\/d_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9E2293F8-1A3F-4880-BCF5-B3A7DFF01F35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uc-32mt\\/d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EBBFA917-5DCF-4B0C-8C32-AC384FB880AC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uc-32mt\\/dss_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C554660B-CDC7-4DAA-8741-CFC546A6D678",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uc-32mt\\/dss:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2CFE160B-32CC-4529-AD35-7467A32B609E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uj-24mr\\/es_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5192EC31-9128-4DCB-ABEA-2EDE141B251C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uj-24mr\\/es:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3F4BA009-4F0A-427C-9D4A-F8A128F5F8C9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uj-24mt\\/es_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0C1BD07A-538D-44BC-A50E-0CD12303EE6E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uj-24mt\\/es:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B284B91-7571-4614-A721-676D1972E2D0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uj-24mt\\/ess_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EFC5E3AC-5403-46FE-8E8D-B2970BC18192",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uj-24mt\\/ess:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7D8A69D9-DE42-4953-AD81-40EF7A003823",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uj-40mr\\/es_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E437415B-3072-438C-8054-FB4C8AD780D4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uj-40mr\\/es:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B0AA6C3-68CC-454B-A959-707BB20F4E07",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uj-40mt\\/es_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "63BA3EA7-C2A4-4A58-914C-63DDB958548B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uj-40mt\\/es:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8ED5C2F9-C203-40FD-B15C-F91A68FA0DCC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uj-40mt\\/ess_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE6A1EF8-C44A-466A-BDD2-BED016A9BED2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uj-40mt\\/ess:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1A38E527-6290-49AE-885A-21C4FC77EE96",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uj-60mr\\/es_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B59ED412-6D2A-4B07-B665-6B8EB9FFF173",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uj-60mr\\/es:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8CAF8ED8-B265-4FC5-91AE-CFA4C282E27F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uj-60mt\\/es_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EF1D2D59-F506-45D4-BD4A-D69CFDDCD50F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uj-60mt\\/es:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8F5B2760-4E56-4FAA-A723-BB7CC28FAFD2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uj-60mt\\/ess_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1AADFEEA-40C3-4F4B-ADFD-4B58DF06E6A3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uj-60mt\\/ess:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7625B11E-0A91-46D2-8952-AC0BA956D7A8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uc-32mt\\/dss-ts_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "62AF044F-84FF-4EEB-A0ED-755B94BE8A3B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uc-32mt\\/dss-ts:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2122A970-5A7D-40A6-BB97-622B695713ED",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uc-32mt\\/ds-ts_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D9666151-FC68-471D-960F-9A85B2AE513B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uc-32mt\\/ds-ts:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C4B64FFA-59CE-46E9-B240-F083B332BFD1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uj_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2526AE1D-EE80-4828-AD4B-DD1E985F238B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uj:-:*:*:*:*:*:*:*",
"matchCriteriaId": "71622C45-9436-4AC0-8DFC-C05E4F92EA61",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions, Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU all versions, Mitsubishi Electric MELSEC iQ-R series R16/32/64MTCPU all versions, Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4) all versions, Mitsubishi Electric MELSEC iQ-R series RJ71EN71 all versions, Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2 all versions, Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU all versions, Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4) all versions and Mitsubishi Electric MELSEC Q series QJ71E71-100 all versions allows a remote unauthenticated attacker to disclose a file in a legitimate user\u0027s product by using previously eavesdropped cleartext information and to counterfeit a legitimate user\u2019s system."
},
{
"lang": "es",
"value": "Vulnerabilidad de almacenamiento de texto claro de informaci\u00f3n sensible en la CPU de la serie MELSEC iQ-F de Mitsubishi Electric FX5U(C) todas las versiones, la CPU de la serie MELSEC iQ-F de Mitsubishi Electric FX5UJ todas las versiones, la CPU de la serie MELSEC iQ-R de Mitsubishi Electric R00/01/02CPU todas las versiones, la CPU de la serie MELSEC iQ-R de Mitsubishi Electric R04/08/16/32/120(ES)todas las versiones, Mitsubishi Electric MELSEC iQ-R serie R08/16/32/120SFCPU todas las versiones, Mitsubishi Electric MELSEC iQ-R serie R08/16/32/120PCPU todas las versiones, Mitsubishi Electric MELSEC iQ-R serie R08/16/32/120PSFCPU todas las versiones, Mitsubishi Electric MELSEC iQ-R serie R16/32/64MTCPU todas las versiones, Mitsubishi Electric MELSEC iQ-R serie RJ71C24(-R2/R4) todas las versiones, Mitsubishi Electric MELSEC iQ-R serie RJ71EN71 todas las versiones, Mitsubishi Electric MELSEC iQ-R serie RJ72GF15-T2 todas las versiones, Mitsubishi Electric MELSEC Q serie Q03/04/06/13/26UDVCPU todas las versiones, Mitsubishi Electric MELSEC Q serie Q04/06/13/26UDPVCPU todas las versiones, Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4) todas las versiones y Mitsubishi Electric MELSEC Q series QJ71E71-100 todas las versiones permite a un atacante remoto no autenticado revelar un archivo en el producto de un usuario leg\u00edtimo utilizando informaci\u00f3n en texto claro previamente escuchada y falsificar el sistema de un usuario leg\u00edtimo"
}
],
"id": "CVE-2022-25160",
"lastModified": "2024-11-21T06:51:43.233",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-01T23:15:14.427",
"references": [
{
"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/vu/JVNVU96577897/index.html"
},
{
"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-04"
},
{
"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-031_en.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/vu/JVNVU96577897/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-04"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-031_en.pdf"
}
],
"sourceIdentifier": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-312"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-04-01 23:15
Modified
2024-11-21 06:51
Severity ?
Summary
Use of Weak Hash vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions, Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU all versions, Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4) all versions, Mitsubishi Electric MELSEC iQ-R series RJ71EN71 all versions, Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2 all versions, Mitsubishi Electric MELSEC Q series Q03UDECPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/10/13/20/26/50/100UDEHCPU all versions, Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU all versions, Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4) all versions, Mitsubishi Electric MELSEC Q series QJ71E71-100 all versions, Mitsubishi Electric MELSEC Q series QJ72BR15 all versions, Mitsubishi Electric MELSEC Q series QJ72LP25(-25/G/GE) all versions, Mitsubishi Electric MELSEC L series L02/06/26CPU(-P) all versions, Mitsubishi Electric MELSEC L series L26CPU-(P)BT all versions, Mitsubishi Electric MELSEC L series LJ71C24(-R2) all versions, Mitsubishi Electric MELSEC L series LJ71E71-100 all versions and Mitsubishi Electric MELSEC L series LJ72GF15-T2 all versions allows a remote unauthenticated attacker to login to the product by using a password reversed from a previously eavesdropped password hash.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp | https://jvn.jp/vu/JVNVU96577897/index.html | Third Party Advisory | |
| Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp | https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-04 | Third Party Advisory, US Government Resource | |
| Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp | https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-031_en.pdf | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/vu/JVNVU96577897/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-04 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-031_en.pdf | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uc_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "66B8BB34-6DC1-459A-9C82-C54CC44F9D03",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "58019A30-5F53-4E6A-AADA-A002C8B73C24",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uc-32mr\\/ds-ts_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E10C7797-2505-4B69-94E9-78F931A72D0B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uc-32mr\\/ds-ts:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6319D639-CC7B-414E-9DCB-F9D427E8FEF2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uc-32mt\\/d_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9E2293F8-1A3F-4880-BCF5-B3A7DFF01F35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uc-32mt\\/d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EBBFA917-5DCF-4B0C-8C32-AC384FB880AC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uc-32mt\\/dss_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C554660B-CDC7-4DAA-8741-CFC546A6D678",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uc-32mt\\/dss:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2CFE160B-32CC-4529-AD35-7467A32B609E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uj-24mr\\/es_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5192EC31-9128-4DCB-ABEA-2EDE141B251C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uj-24mr\\/es:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3F4BA009-4F0A-427C-9D4A-F8A128F5F8C9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uj-24mt\\/es_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0C1BD07A-538D-44BC-A50E-0CD12303EE6E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uj-24mt\\/es:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B284B91-7571-4614-A721-676D1972E2D0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uj-24mt\\/ess_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EFC5E3AC-5403-46FE-8E8D-B2970BC18192",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uj-24mt\\/ess:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7D8A69D9-DE42-4953-AD81-40EF7A003823",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uj-40mr\\/es_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E437415B-3072-438C-8054-FB4C8AD780D4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uj-40mr\\/es:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B0AA6C3-68CC-454B-A959-707BB20F4E07",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uj-40mt\\/es_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "63BA3EA7-C2A4-4A58-914C-63DDB958548B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uj-40mt\\/es:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8ED5C2F9-C203-40FD-B15C-F91A68FA0DCC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uj-40mt\\/ess_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE6A1EF8-C44A-466A-BDD2-BED016A9BED2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uj-40mt\\/ess:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1A38E527-6290-49AE-885A-21C4FC77EE96",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uj-60mr\\/es_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B59ED412-6D2A-4B07-B665-6B8EB9FFF173",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uj-60mr\\/es:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8CAF8ED8-B265-4FC5-91AE-CFA4C282E27F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uj-60mt\\/es_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EF1D2D59-F506-45D4-BD4A-D69CFDDCD50F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uj-60mt\\/es:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8F5B2760-4E56-4FAA-A723-BB7CC28FAFD2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uj-60mt\\/ess_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1AADFEEA-40C3-4F4B-ADFD-4B58DF06E6A3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uj-60mt\\/ess:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7625B11E-0A91-46D2-8952-AC0BA956D7A8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uc-32mt\\/dss-ts_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "62AF044F-84FF-4EEB-A0ED-755B94BE8A3B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uc-32mt\\/dss-ts:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2122A970-5A7D-40A6-BB97-622B695713ED",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uc-32mt\\/ds-ts_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D9666151-FC68-471D-960F-9A85B2AE513B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uc-32mt\\/ds-ts:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C4B64FFA-59CE-46E9-B240-F083B332BFD1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uj_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2526AE1D-EE80-4828-AD4B-DD1E985F238B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uj:-:*:*:*:*:*:*:*",
"matchCriteriaId": "71622C45-9436-4AC0-8DFC-C05E4F92EA61",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Use of Weak Hash vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions, Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU all versions, Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4) all versions, Mitsubishi Electric MELSEC iQ-R series RJ71EN71 all versions, Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2 all versions, Mitsubishi Electric MELSEC Q series Q03UDECPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/10/13/20/26/50/100UDEHCPU all versions, Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU all versions, Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4) all versions, Mitsubishi Electric MELSEC Q series QJ71E71-100 all versions, Mitsubishi Electric MELSEC Q series QJ72BR15 all versions, Mitsubishi Electric MELSEC Q series QJ72LP25(-25/G/GE) all versions, Mitsubishi Electric MELSEC L series L02/06/26CPU(-P) all versions, Mitsubishi Electric MELSEC L series L26CPU-(P)BT all versions, Mitsubishi Electric MELSEC L series LJ71C24(-R2) all versions, Mitsubishi Electric MELSEC L series LJ71E71-100 all versions and Mitsubishi Electric MELSEC L series LJ72GF15-T2 all versions allows a remote unauthenticated attacker to login to the product by using a password reversed from a previously eavesdropped password hash."
},
{
"lang": "es",
"value": "Uso de la vulnerabilidad Weak Hash en Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU todas las versiones, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU todas las versiones, Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU todas las versiones, Mitsubishi Electric MELSEC iQ-R serie R04/08/16/32/120(ES)CPU todas las versiones, Mitsubishi Electric MELSEC iQ-R serie R08/16/32/120SFCPU todas las versiones, Mitsubishi Electric MELSEC iQ-R serie R08/16/32/120PCPU todas las versiones, Mitsubishi Electric MELSEC iQ-R serie R08/16/32/120PSFCPU todas las versiones, Mitsubishi Electric MELSEC iQ-R serie RJ71C24(-R2/R4) todas las versiones, Mitsubishi Electric MELSEC iQ-R serie RJ71EN71 todas las versiones, Mitsubishi Electric MELSEC serie iQ-R RJ72GF15-T2 todas las versiones, Mitsubishi Electric MELSEC serie Q Q03UDECPU todas las versiones, Mitsubishi Electric MELSEC serie Q04/06/10/13/20/26/50/100UDEHCPU todas las versiones, Mitsubishi Electric MELSEC Q serie Q03/04/06/13/26UDVCPU todas las versiones, Mitsubishi Electric MELSEC Q serie Q04/06/13/26UDPVCPU todas las versiones, Mitsubishi Electric MELSEC Q serie QJ71C24N(-R2/R4) todas las versiones, Mitsubishi Electric MELSEC Q series QJ71E71-100 todas las versiones, Mitsubishi Electric MELSEC Q series QJ72BR15 todas las versiones, Mitsubishi Electric MELSEC Q series QJ72LP25(-25/G/GE) todas las versiones, Mitsubishi Electric MELSEC serie L L02/06/26CPU(-P) todas las versiones, Mitsubishi Electric MELSEC serie L L26CPU-(P)BT todas las versiones, Mitsubishi Electric MELSEC serie L LJ71C24(-R2) todas las versiones, Mitsubishi Electric MELSEC serie L LJ71E71-100 todas las versiones y Mitsubishi Electric MELSEC serie L LJ72GF15-T2 todas las versiones permite a un atacante remoto no autenticado iniciar sesi\u00f3n en el producto utilizando una contrase\u00f1a invertida a partir de un hash de contrase\u00f1a previamente interceptado"
}
],
"id": "CVE-2022-25156",
"lastModified": "2024-11-21T06:51:42.703",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-01T23:15:14.253",
"references": [
{
"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/vu/JVNVU96577897/index.html"
},
{
"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-04"
},
{
"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-031_en.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/vu/JVNVU96577897/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-04"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-031_en.pdf"
}
],
"sourceIdentifier": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-326"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-04-01 23:15
Modified
2024-11-21 06:51
Severity ?
Summary
Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions, Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU all versions, Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4) all versions, Mitsubishi Electric MELSEC iQ-R series RJ71EN71 all versions, Mitsubishi Electric MELSEC iQ-R series RJ71GF11-T2 all versions, Mitsubishi Electric MELSEC iQ-R series RJ71GP21(S)-SX all versions, Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2 all versions, Mitsubishi Electric MELSEC Q series Q03UDECPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/10/13/20/26/50/100UDEHCPU all versions, Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU all versions, Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4) all versions, Mitsubishi Electric MELSEC Q series QJ71E71-100 all versions, Mitsubishi Electric MELSEC L series L02/06/26CPU(-P) all versions, Mitsubishi Electric MELSEC L series L26CPU-(P)BT all versions, Mitsubishi Electric MELSEC L series LJ71C24(-R2) all versions, Mitsubishi Electric MELSEC L series LJ71E71-100 all versions and Mitsubishi Electric MELSEC L series LJ72GF15-T2 all versions allows a remote attacker to disclose or tamper with a file in which password hash is saved in cleartext.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp | https://jvn.jp/vu/JVNVU96577897/index.html | Third Party Advisory | |
| Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp | https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-04 | Third Party Advisory, US Government Resource | |
| Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp | https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-031_en.pdf | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/vu/JVNVU96577897/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-04 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-031_en.pdf | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uc_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "66B8BB34-6DC1-459A-9C82-C54CC44F9D03",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "58019A30-5F53-4E6A-AADA-A002C8B73C24",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uc-32mr\\/ds-ts_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E10C7797-2505-4B69-94E9-78F931A72D0B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uc-32mr\\/ds-ts:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6319D639-CC7B-414E-9DCB-F9D427E8FEF2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uc-32mt\\/d_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9E2293F8-1A3F-4880-BCF5-B3A7DFF01F35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uc-32mt\\/d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EBBFA917-5DCF-4B0C-8C32-AC384FB880AC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uc-32mt\\/dss_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C554660B-CDC7-4DAA-8741-CFC546A6D678",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uc-32mt\\/dss:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2CFE160B-32CC-4529-AD35-7467A32B609E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uj-24mr\\/es_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5192EC31-9128-4DCB-ABEA-2EDE141B251C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uj-24mr\\/es:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3F4BA009-4F0A-427C-9D4A-F8A128F5F8C9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uj-24mt\\/es_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0C1BD07A-538D-44BC-A50E-0CD12303EE6E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uj-24mt\\/es:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B284B91-7571-4614-A721-676D1972E2D0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uj-24mt\\/ess_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EFC5E3AC-5403-46FE-8E8D-B2970BC18192",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uj-24mt\\/ess:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7D8A69D9-DE42-4953-AD81-40EF7A003823",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uj-40mr\\/es_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E437415B-3072-438C-8054-FB4C8AD780D4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uj-40mr\\/es:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B0AA6C3-68CC-454B-A959-707BB20F4E07",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uj-40mt\\/es_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "63BA3EA7-C2A4-4A58-914C-63DDB958548B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uj-40mt\\/es:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8ED5C2F9-C203-40FD-B15C-F91A68FA0DCC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uj-40mt\\/ess_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE6A1EF8-C44A-466A-BDD2-BED016A9BED2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uj-40mt\\/ess:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1A38E527-6290-49AE-885A-21C4FC77EE96",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uj-60mr\\/es_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B59ED412-6D2A-4B07-B665-6B8EB9FFF173",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uj-60mr\\/es:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8CAF8ED8-B265-4FC5-91AE-CFA4C282E27F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uj-60mt\\/es_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EF1D2D59-F506-45D4-BD4A-D69CFDDCD50F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uj-60mt\\/es:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8F5B2760-4E56-4FAA-A723-BB7CC28FAFD2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uj-60mt\\/ess_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1AADFEEA-40C3-4F4B-ADFD-4B58DF06E6A3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uj-60mt\\/ess:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7625B11E-0A91-46D2-8952-AC0BA956D7A8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uc-32mt\\/dss-ts_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "62AF044F-84FF-4EEB-A0ED-755B94BE8A3B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uc-32mt\\/dss-ts:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2122A970-5A7D-40A6-BB97-622B695713ED",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uc-32mt\\/ds-ts_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D9666151-FC68-471D-960F-9A85B2AE513B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uc-32mt\\/ds-ts:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C4B64FFA-59CE-46E9-B240-F083B332BFD1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uj_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2526AE1D-EE80-4828-AD4B-DD1E985F238B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uj:-:*:*:*:*:*:*:*",
"matchCriteriaId": "71622C45-9436-4AC0-8DFC-C05E4F92EA61",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions, Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU all versions, Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4) all versions, Mitsubishi Electric MELSEC iQ-R series RJ71EN71 all versions, Mitsubishi Electric MELSEC iQ-R series RJ71GF11-T2 all versions, Mitsubishi Electric MELSEC iQ-R series RJ71GP21(S)-SX all versions, Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2 all versions, Mitsubishi Electric MELSEC Q series Q03UDECPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/10/13/20/26/50/100UDEHCPU all versions, Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU all versions, Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4) all versions, Mitsubishi Electric MELSEC Q series QJ71E71-100 all versions, Mitsubishi Electric MELSEC L series L02/06/26CPU(-P) all versions, Mitsubishi Electric MELSEC L series L26CPU-(P)BT all versions, Mitsubishi Electric MELSEC L series LJ71C24(-R2) all versions, Mitsubishi Electric MELSEC L series LJ71E71-100 all versions and Mitsubishi Electric MELSEC L series LJ72GF15-T2 all versions allows a remote attacker to disclose or tamper with a file in which password hash is saved in cleartext."
},
{
"lang": "es",
"value": "Vulnerabilidad de almacenamiento de texto claro de informaci\u00f3n sensible en la CPU de la serie MELSEC iQ-F de Mitsubishi Electric FX5U(C) todas las versiones, la CPU de la serie MELSEC iQ-F de Mitsubishi Electric FX5UJ todas las versiones, la CPU de la serie MELSEC iQ-R de Mitsubishi Electric R00/01/02 todas las versiones, la CPU de la serie MELSEC iQ-R de Mitsubishi Electric R04/08/16/32/120(ES)todas las versiones, la CPU de la serie MELSEC iQ-R de Mitsubishi Electric R08/16/32/120SFCPU todas las versiones, Mitsubishi Electric MELSEC iQ-R serie R08/16/32/120PCPU todas las versiones, Mitsubishi Electric MELSEC iQ-R serie R08/16/32/120PSFCPU todas las versiones, Mitsubishi Electric MELSEC iQ-R serie RJ71C24(-R2/R4) todas las versiones, Mitsubishi Electric MELSEC iQ-R serie RJ71EN71 todas las versiones, Mitsubishi Electric MELSEC iQ-R serie RJ71GF11-T2 todas las versiones, Mitsubishi Electric MELSEC iQ-R serie RJ71GP21(S)-SX todas las versiones, Mitsubishi Electric MELSEC iQ-R serie RJ72GF15-T2 todas las versiones, Mitsubishi Electric MELSEC serie Q Q03UDECPU todas las versiones, Mitsubishi Electric MELSEC serie Q04/06/10/13/20/26/50/100UDEHCPU todas las versiones, Mitsubishi Electric MELSEC serie Q03/04/06/13/26UDVCPU todas las versiones, Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU todas las versiones, Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4) todas las versiones, Mitsubishi Electric MELSEC Q series QJ71E71-100 todas las versiones, Mitsubishi Electric MELSEC L series L02/06/26CPU(-P) todas las versiones, Mitsubishi Electric MELSEC L series L26CPU-(P)BT todas las versiones, Mitsubishi Electric MELSEC L series LJ71C24(-R2) todas las versiones, Mitsubishi Electric MELSEC L series LJ71E71-100 todas las versiones y Mitsubishi Electric MELSEC L series LJ72GF15-T2 todas las versiones permiten a un atacante remoto revelar o manipular un archivo en el que el hash de la contrase\u00f1a se guarda en texto claro"
}
],
"id": "CVE-2022-25158",
"lastModified": "2024-11-21T06:51:42.977",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-01T23:15:14.340",
"references": [
{
"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/vu/JVNVU96577897/index.html"
},
{
"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-04"
},
{
"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-031_en.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/vu/JVNVU96577897/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-04"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-031_en.pdf"
}
],
"sourceIdentifier": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-312"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-04-01 23:15
Modified
2024-11-21 06:51
Severity ?
Summary
Use of Password Hash Instead of Password for Authentication vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions, Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU all versions, Mitsubishi Electric MELSEC iQ-R series R16/32/64MTCPU all versions, Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4) all versions, Mitsubishi Electric MELSEC iQ-R series RJ71EN71 all versions, Mitsubishi Electric MELSEC iQ-R series RJ71GF11-T2 all versions, Mitsubishi Electric MELSEC iQ-R series RJ71GP21(S)-SX all versions, Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2 all versions, Mitsubishi Electric MELSEC Q series Q03UDECPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/10/13/20/26/50/100UDEHCPU all versions, Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU all versions, Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4) all versions, Mitsubishi Electric MELSEC Q series QJ71E71-100 all versions, Mitsubishi Electric MELSEC L series L02/06/26CPU(-P) all versions, Mitsubishi Electric MELSEC L series L26CPU-(P)BT all versions, Mitsubishi Electric MELSEC L series LJ71C24(-R2) all versions, Mitsubishi Electric MELSEC L series LJ71E71-100 all versions and Mitsubishi Electric MELSEC L series LJ72GF15-T2 all versions allows a remote unauthenticated attacker to disclose or tamper with the information in the product by using an eavesdropped password hash.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp | https://jvn.jp/vu/JVNVU96577897/index.html | Third Party Advisory | |
| Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp | https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-04 | Third Party Advisory, US Government Resource | |
| Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp | https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-031_en.pdf | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/vu/JVNVU96577897/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-04 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-031_en.pdf | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uc_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "66B8BB34-6DC1-459A-9C82-C54CC44F9D03",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "58019A30-5F53-4E6A-AADA-A002C8B73C24",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uc-32mr\\/ds-ts_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E10C7797-2505-4B69-94E9-78F931A72D0B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uc-32mr\\/ds-ts:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6319D639-CC7B-414E-9DCB-F9D427E8FEF2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uc-32mt\\/d_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9E2293F8-1A3F-4880-BCF5-B3A7DFF01F35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uc-32mt\\/d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EBBFA917-5DCF-4B0C-8C32-AC384FB880AC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uc-32mt\\/dss_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C554660B-CDC7-4DAA-8741-CFC546A6D678",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uc-32mt\\/dss:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2CFE160B-32CC-4529-AD35-7467A32B609E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uj-24mr\\/es_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5192EC31-9128-4DCB-ABEA-2EDE141B251C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uj-24mr\\/es:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3F4BA009-4F0A-427C-9D4A-F8A128F5F8C9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uj-24mt\\/es_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0C1BD07A-538D-44BC-A50E-0CD12303EE6E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uj-24mt\\/es:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B284B91-7571-4614-A721-676D1972E2D0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uj-24mt\\/ess_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EFC5E3AC-5403-46FE-8E8D-B2970BC18192",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uj-24mt\\/ess:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7D8A69D9-DE42-4953-AD81-40EF7A003823",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uj-40mr\\/es_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E437415B-3072-438C-8054-FB4C8AD780D4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uj-40mr\\/es:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B0AA6C3-68CC-454B-A959-707BB20F4E07",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uj-40mt\\/es_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "63BA3EA7-C2A4-4A58-914C-63DDB958548B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uj-40mt\\/es:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8ED5C2F9-C203-40FD-B15C-F91A68FA0DCC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uj-40mt\\/ess_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE6A1EF8-C44A-466A-BDD2-BED016A9BED2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uj-40mt\\/ess:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1A38E527-6290-49AE-885A-21C4FC77EE96",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uj-60mr\\/es_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B59ED412-6D2A-4B07-B665-6B8EB9FFF173",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uj-60mr\\/es:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8CAF8ED8-B265-4FC5-91AE-CFA4C282E27F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uj-60mt\\/es_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EF1D2D59-F506-45D4-BD4A-D69CFDDCD50F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uj-60mt\\/es:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8F5B2760-4E56-4FAA-A723-BB7CC28FAFD2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uj-60mt\\/ess_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1AADFEEA-40C3-4F4B-ADFD-4B58DF06E6A3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uj-60mt\\/ess:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7625B11E-0A91-46D2-8952-AC0BA956D7A8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uc-32mt\\/dss-ts_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "62AF044F-84FF-4EEB-A0ED-755B94BE8A3B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uc-32mt\\/dss-ts:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2122A970-5A7D-40A6-BB97-622B695713ED",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uc-32mt\\/ds-ts_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D9666151-FC68-471D-960F-9A85B2AE513B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uc-32mt\\/ds-ts:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C4B64FFA-59CE-46E9-B240-F083B332BFD1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uj_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2526AE1D-EE80-4828-AD4B-DD1E985F238B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uj:-:*:*:*:*:*:*:*",
"matchCriteriaId": "71622C45-9436-4AC0-8DFC-C05E4F92EA61",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Use of Password Hash Instead of Password for Authentication vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions, Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU all versions, Mitsubishi Electric MELSEC iQ-R series R16/32/64MTCPU all versions, Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4) all versions, Mitsubishi Electric MELSEC iQ-R series RJ71EN71 all versions, Mitsubishi Electric MELSEC iQ-R series RJ71GF11-T2 all versions, Mitsubishi Electric MELSEC iQ-R series RJ71GP21(S)-SX all versions, Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2 all versions, Mitsubishi Electric MELSEC Q series Q03UDECPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/10/13/20/26/50/100UDEHCPU all versions, Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU all versions, Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4) all versions, Mitsubishi Electric MELSEC Q series QJ71E71-100 all versions, Mitsubishi Electric MELSEC L series L02/06/26CPU(-P) all versions, Mitsubishi Electric MELSEC L series L26CPU-(P)BT all versions, Mitsubishi Electric MELSEC L series LJ71C24(-R2) all versions, Mitsubishi Electric MELSEC L series LJ71E71-100 all versions and Mitsubishi Electric MELSEC L series LJ72GF15-T2 all versions allows a remote unauthenticated attacker to disclose or tamper with the information in the product by using an eavesdropped password hash."
},
{
"lang": "es",
"value": "Vulnerabilidad en el uso del hash de la contrase\u00f1a en lugar de la contrase\u00f1a para la autenticaci\u00f3n en Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU todas las versiones, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU todas las versiones, Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU todas las versiones, Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(ES)CPU todas las versiones, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU todas las versiones, Mitsubishi Electric MELSEC iQ-R serie R08/16/32/120PCPU todas las versiones, Mitsubishi Electric MELSEC iQ-R serie R08/16/32/120PSFCPU todas las versiones, Mitsubishi Electric MELSEC iQ-R serie R16/32/64MTCPU todas las versiones, Mitsubishi Electric MELSEC iQ-R serie RJ71C24(-R2/R4) todas las versiones, Mitsubishi Electric MELSEC iQ-R serie RJ71EN71 todas las versiones, Mitsubishi Electric MELSEC iQ-R serie RJ71GF11-T2 todas las versiones, Mitsubishi Electric MELSEC iQ-R serie RJ71GP21(S)-SX todas las versiones, Mitsubishi Electric MELSEC serie iQ-R RJ72GF15-T2 todas las versiones, Mitsubishi Electric MELSEC serie Q Q03UDECPU todas las versiones, Mitsubishi Electric MELSEC serie Q04/06/10/13/20/26/50/100UDEHCPU todas las versiones, Mitsubishi Electric MELSEC Q serie Q03/04/06/13/26UDVCPU todas las versiones, Mitsubishi Electric MELSEC Q serie Q04/06/13/26UDPVCPU todas las versiones, Mitsubishi Electric MELSEC Q serie QJ71C24N(-R2/R4) todas las versiones, Mitsubishi Electric MELSEC Q serie QJ71E71-100 todas las versiones, Mitsubishi Electric MELSEC serie L L02/06/26CPU(-P) todas las versiones, Mitsubishi Electric MELSEC serie L L26CPU-(P)BT todas las versiones, Mitsubishi Electric MELSEC serie L LJ71C24(-R2) todas las versiones, Mitsubishi Electric MELSEC serie L LJ71E71-100 todas las versiones y Mitsubishi Electric MELSEC serie L LJ72GF15-T2 todas las versiones permiten a un atacante remoto no autenticado revelar o manipular la informaci\u00f3n del producto mediante el uso de un hash de contrase\u00f1a interceptado"
}
],
"id": "CVE-2022-25157",
"lastModified": "2024-11-21T06:51:42.840",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-01T23:15:14.297",
"references": [
{
"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/vu/JVNVU96577897/index.html"
},
{
"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-04"
},
{
"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-031_en.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/vu/JVNVU96577897/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-04"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-031_en.pdf"
}
],
"sourceIdentifier": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-04-01 23:15
Modified
2024-11-21 06:51
Severity ?
Summary
Authentication Bypass by Capture-replay vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions, Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU all versions, Mitsubishi Electric MELSEC iQ-R series R16/32/64MTCPU all versions, Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4) all versions, Mitsubishi Electric MELSEC iQ-R series RJ71EN71 all versions, Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2 all versions, Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU all versions, Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4) all versions and Mitsubishi Electric MELSEC Q series QJ71E71-100 all versions allows a remote unauthenticated attacker to login to the product by replay attack.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp | https://jvn.jp/vu/JVNVU96577897/index.html | Third Party Advisory | |
| Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp | https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-04 | Third Party Advisory, US Government Resource | |
| Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp | https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-031_en.pdf | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/vu/JVNVU96577897/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-04 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-031_en.pdf | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uc_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "66B8BB34-6DC1-459A-9C82-C54CC44F9D03",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "58019A30-5F53-4E6A-AADA-A002C8B73C24",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uc-32mr\\/ds-ts_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E10C7797-2505-4B69-94E9-78F931A72D0B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uc-32mr\\/ds-ts:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6319D639-CC7B-414E-9DCB-F9D427E8FEF2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uc-32mt\\/d_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9E2293F8-1A3F-4880-BCF5-B3A7DFF01F35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uc-32mt\\/d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EBBFA917-5DCF-4B0C-8C32-AC384FB880AC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uc-32mt\\/dss_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C554660B-CDC7-4DAA-8741-CFC546A6D678",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uc-32mt\\/dss:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2CFE160B-32CC-4529-AD35-7467A32B609E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uj-24mr\\/es_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5192EC31-9128-4DCB-ABEA-2EDE141B251C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uj-24mr\\/es:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3F4BA009-4F0A-427C-9D4A-F8A128F5F8C9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uj-24mt\\/es_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0C1BD07A-538D-44BC-A50E-0CD12303EE6E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uj-24mt\\/es:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B284B91-7571-4614-A721-676D1972E2D0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uj-24mt\\/ess_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EFC5E3AC-5403-46FE-8E8D-B2970BC18192",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uj-24mt\\/ess:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7D8A69D9-DE42-4953-AD81-40EF7A003823",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uj-40mr\\/es_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E437415B-3072-438C-8054-FB4C8AD780D4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uj-40mr\\/es:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B0AA6C3-68CC-454B-A959-707BB20F4E07",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uj-40mt\\/es_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "63BA3EA7-C2A4-4A58-914C-63DDB958548B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uj-40mt\\/es:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8ED5C2F9-C203-40FD-B15C-F91A68FA0DCC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uj-40mt\\/ess_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE6A1EF8-C44A-466A-BDD2-BED016A9BED2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uj-40mt\\/ess:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1A38E527-6290-49AE-885A-21C4FC77EE96",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uj-60mr\\/es_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B59ED412-6D2A-4B07-B665-6B8EB9FFF173",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uj-60mr\\/es:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8CAF8ED8-B265-4FC5-91AE-CFA4C282E27F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uj-60mt\\/es_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EF1D2D59-F506-45D4-BD4A-D69CFDDCD50F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uj-60mt\\/es:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8F5B2760-4E56-4FAA-A723-BB7CC28FAFD2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uj-60mt\\/ess_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1AADFEEA-40C3-4F4B-ADFD-4B58DF06E6A3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uj-60mt\\/ess:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7625B11E-0A91-46D2-8952-AC0BA956D7A8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uc-32mt\\/dss-ts_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "62AF044F-84FF-4EEB-A0ED-755B94BE8A3B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uc-32mt\\/dss-ts:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2122A970-5A7D-40A6-BB97-622B695713ED",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uc-32mt\\/ds-ts_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D9666151-FC68-471D-960F-9A85B2AE513B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uc-32mt\\/ds-ts:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C4B64FFA-59CE-46E9-B240-F083B332BFD1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uj_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2526AE1D-EE80-4828-AD4B-DD1E985F238B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uj:-:*:*:*:*:*:*:*",
"matchCriteriaId": "71622C45-9436-4AC0-8DFC-C05E4F92EA61",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Authentication Bypass by Capture-replay vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions, Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU all versions, Mitsubishi Electric MELSEC iQ-R series R16/32/64MTCPU all versions, Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4) all versions, Mitsubishi Electric MELSEC iQ-R series RJ71EN71 all versions, Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2 all versions, Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU all versions, Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4) all versions and Mitsubishi Electric MELSEC Q series QJ71E71-100 all versions allows a remote unauthenticated attacker to login to the product by replay attack."
},
{
"lang": "es",
"value": "Vulnerabilidad de elusi\u00f3n de autenticaci\u00f3n por captura-repetici\u00f3n en la CPU de la serie MELSEC iQ-F de Mitsubishi Electric FX5U(C) todas las versiones, la CPU de la serie MELSEC iQ-F de Mitsubishi Electric FX5UJ todas las versiones, la CPU de la serie MELSEC iQ-R de Mitsubishi Electric R00/01/02CPU todas las versiones, la CPU de la serie MELSEC iQ-R de Mitsubishi Electric R04/08/16/32/120(ES)todas las versiones, Mitsubishi Electric MELSEC iQ-R serie R08/16/32/120SFCPU todas las versiones, Mitsubishi Electric MELSEC iQ-R serie R08/16/32/120PCPU todas las versiones, Mitsubishi Electric MELSEC iQ-R serie R08/16/32/120PSFCPU todas las versiones, Mitsubishi Electric MELSEC iQ-R serie R16/32/64MTCPU todas las versiones, Mitsubishi Electric MELSEC iQ-R serie RJ71C24(-R2/R4) todas las versiones, Mitsubishi Electric MELSEC iQ-R serie RJ71EN71 todas las versiones, Mitsubishi Electric MELSEC iQ-R serie RJ72GF15-T2 todas las versiones, Mitsubishi Electric MELSEC Q serie Q03/04/06/13/26UDVCPU todas las versiones, Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU todas las versiones, Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4) todas las versiones y Mitsubishi Electric MELSEC Q series QJ71E71-100 todas las versiones permiten a un atacante remoto no autenticado iniciar sesi\u00f3n en el producto mediante un ataque de repetici\u00f3n"
}
],
"id": "CVE-2022-25159",
"lastModified": "2024-11-21T06:51:43.103",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-01T23:15:14.383",
"references": [
{
"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/vu/JVNVU96577897/index.html"
},
{
"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-04"
},
{
"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-031_en.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/vu/JVNVU96577897/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-04"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-031_en.pdf"
}
],
"sourceIdentifier": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-294"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-03-30 08:15
Modified
2024-11-21 05:34
Severity ?
Summary
When MELSOFT transmission port (UDP/IP) of Mitsubishi Electric MELSEC iQ-R series (all versions), MELSEC iQ-F series (all versions), MELSEC Q series (all versions), MELSEC L series (all versions), and MELSEC F series (all versions) receives massive amount of data via unspecified vectors, resource consumption occurs and the port does not process the data properly. As a result, it may fall into a denial-of-service (DoS) condition. The vendor states this vulnerability only affects Ethernet communication functions.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:cr800-q_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EF2A7CBE-E5C3-425E-8B96-68B00D91C78B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:cr800-q:-:*:*:*:*:*:*:*",
"matchCriteriaId": "26BB628D-BE6A-493D-8AF3-F0F7C2744D5A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx3g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F2A1590B-D508-4B52-815C-D2B74DE9BB90",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx3g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A25D12B9-D2F2-4F42-A227-20B1E65A14CE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx3gc_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6BF49EC6-DA86-475E-B67A-50E55F4849B2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx3gc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D319713C-7222-429B-87E3-3C4BFCD23E85",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx3s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3EC1317A-3E2D-4EC1-B3C8-3535DA9E0F67",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx3s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E2BB478B-D589-45A1-9149-3A76941AE4BC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx3u_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0CE6315A-D01D-40B4-B1FD-8E9D4B1F7BA3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx3u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7E76BD47-E635-48F2-AE04-6682E8AC3766",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx3uc_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4C92EBEF-9479-4E84-9DAF-29D1F9784155",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx3uc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A879DAAF-F3F5-4800-9C2F-0C6F38EEFC4D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5u_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "00BF039E-A541-4A79-83EC-C5A6779975B3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "599F54D9-E6F4-4244-B251-CDA5213654BA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uc_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "66B8BB34-6DC1-459A-9C82-C54CC44F9D03",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "58019A30-5F53-4E6A-AADA-A002C8B73C24",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uj_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2526AE1D-EE80-4828-AD4B-DD1E985F238B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uj:-:*:*:*:*:*:*:*",
"matchCriteriaId": "71622C45-9436-4AC0-8DFC-C05E4F92EA61",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:l02cpu_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "94E9318C-B3FA-43A5-8509-285FD1968D6A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:l02cpu:-:*:*:*:*:*:*:*",
"matchCriteriaId": "125482D3-8FA3-4E80-BE4D-29C3C721C624",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:l02cpu-p_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E1B0BC24-11B5-4174-8877-966FE4ED959D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:l02cpu-p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ECC3E9C7-04C0-43F1-99B2-0C2471238A13",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:l02scpu_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "739910FB-4D30-4E48-823A-778390DC7691",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:l02scpu:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EC87459F-DB5E-4A5F-BFFC-B2026405F74B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:l02scpu-p_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5A0F2373-BC92-42D8-A076-92B6AC32B3AC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:l02scpu-p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "61414DA7-87A6-421E-B75D-5D4283B54C41",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:l06cpu_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A0B804C2-CF55-42C5-BBE2-2035C1FAEF58",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:l06cpu:-:*:*:*:*:*:*:*",
"matchCriteriaId": "63C8CF5F-FFDF-4403-96D0-46A7FECAC5E2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:l06cpu-p_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "23DAE700-6C44-4DB6-83F0-1FC4C687B8F5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:l06cpu-p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "961B56BC-F78C-44CC-885E-3451DFDF29EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:l26cpu_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "45C1BC66-A107-4ADA-B0EE-82C71CFEC105",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:l26cpu:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1884BE8D-FFCD-4089-9F0B-519C8F570FCF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:l26cpu-bt_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "15080C41-2C1F-46E8-920A-EDAE23E6CCB1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:l26cpu-bt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3966C103-5181-49E3-878F-A0AF9F1DBA76",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:l26cpu-p_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "361DEFFD-40FD-4B5F-ACFC-A62C165D4072",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:l26cpu-p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FFD2A6CD-32DE-49F0-89F4-C130F0809766",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:l26cpu-pbt_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3C3C588A-1BFF-47B5-A658-EAF93F437E8A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:l26cpu-pbt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A60BE93D-B60D-4F45-ACD3-7B64C0C45D83",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:q02phcpu_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "02651218-2B85-4991-8379-0EE3B4B8A291",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:q02phcpu:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6B20D1BF-244D-4053-AF21-8A4940CC07DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:q06phcpu_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "02BE0617-11A9-45E8-A08B-C07ED0F13FC0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:q06phcpu:-:*:*:*:*:*:*:*",
"matchCriteriaId": "209C8EA9-FCF9-4328-ABFC-39E9AD3DED33",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:q12dccpu-v_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "00B24F2C-950F-4629-BBA5-ECE4B54A451A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:q12dccpu-v:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2EBEC354-7543-4351-AD8F-0A501FF9F3CD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:q12phcpu_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1226F70B-39A4-4646-8B4A-366C5AA419C1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:q12phcpu:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4990FA80-B3FE-4BB5-BBC9-121AD277CEEE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:q12prhcpu_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3EAE7F3-7923-4D8C-B60A-8391689C1FCD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:q12prhcpu:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C4070CA9-B707-4888-B46E-3A158639133B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:q172dscpu_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0EFFD6EB-DEC6-480B-A291-5EB06E2595DF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:q172dscpu:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD93A14A-0E09-4355-82D0-143A959658D5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:q173dscpu_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "70A75998-BB23-4E99-8970-6BFD73207031",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:q173dscpu:-:*:*:*:*:*:*:*",
"matchCriteriaId": "597ED633-B087-46BD-832F-0978A5E1958D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:q173nccpu_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D31EF117-F724-4F65-828D-43B6490F1CA7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:q173nccpu:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3309D461-6E1F-4742-9864-C1C950EA6E6C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:q24dhccpu-ls_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B0D8B0EF-E4A0-49C9-A3A3-2B3853F6A87B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:q24dhccpu-ls:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7450DA08-2475-4256-B458-E4164577EF6C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:q24dhccpu-v_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "86321C61-6585-42AC-93AE-3AFE1A304BD1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:q24dhccpu-v:-:*:*:*:*:*:*:*",
"matchCriteriaId": "210A2E8A-BF20-43F5-BA07-CB662833DE1D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:q24dhccpu-vg2_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3DAE5B0E-9453-4440-9671-E9CAF2C4D804",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:q24dhccpu-vg2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "42B8ADB2-9EF6-4B8D-92E6-B06D129DB399",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:q25phcpu_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BF11C54C-DB60-4D0E-B427-A751F0EEA933",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:q25phcpu:-:*:*:*:*:*:*:*",
"matchCriteriaId": "329F14BA-2BA2-4C5B-BA00-CFAF007842A5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:q25prhcpu_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8999B0E3-8592-490D-8F97-E7A0CF7DD53C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:q25prhcpu:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6BB1653B-A02B-48BA-9393-BF3337D02E33",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:q26dhccpu-ls_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "99135DCE-0336-45B4-A04A-30EB50A6F96C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:q26dhccpu-ls:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D3A79557-71AA-466E-9E1E-EEE00B54386A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:r00cpu_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4BAECA77-FAF2-4A92-AEC4-E9CE6E97191E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:r00cpu:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B0A23F21-9C5F-4CB3-BA20-4195B2165D26",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:r01cpu_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "509CC970-A464-4B21-9094-2B0C2CE63F4A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:r01cpu:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CADF6528-4B25-4779-A06F-2C4DF91DAE90",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:r02cpu_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "181FBE97-4AC2-4E5E-B8F3-5990801D2581",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:r02cpu:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2D753C47-ED9C-453F-AC1F-C50476BE61C0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:r04cpu_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "72F8AA4E-EA6B-49B8-B370-B4FFEA158C93",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:r04cpu:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BDEEF15E-FE32-4610-9E14-891069573E4D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:r04encpu_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3A76FE2-43E4-4B70-972B-24D68029686F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:r04encpu:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C5862905-F77D-4DEE-88A8-59893362936F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:r08cpu_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8D4C04EE-0130-4CD7-94A0-7E007C166B61",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:r08cpu:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2DAA2202-88D5-4329-BF51-0F18C350C45C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:r08encpu_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4395FC87-A7E6-4023-A3D7-EE2BE1889214",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:r08encpu:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6B85DAD9-7F5B-4740-94A3-94835D82CE3C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:r120cpu_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0639C212-1596-4B3F-BDA9-722D43119F5E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:r120cpu:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3EF7D08E-D3D1-48D4-9440-B94B7A2BD662",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:r120encpu_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E817A24C-8299-428E-B31B-F9921B6677AD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:r120encpu:-:*:*:*:*:*:*:*",
"matchCriteriaId": "411C7828-D7C7-4B42-82E3-CAC21C15951C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:r16cpu_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B4EDB93E-5A80-4874-8B70-4609137E0120",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:r16cpu:-:*:*:*:*:*:*:*",
"matchCriteriaId": "30016EA0-FB24-4382-8960-6A75D32C9BD7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:r16encpu_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EE9C85A1-0CDE-44FF-ACF2-22DCD0D04B00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:r16encpu:-:*:*:*:*:*:*:*",
"matchCriteriaId": "81F7DE17-AA44-4E78-B07B-3D9F641DF445",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:r32cpu_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "140158F4-08B3-4BEF-95DE-28A3C272ABB6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:r32cpu:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DAF6EB84-7D97-4606-A90F-9D443CBC4755",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:r32encpu_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "088D771F-0978-4549-A7AA-A90C79BDA5F6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:r32encpu:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9546A301-8039-4D42-B1A2-AAF6C3C17203",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "When MELSOFT transmission port (UDP/IP) of Mitsubishi Electric MELSEC iQ-R series (all versions), MELSEC iQ-F series (all versions), MELSEC Q series (all versions), MELSEC L series (all versions), and MELSEC F series (all versions) receives massive amount of data via unspecified vectors, resource consumption occurs and the port does not process the data properly. As a result, it may fall into a denial-of-service (DoS) condition. The vendor states this vulnerability only affects Ethernet communication functions."
},
{
"lang": "es",
"value": "Cuando el puerto de transmisi\u00f3n de MELSOFT (UDP/IP) de la serie Mitsubishi Electric MELSEC iQ-R (todas las versiones), la serie MELSEC iQ-F (todas las versiones), la serie MELSEC Q (todas las versiones), la serie MELSEC L (todas las versiones) y la serie MELSEC F (todas las versiones), recibe una cantidad masiva de datos por medio de vectores no especificados, un consumo de recursos se presenta y el puerto no procesa los datos apropiadamente. Como resultado, puede caer en una condici\u00f3n de denegaci\u00f3n de servicio (DoS). El proveedor declara que esta vulnerabilidad solo afecta las funciones de comunicaci\u00f3n Ethernet."
}
],
"id": "CVE-2020-5527",
"lastModified": "2024-11-21T05:34:13.020",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-03-30T08:15:17.640",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/vu/JVNVU91553662/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2019-005_en.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/vu/JVNVU91553662/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2019-005_en.pdf"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2022-25157
Vulnerability from cvelistv5
Published
2022-04-01 22:17
Modified
2024-08-03 04:29
Severity ?
EPSS score ?
Summary
Use of Password Hash Instead of Password for Authentication vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions, Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU all versions, Mitsubishi Electric MELSEC iQ-R series R16/32/64MTCPU all versions, Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4) all versions, Mitsubishi Electric MELSEC iQ-R series RJ71EN71 all versions, Mitsubishi Electric MELSEC iQ-R series RJ71GF11-T2 all versions, Mitsubishi Electric MELSEC iQ-R series RJ71GP21(S)-SX all versions, Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2 all versions, Mitsubishi Electric MELSEC Q series Q03UDECPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/10/13/20/26/50/100UDEHCPU all versions, Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU all versions, Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4) all versions, Mitsubishi Electric MELSEC Q series QJ71E71-100 all versions, Mitsubishi Electric MELSEC L series L02/06/26CPU(-P) all versions, Mitsubishi Electric MELSEC L series L26CPU-(P)BT all versions, Mitsubishi Electric MELSEC L series LJ71C24(-R2) all versions, Mitsubishi Electric MELSEC L series LJ71E71-100 all versions and Mitsubishi Electric MELSEC L series LJ72GF15-T2 all versions allows a remote unauthenticated attacker to disclose or tamper with the information in the product by using an eavesdropped password hash.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-031_en.pdf | x_refsource_MISC | |
| https://jvn.jp/vu/JVNVU96577897/index.html | x_refsource_MISC | |
| https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-04 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU; Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU; Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU; Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU; Mitsubishi Electric MELSEC iQ-R series R16/32/64MTCPU; Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4); Mitsubishi Electric MELSEC iQ-R series RJ71EN71; Mitsubishi Electric MELSEC iQ-R series RJ71GF11-T2; Mitsubishi Electric MELSEC iQ-R series RJ71GP21(S)-SX; Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2; Mitsubishi Electric MELSEC Q series Q03UDECPU; Mitsubishi Electric MELSEC Q series Q04/06/10/13/20/26/50/100UDEHCPU; Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU; Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU; Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4); Mitsubishi Electric MELSEC Q series QJ71E71-100; Mitsubishi Electric MELSEC L series L02/06/26CPU(-P); Mitsubishi Electric MELSEC L series L26CPU-(P)BT; Mitsubishi Electric MELSEC L series LJ71C24(-R2); Mitsubishi Electric MELSEC L series LJ71E71-100; Mitsubishi Electric MELSEC L series LJ72GF15-T2 |
Version: Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions Version: Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions Version: Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions Version: Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU all versions Version: Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU all versions Version: Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU all versions Version: Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU all versions Version: Mitsubishi Electric MELSEC iQ-R series R16/32/64MTCPU all versions Version: Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4) all versions Version: Mitsubishi Electric MELSEC iQ-R series RJ71EN71 all versions Version: Mitsubishi Electric MELSEC iQ-R series RJ71GF11-T2 all versions Version: Mitsubishi Electric MELSEC iQ-R series RJ71GP21(S)-SX all versions Version: Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2 all versions Version: Mitsubishi Electric MELSEC Q series Q03UDECPU all versions Version: Mitsubishi Electric MELSEC Q series Q04/06/10/13/20/26/50/100UDEHCPU all versions Version: Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU all versions Version: Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU all versions Version: Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4) all versions Version: Mitsubishi Electric MELSEC Q series QJ71E71-100 all versions Version: Mitsubishi Electric MELSEC L series L02/06/26CPU(-P) all versions Version: Mitsubishi Electric MELSEC L series L26CPU-(P)BT all versions Version: Mitsubishi Electric MELSEC L series LJ71C24(-R2) all versions Version: Mitsubishi Electric MELSEC L series LJ71E71-100 all versions Version: Mitsubishi Electric MELSEC L series LJ72GF15-T2 all versions |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:29:01.803Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-031_en.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/vu/JVNVU96577897/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-04"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU; Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU; Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU; Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU; Mitsubishi Electric MELSEC iQ-R series R16/32/64MTCPU; Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4); Mitsubishi Electric MELSEC iQ-R series RJ71EN71; Mitsubishi Electric MELSEC iQ-R series RJ71GF11-T2; Mitsubishi Electric MELSEC iQ-R series RJ71GP21(S)-SX; Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2; Mitsubishi Electric MELSEC Q series Q03UDECPU; Mitsubishi Electric MELSEC Q series Q04/06/10/13/20/26/50/100UDEHCPU; Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU; Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU; Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4); Mitsubishi Electric MELSEC Q series QJ71E71-100; Mitsubishi Electric MELSEC L series L02/06/26CPU(-P); Mitsubishi Electric MELSEC L series L26CPU-(P)BT; Mitsubishi Electric MELSEC L series LJ71C24(-R2); Mitsubishi Electric MELSEC L series LJ71E71-100; Mitsubishi Electric MELSEC L series LJ72GF15-T2",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions"
},
{
"status": "affected",
"version": "Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions"
},
{
"status": "affected",
"version": "Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions"
},
{
"status": "affected",
"version": "Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU all versions"
},
{
"status": "affected",
"version": "Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU all versions"
},
{
"status": "affected",
"version": "Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU all versions"
},
{
"status": "affected",
"version": "Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU all versions"
},
{
"status": "affected",
"version": "Mitsubishi Electric MELSEC iQ-R series R16/32/64MTCPU all versions"
},
{
"status": "affected",
"version": "Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4) all versions"
},
{
"status": "affected",
"version": "Mitsubishi Electric MELSEC iQ-R series RJ71EN71 all versions"
},
{
"status": "affected",
"version": "Mitsubishi Electric MELSEC iQ-R series RJ71GF11-T2 all versions"
},
{
"status": "affected",
"version": "Mitsubishi Electric MELSEC iQ-R series RJ71GP21(S)-SX all versions"
},
{
"status": "affected",
"version": "Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2 all versions"
},
{
"status": "affected",
"version": "Mitsubishi Electric MELSEC Q series Q03UDECPU all versions"
},
{
"status": "affected",
"version": "Mitsubishi Electric MELSEC Q series Q04/06/10/13/20/26/50/100UDEHCPU all versions"
},
{
"status": "affected",
"version": "Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU all versions"
},
{
"status": "affected",
"version": "Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU all versions"
},
{
"status": "affected",
"version": "Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4) all versions"
},
{
"status": "affected",
"version": "Mitsubishi Electric MELSEC Q series QJ71E71-100 all versions"
},
{
"status": "affected",
"version": "Mitsubishi Electric MELSEC L series L02/06/26CPU(-P) all versions"
},
{
"status": "affected",
"version": "Mitsubishi Electric MELSEC L series L26CPU-(P)BT all versions"
},
{
"status": "affected",
"version": "Mitsubishi Electric MELSEC L series LJ71C24(-R2) all versions"
},
{
"status": "affected",
"version": "Mitsubishi Electric MELSEC L series LJ71E71-100 all versions"
},
{
"status": "affected",
"version": "Mitsubishi Electric MELSEC L series LJ72GF15-T2 all versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use of Password Hash Instead of Password for Authentication vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions, Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU all versions, Mitsubishi Electric MELSEC iQ-R series R16/32/64MTCPU all versions, Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4) all versions, Mitsubishi Electric MELSEC iQ-R series RJ71EN71 all versions, Mitsubishi Electric MELSEC iQ-R series RJ71GF11-T2 all versions, Mitsubishi Electric MELSEC iQ-R series RJ71GP21(S)-SX all versions, Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2 all versions, Mitsubishi Electric MELSEC Q series Q03UDECPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/10/13/20/26/50/100UDEHCPU all versions, Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU all versions, Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4) all versions, Mitsubishi Electric MELSEC Q series QJ71E71-100 all versions, Mitsubishi Electric MELSEC L series L02/06/26CPU(-P) all versions, Mitsubishi Electric MELSEC L series L26CPU-(P)BT all versions, Mitsubishi Electric MELSEC L series LJ71C24(-R2) all versions, Mitsubishi Electric MELSEC L series LJ71E71-100 all versions and Mitsubishi Electric MELSEC L series LJ72GF15-T2 all versions allows a remote unauthenticated attacker to disclose or tamper with the information in the product by using an eavesdropped password hash."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use of Password Hash Instead of Password for Authentication",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-02T16:46:52",
"orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
"shortName": "Mitsubishi"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-031_en.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/vu/JVNVU96577897/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-04"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"ID": "CVE-2022-25157",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU; Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU; Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU; Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU; Mitsubishi Electric MELSEC iQ-R series R16/32/64MTCPU; Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4); Mitsubishi Electric MELSEC iQ-R series RJ71EN71; Mitsubishi Electric MELSEC iQ-R series RJ71GF11-T2; Mitsubishi Electric MELSEC iQ-R series RJ71GP21(S)-SX; Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2; Mitsubishi Electric MELSEC Q series Q03UDECPU; Mitsubishi Electric MELSEC Q series Q04/06/10/13/20/26/50/100UDEHCPU; Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU; Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU; Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4); Mitsubishi Electric MELSEC Q series QJ71E71-100; Mitsubishi Electric MELSEC L series L02/06/26CPU(-P); Mitsubishi Electric MELSEC L series L26CPU-(P)BT; Mitsubishi Electric MELSEC L series LJ71C24(-R2); Mitsubishi Electric MELSEC L series LJ71E71-100; Mitsubishi Electric MELSEC L series LJ72GF15-T2",
"version": {
"version_data": [
{
"version_value": "Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-R series R16/32/64MTCPU all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4) all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-R series RJ71EN71 all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-R series RJ71GF11-T2 all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-R series RJ71GP21(S)-SX all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2 all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC Q series Q03UDECPU all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC Q series Q04/06/10/13/20/26/50/100UDEHCPU all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4) all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC Q series QJ71E71-100 all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC L series L02/06/26CPU(-P) all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC L series L26CPU-(P)BT all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC L series LJ71C24(-R2) all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC L series LJ71E71-100 all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC L series LJ72GF15-T2 all versions"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use of Password Hash Instead of Password for Authentication vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions, Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU all versions, Mitsubishi Electric MELSEC iQ-R series R16/32/64MTCPU all versions, Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4) all versions, Mitsubishi Electric MELSEC iQ-R series RJ71EN71 all versions, Mitsubishi Electric MELSEC iQ-R series RJ71GF11-T2 all versions, Mitsubishi Electric MELSEC iQ-R series RJ71GP21(S)-SX all versions, Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2 all versions, Mitsubishi Electric MELSEC Q series Q03UDECPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/10/13/20/26/50/100UDEHCPU all versions, Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU all versions, Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4) all versions, Mitsubishi Electric MELSEC Q series QJ71E71-100 all versions, Mitsubishi Electric MELSEC L series L02/06/26CPU(-P) all versions, Mitsubishi Electric MELSEC L series L26CPU-(P)BT all versions, Mitsubishi Electric MELSEC L series LJ71C24(-R2) all versions, Mitsubishi Electric MELSEC L series LJ71E71-100 all versions and Mitsubishi Electric MELSEC L series LJ72GF15-T2 all versions allows a remote unauthenticated attacker to disclose or tamper with the information in the product by using an eavesdropped password hash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use of Password Hash Instead of Password for Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-031_en.pdf",
"refsource": "MISC",
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-031_en.pdf"
},
{
"name": "https://jvn.jp/vu/JVNVU96577897/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/vu/JVNVU96577897/index.html"
},
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-04",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-04"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
"assignerShortName": "Mitsubishi",
"cveId": "CVE-2022-25157",
"datePublished": "2022-04-01T22:17:59",
"dateReserved": "2022-02-14T00:00:00",
"dateUpdated": "2024-08-03T04:29:01.803Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-25160
Vulnerability from cvelistv5
Published
2022-04-01 22:18
Modified
2024-08-03 04:29
Severity ?
EPSS score ?
Summary
Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions, Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU all versions, Mitsubishi Electric MELSEC iQ-R series R16/32/64MTCPU all versions, Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4) all versions, Mitsubishi Electric MELSEC iQ-R series RJ71EN71 all versions, Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2 all versions, Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU all versions, Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4) all versions and Mitsubishi Electric MELSEC Q series QJ71E71-100 all versions allows a remote unauthenticated attacker to disclose a file in a legitimate user's product by using previously eavesdropped cleartext information and to counterfeit a legitimate user’s system.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-031_en.pdf | x_refsource_MISC | |
| https://jvn.jp/vu/JVNVU96577897/index.html | x_refsource_MISC | |
| https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-04 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU; Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU; Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU; Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU; Mitsubishi Electric MELSEC iQ-R series R16/32/64MTCPU; Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4); Mitsubishi Electric MELSEC iQ-R series RJ71EN71; Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2; Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU; Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU; Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4); Mitsubishi Electric MELSEC Q series QJ71E71-100 |
Version: Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions Version: Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions Version: Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions Version: Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU all versions Version: Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU all versions Version: Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU all versions Version: Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU all versions Version: Mitsubishi Electric MELSEC iQ-R series R16/32/64MTCPU all versions Version: Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4) all versions Version: Mitsubishi Electric MELSEC iQ-R series RJ71EN71 all versions Version: Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2 all versions Version: Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU all versions Version: Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU all versions Version: Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4) all versions Version: Mitsubishi Electric MELSEC Q series QJ71E71-100 all versions |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:29:01.699Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-031_en.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/vu/JVNVU96577897/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-04"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU; Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU; Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU; Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU; Mitsubishi Electric MELSEC iQ-R series R16/32/64MTCPU; Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4); Mitsubishi Electric MELSEC iQ-R series RJ71EN71; Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2; Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU; Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU; Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4); Mitsubishi Electric MELSEC Q series QJ71E71-100",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions"
},
{
"status": "affected",
"version": "Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions"
},
{
"status": "affected",
"version": "Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions"
},
{
"status": "affected",
"version": "Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU all versions"
},
{
"status": "affected",
"version": "Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU all versions"
},
{
"status": "affected",
"version": "Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU all versions"
},
{
"status": "affected",
"version": "Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU all versions"
},
{
"status": "affected",
"version": "Mitsubishi Electric MELSEC iQ-R series R16/32/64MTCPU all versions"
},
{
"status": "affected",
"version": "Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4) all versions"
},
{
"status": "affected",
"version": "Mitsubishi Electric MELSEC iQ-R series RJ71EN71 all versions"
},
{
"status": "affected",
"version": "Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2 all versions"
},
{
"status": "affected",
"version": "Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU all versions"
},
{
"status": "affected",
"version": "Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU all versions"
},
{
"status": "affected",
"version": "Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4) all versions"
},
{
"status": "affected",
"version": "Mitsubishi Electric MELSEC Q series QJ71E71-100 all versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions, Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU all versions, Mitsubishi Electric MELSEC iQ-R series R16/32/64MTCPU all versions, Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4) all versions, Mitsubishi Electric MELSEC iQ-R series RJ71EN71 all versions, Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2 all versions, Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU all versions, Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4) all versions and Mitsubishi Electric MELSEC Q series QJ71E71-100 all versions allows a remote unauthenticated attacker to disclose a file in a legitimate user\u0027s product by using previously eavesdropped cleartext information and to counterfeit a legitimate user\u2019s system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cleartext Storage of Sensitive Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-02T16:44:05",
"orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
"shortName": "Mitsubishi"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-031_en.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/vu/JVNVU96577897/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-04"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"ID": "CVE-2022-25160",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU; Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU; Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU; Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU; Mitsubishi Electric MELSEC iQ-R series R16/32/64MTCPU; Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4); Mitsubishi Electric MELSEC iQ-R series RJ71EN71; Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2; Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU; Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU; Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4); Mitsubishi Electric MELSEC Q series QJ71E71-100",
"version": {
"version_data": [
{
"version_value": "Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-R series R16/32/64MTCPU all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4) all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-R series RJ71EN71 all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2 all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4) all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC Q series QJ71E71-100 all versions"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions, Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU all versions, Mitsubishi Electric MELSEC iQ-R series R16/32/64MTCPU all versions, Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4) all versions, Mitsubishi Electric MELSEC iQ-R series RJ71EN71 all versions, Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2 all versions, Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU all versions, Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4) all versions and Mitsubishi Electric MELSEC Q series QJ71E71-100 all versions allows a remote unauthenticated attacker to disclose a file in a legitimate user\u0027s product by using previously eavesdropped cleartext information and to counterfeit a legitimate user\u2019s system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cleartext Storage of Sensitive Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-031_en.pdf",
"refsource": "MISC",
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-031_en.pdf"
},
{
"name": "https://jvn.jp/vu/JVNVU96577897/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/vu/JVNVU96577897/index.html"
},
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-04",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-04"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
"assignerShortName": "Mitsubishi",
"cveId": "CVE-2022-25160",
"datePublished": "2022-04-01T22:18:02",
"dateReserved": "2022-02-14T00:00:00",
"dateUpdated": "2024-08-03T04:29:01.699Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-25155
Vulnerability from cvelistv5
Published
2022-04-01 22:17
Modified
2024-08-03 04:29
Severity ?
EPSS score ?
Summary
Use of Password Hash Instead of Password for Authentication vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions, Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU all versions, Mitsubishi Electric MELSEC iQ-R series RJ71GN11-T2 all versions, Mitsubishi Electric MELSEC iQ-R series RJ71GN11-EIP all versions, Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4) all versions, Mitsubishi Electric MELSEC iQ-R series RJ71EN71 all versions, Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2 all versions, Mitsubishi Electric MELSEC Q series Q03UDECPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/10/13/20/26/50/100UDEHCPU all versions, Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU all versions, Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4) all versions, Mitsubishi Electric MELSEC Q series QJ71E71-100 all versions, Mitsubishi Electric MELSEC Q series QJ72BR15 all versions, Mitsubishi Electric MELSEC Q series QJ72LP25(-25/G/GE) all versions, Mitsubishi Electric MELSEC L series L02/06/26CPU(-P) all versions, Mitsubishi Electric MELSEC L series L26CPU-(P)BT all versions, Mitsubishi Electric MELSEC L series LJ71C24(-R2) all versions, Mitsubishi Electric MELSEC L series LJ71E71-100 all versions and Mitsubishi Electric MELSEC L series LJ72GF15-T2 all versions allows a remote unauthenticated attacker to login to the product by replaying an eavesdropped password hash.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-031_en.pdf | x_refsource_MISC | |
| https://jvn.jp/vu/JVNVU96577897/index.html | x_refsource_MISC | |
| https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-04 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU; Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU; Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU; Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU; Mitsubishi Electric MELSEC iQ-R series RJ71GN11-T2; Mitsubishi Electric MELSEC iQ-R series RJ71GN11-EIP; Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4); Mitsubishi Electric MELSEC iQ-R series RJ71EN71; Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2; Mitsubishi Electric MELSEC Q series Q03UDECPU; Mitsubishi Electric MELSEC Q series Q04/06/10/13/20/26/50/100UDEHCPU; Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU; Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU; Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4); Mitsubishi Electric MELSEC Q series QJ71E71-100; Mitsubishi Electric MELSEC Q series QJ72BR15; Mitsubishi Electric MELSEC Q series QJ72LP25(-25/G/GE); Mitsubishi Electric MELSEC L series L02/06/26CPU(-P); Mitsubishi Electric MELSEC L series L26CPU-(P)BT; Mitsubishi Electric MELSEC L series LJ71C24(-R2); Mitsubishi Electric MELSEC L series LJ71E71-100; Mitsubishi Electric MELSEC L series LJ72GF15-T2 |
Version: Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions Version: Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions Version: Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions Version: Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU all versions Version: Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU all versions Version: Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU all versions Version: Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU all versions Version: Mitsubishi Electric MELSEC iQ-R series RJ71GN11-T2 all versions Version: Mitsubishi Electric MELSEC iQ-R series RJ71GN11-EIP all versions Version: Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4) all versions Version: Mitsubishi Electric MELSEC iQ-R series RJ71EN71 all versions Version: Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2 all versions Version: Mitsubishi Electric MELSEC Q series Q03UDECPU all versions Version: Mitsubishi Electric MELSEC Q series Q04/06/10/13/20/26/50/100UDEHCPU all versions Version: Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU all versions Version: Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU all versions Version: Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4) all versions Version: Mitsubishi Electric MELSEC Q series QJ71E71-100 all versions Version: Mitsubishi Electric MELSEC Q series QJ72BR15 all versions Version: Mitsubishi Electric MELSEC Q series QJ72LP25(-25/G/GE) all versions Version: Mitsubishi Electric MELSEC L series L02/06/26CPU(-P) all versions Version: Mitsubishi Electric MELSEC L series L26CPU-(P)BT all versions Version: Mitsubishi Electric MELSEC L series LJ71C24(-R2) all versions Version: Mitsubishi Electric MELSEC L series LJ71E71-100 all versions Version: Mitsubishi Electric MELSEC L series LJ72GF15-T2 all versions |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:29:01.619Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-031_en.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/vu/JVNVU96577897/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-04"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU; Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU; Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU; Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU; Mitsubishi Electric MELSEC iQ-R series RJ71GN11-T2; Mitsubishi Electric MELSEC iQ-R series RJ71GN11-EIP; Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4); Mitsubishi Electric MELSEC iQ-R series RJ71EN71; Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2; Mitsubishi Electric MELSEC Q series Q03UDECPU; Mitsubishi Electric MELSEC Q series Q04/06/10/13/20/26/50/100UDEHCPU; Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU; Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU; Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4); Mitsubishi Electric MELSEC Q series QJ71E71-100; Mitsubishi Electric MELSEC Q series QJ72BR15; Mitsubishi Electric MELSEC Q series QJ72LP25(-25/G/GE); Mitsubishi Electric MELSEC L series L02/06/26CPU(-P); Mitsubishi Electric MELSEC L series L26CPU-(P)BT; Mitsubishi Electric MELSEC L series LJ71C24(-R2); Mitsubishi Electric MELSEC L series LJ71E71-100; Mitsubishi Electric MELSEC L series LJ72GF15-T2",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions"
},
{
"status": "affected",
"version": "Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions"
},
{
"status": "affected",
"version": "Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions"
},
{
"status": "affected",
"version": "Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU all versions"
},
{
"status": "affected",
"version": "Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU all versions"
},
{
"status": "affected",
"version": "Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU all versions"
},
{
"status": "affected",
"version": "Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU all versions"
},
{
"status": "affected",
"version": "Mitsubishi Electric MELSEC iQ-R series RJ71GN11-T2 all versions"
},
{
"status": "affected",
"version": "Mitsubishi Electric MELSEC iQ-R series RJ71GN11-EIP all versions"
},
{
"status": "affected",
"version": "Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4) all versions"
},
{
"status": "affected",
"version": "Mitsubishi Electric MELSEC iQ-R series RJ71EN71 all versions"
},
{
"status": "affected",
"version": "Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2 all versions"
},
{
"status": "affected",
"version": "Mitsubishi Electric MELSEC Q series Q03UDECPU all versions"
},
{
"status": "affected",
"version": "Mitsubishi Electric MELSEC Q series Q04/06/10/13/20/26/50/100UDEHCPU all versions"
},
{
"status": "affected",
"version": "Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU all versions"
},
{
"status": "affected",
"version": "Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU all versions"
},
{
"status": "affected",
"version": "Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4) all versions"
},
{
"status": "affected",
"version": "Mitsubishi Electric MELSEC Q series QJ71E71-100 all versions"
},
{
"status": "affected",
"version": "Mitsubishi Electric MELSEC Q series QJ72BR15 all versions"
},
{
"status": "affected",
"version": "Mitsubishi Electric MELSEC Q series QJ72LP25(-25/G/GE) all versions"
},
{
"status": "affected",
"version": "Mitsubishi Electric MELSEC L series L02/06/26CPU(-P) all versions"
},
{
"status": "affected",
"version": "Mitsubishi Electric MELSEC L series L26CPU-(P)BT all versions"
},
{
"status": "affected",
"version": "Mitsubishi Electric MELSEC L series LJ71C24(-R2) all versions"
},
{
"status": "affected",
"version": "Mitsubishi Electric MELSEC L series LJ71E71-100 all versions"
},
{
"status": "affected",
"version": "Mitsubishi Electric MELSEC L series LJ72GF15-T2 all versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use of Password Hash Instead of Password for Authentication vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions, Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU all versions, Mitsubishi Electric MELSEC iQ-R series RJ71GN11-T2 all versions, Mitsubishi Electric MELSEC iQ-R series RJ71GN11-EIP all versions, Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4) all versions, Mitsubishi Electric MELSEC iQ-R series RJ71EN71 all versions, Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2 all versions, Mitsubishi Electric MELSEC Q series Q03UDECPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/10/13/20/26/50/100UDEHCPU all versions, Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU all versions, Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4) all versions, Mitsubishi Electric MELSEC Q series QJ71E71-100 all versions, Mitsubishi Electric MELSEC Q series QJ72BR15 all versions, Mitsubishi Electric MELSEC Q series QJ72LP25(-25/G/GE) all versions, Mitsubishi Electric MELSEC L series L02/06/26CPU(-P) all versions, Mitsubishi Electric MELSEC L series L26CPU-(P)BT all versions, Mitsubishi Electric MELSEC L series LJ71C24(-R2) all versions, Mitsubishi Electric MELSEC L series LJ71E71-100 all versions and Mitsubishi Electric MELSEC L series LJ72GF15-T2 all versions allows a remote unauthenticated attacker to login to the product by replaying an eavesdropped password hash."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use of Password Hash Instead of Password for Authentication",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-02T16:29:04",
"orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
"shortName": "Mitsubishi"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-031_en.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/vu/JVNVU96577897/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-04"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"ID": "CVE-2022-25155",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU; Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU; Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU; Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU; Mitsubishi Electric MELSEC iQ-R series RJ71GN11-T2; Mitsubishi Electric MELSEC iQ-R series RJ71GN11-EIP; Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4); Mitsubishi Electric MELSEC iQ-R series RJ71EN71; Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2; Mitsubishi Electric MELSEC Q series Q03UDECPU; Mitsubishi Electric MELSEC Q series Q04/06/10/13/20/26/50/100UDEHCPU; Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU; Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU; Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4); Mitsubishi Electric MELSEC Q series QJ71E71-100; Mitsubishi Electric MELSEC Q series QJ72BR15; Mitsubishi Electric MELSEC Q series QJ72LP25(-25/G/GE); Mitsubishi Electric MELSEC L series L02/06/26CPU(-P); Mitsubishi Electric MELSEC L series L26CPU-(P)BT; Mitsubishi Electric MELSEC L series LJ71C24(-R2); Mitsubishi Electric MELSEC L series LJ71E71-100; Mitsubishi Electric MELSEC L series LJ72GF15-T2",
"version": {
"version_data": [
{
"version_value": "Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-R series RJ71GN11-T2 all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-R series RJ71GN11-EIP all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4) all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-R series RJ71EN71 all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2 all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC Q series Q03UDECPU all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC Q series Q04/06/10/13/20/26/50/100UDEHCPU all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4) all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC Q series QJ71E71-100 all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC Q series QJ72BR15 all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC Q series QJ72LP25(-25/G/GE) all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC L series L02/06/26CPU(-P) all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC L series L26CPU-(P)BT all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC L series LJ71C24(-R2) all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC L series LJ71E71-100 all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC L series LJ72GF15-T2 all versions"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use of Password Hash Instead of Password for Authentication vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions, Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU all versions, Mitsubishi Electric MELSEC iQ-R series RJ71GN11-T2 all versions, Mitsubishi Electric MELSEC iQ-R series RJ71GN11-EIP all versions, Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4) all versions, Mitsubishi Electric MELSEC iQ-R series RJ71EN71 all versions, Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2 all versions, Mitsubishi Electric MELSEC Q series Q03UDECPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/10/13/20/26/50/100UDEHCPU all versions, Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU all versions, Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4) all versions, Mitsubishi Electric MELSEC Q series QJ71E71-100 all versions, Mitsubishi Electric MELSEC Q series QJ72BR15 all versions, Mitsubishi Electric MELSEC Q series QJ72LP25(-25/G/GE) all versions, Mitsubishi Electric MELSEC L series L02/06/26CPU(-P) all versions, Mitsubishi Electric MELSEC L series L26CPU-(P)BT all versions, Mitsubishi Electric MELSEC L series LJ71C24(-R2) all versions, Mitsubishi Electric MELSEC L series LJ71E71-100 all versions and Mitsubishi Electric MELSEC L series LJ72GF15-T2 all versions allows a remote unauthenticated attacker to login to the product by replaying an eavesdropped password hash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use of Password Hash Instead of Password for Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-031_en.pdf",
"refsource": "MISC",
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-031_en.pdf"
},
{
"name": "https://jvn.jp/vu/JVNVU96577897/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/vu/JVNVU96577897/index.html"
},
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-04",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-04"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
"assignerShortName": "Mitsubishi",
"cveId": "CVE-2022-25155",
"datePublished": "2022-04-01T22:17:58",
"dateReserved": "2022-02-14T00:00:00",
"dateUpdated": "2024-08-03T04:29:01.619Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-25156
Vulnerability from cvelistv5
Published
2022-04-01 22:17
Modified
2024-08-03 04:29
Severity ?
EPSS score ?
Summary
Use of Weak Hash vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions, Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU all versions, Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4) all versions, Mitsubishi Electric MELSEC iQ-R series RJ71EN71 all versions, Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2 all versions, Mitsubishi Electric MELSEC Q series Q03UDECPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/10/13/20/26/50/100UDEHCPU all versions, Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU all versions, Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4) all versions, Mitsubishi Electric MELSEC Q series QJ71E71-100 all versions, Mitsubishi Electric MELSEC Q series QJ72BR15 all versions, Mitsubishi Electric MELSEC Q series QJ72LP25(-25/G/GE) all versions, Mitsubishi Electric MELSEC L series L02/06/26CPU(-P) all versions, Mitsubishi Electric MELSEC L series L26CPU-(P)BT all versions, Mitsubishi Electric MELSEC L series LJ71C24(-R2) all versions, Mitsubishi Electric MELSEC L series LJ71E71-100 all versions and Mitsubishi Electric MELSEC L series LJ72GF15-T2 all versions allows a remote unauthenticated attacker to login to the product by using a password reversed from a previously eavesdropped password hash.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-031_en.pdf | x_refsource_MISC | |
| https://jvn.jp/vu/JVNVU96577897/index.html | x_refsource_MISC | |
| https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-04 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU; Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU; Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU; Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU; Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4); Mitsubishi Electric MELSEC iQ-R series RJ71EN71; Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2; Mitsubishi Electric MELSEC Q series Q03UDECPU; Mitsubishi Electric MELSEC Q series Q04/06/10/13/20/26/50/100UDEHCPU; Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU; Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU; Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4); Mitsubishi Electric MELSEC Q series QJ71E71-100; Mitsubishi Electric MELSEC Q series QJ72BR15; Mitsubishi Electric MELSEC Q series QJ72LP25(-25/G/GE); Mitsubishi Electric MELSEC L series L02/06/26CPU(-P); Mitsubishi Electric MELSEC L series L26CPU-(P)BT; Mitsubishi Electric MELSEC L series LJ71C24(-R2); Mitsubishi Electric MELSEC L series LJ71E71-100; Mitsubishi Electric MELSEC L series LJ72GF15-T2 |
Version: Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions Version: Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions Version: Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions Version: Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU all versions Version: Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU all versions Version: Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU all versions Version: Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU all versions Version: Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4) all versions Version: Mitsubishi Electric MELSEC iQ-R series RJ71EN71 all versions Version: Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2 all versions Version: Mitsubishi Electric MELSEC Q series Q03UDECPU all versions Version: Mitsubishi Electric MELSEC Q series Q04/06/10/13/20/26/50/100UDEHCPU all versions Version: Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU all versions Version: Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU all versions Version: Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4) all versions Version: Mitsubishi Electric MELSEC Q series QJ71E71-100 all versions Version: Mitsubishi Electric MELSEC Q series QJ72BR15 all versions Version: Mitsubishi Electric MELSEC Q series QJ72LP25(-25/G/GE) all versions Version: Mitsubishi Electric MELSEC L series L02/06/26CPU(-P) all versions Version: Mitsubishi Electric MELSEC L series L26CPU-(P)BT all versions Version: Mitsubishi Electric MELSEC L series LJ71C24(-R2) all versions Version: Mitsubishi Electric MELSEC L series LJ71E71-100 all versions Version: Mitsubishi Electric MELSEC L series LJ72GF15-T2 all versions |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:29:01.873Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-031_en.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/vu/JVNVU96577897/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-04"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU; Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU; Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU; Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU; Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4); Mitsubishi Electric MELSEC iQ-R series RJ71EN71; Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2; Mitsubishi Electric MELSEC Q series Q03UDECPU; Mitsubishi Electric MELSEC Q series Q04/06/10/13/20/26/50/100UDEHCPU; Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU; Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU; Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4); Mitsubishi Electric MELSEC Q series QJ71E71-100; Mitsubishi Electric MELSEC Q series QJ72BR15; Mitsubishi Electric MELSEC Q series QJ72LP25(-25/G/GE); Mitsubishi Electric MELSEC L series L02/06/26CPU(-P); Mitsubishi Electric MELSEC L series L26CPU-(P)BT; Mitsubishi Electric MELSEC L series LJ71C24(-R2); Mitsubishi Electric MELSEC L series LJ71E71-100; Mitsubishi Electric MELSEC L series LJ72GF15-T2",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions"
},
{
"status": "affected",
"version": "Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions"
},
{
"status": "affected",
"version": "Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions"
},
{
"status": "affected",
"version": "Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU all versions"
},
{
"status": "affected",
"version": "Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU all versions"
},
{
"status": "affected",
"version": "Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU all versions"
},
{
"status": "affected",
"version": "Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU all versions"
},
{
"status": "affected",
"version": "Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4) all versions"
},
{
"status": "affected",
"version": "Mitsubishi Electric MELSEC iQ-R series RJ71EN71 all versions"
},
{
"status": "affected",
"version": "Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2 all versions"
},
{
"status": "affected",
"version": "Mitsubishi Electric MELSEC Q series Q03UDECPU all versions"
},
{
"status": "affected",
"version": "Mitsubishi Electric MELSEC Q series Q04/06/10/13/20/26/50/100UDEHCPU all versions"
},
{
"status": "affected",
"version": "Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU all versions"
},
{
"status": "affected",
"version": "Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU all versions"
},
{
"status": "affected",
"version": "Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4) all versions"
},
{
"status": "affected",
"version": "Mitsubishi Electric MELSEC Q series QJ71E71-100 all versions"
},
{
"status": "affected",
"version": "Mitsubishi Electric MELSEC Q series QJ72BR15 all versions"
},
{
"status": "affected",
"version": "Mitsubishi Electric MELSEC Q series QJ72LP25(-25/G/GE) all versions"
},
{
"status": "affected",
"version": "Mitsubishi Electric MELSEC L series L02/06/26CPU(-P) all versions"
},
{
"status": "affected",
"version": "Mitsubishi Electric MELSEC L series L26CPU-(P)BT all versions"
},
{
"status": "affected",
"version": "Mitsubishi Electric MELSEC L series LJ71C24(-R2) all versions"
},
{
"status": "affected",
"version": "Mitsubishi Electric MELSEC L series LJ71E71-100 all versions"
},
{
"status": "affected",
"version": "Mitsubishi Electric MELSEC L series LJ72GF15-T2 all versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use of Weak Hash vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions, Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU all versions, Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4) all versions, Mitsubishi Electric MELSEC iQ-R series RJ71EN71 all versions, Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2 all versions, Mitsubishi Electric MELSEC Q series Q03UDECPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/10/13/20/26/50/100UDEHCPU all versions, Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU all versions, Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4) all versions, Mitsubishi Electric MELSEC Q series QJ71E71-100 all versions, Mitsubishi Electric MELSEC Q series QJ72BR15 all versions, Mitsubishi Electric MELSEC Q series QJ72LP25(-25/G/GE) all versions, Mitsubishi Electric MELSEC L series L02/06/26CPU(-P) all versions, Mitsubishi Electric MELSEC L series L26CPU-(P)BT all versions, Mitsubishi Electric MELSEC L series LJ71C24(-R2) all versions, Mitsubishi Electric MELSEC L series LJ71E71-100 all versions and Mitsubishi Electric MELSEC L series LJ72GF15-T2 all versions allows a remote unauthenticated attacker to login to the product by using a password reversed from a previously eavesdropped password hash."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use of Weak Hash",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-02T16:32:14",
"orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
"shortName": "Mitsubishi"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-031_en.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/vu/JVNVU96577897/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-04"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"ID": "CVE-2022-25156",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU; Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU; Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU; Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU; Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4); Mitsubishi Electric MELSEC iQ-R series RJ71EN71; Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2; Mitsubishi Electric MELSEC Q series Q03UDECPU; Mitsubishi Electric MELSEC Q series Q04/06/10/13/20/26/50/100UDEHCPU; Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU; Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU; Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4); Mitsubishi Electric MELSEC Q series QJ71E71-100; Mitsubishi Electric MELSEC Q series QJ72BR15; Mitsubishi Electric MELSEC Q series QJ72LP25(-25/G/GE); Mitsubishi Electric MELSEC L series L02/06/26CPU(-P); Mitsubishi Electric MELSEC L series L26CPU-(P)BT; Mitsubishi Electric MELSEC L series LJ71C24(-R2); Mitsubishi Electric MELSEC L series LJ71E71-100; Mitsubishi Electric MELSEC L series LJ72GF15-T2",
"version": {
"version_data": [
{
"version_value": "Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4) all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-R series RJ71EN71 all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2 all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC Q series Q03UDECPU all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC Q series Q04/06/10/13/20/26/50/100UDEHCPU all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4) all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC Q series QJ71E71-100 all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC Q series QJ72BR15 all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC Q series QJ72LP25(-25/G/GE) all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC L series L02/06/26CPU(-P) all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC L series L26CPU-(P)BT all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC L series LJ71C24(-R2) all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC L series LJ71E71-100 all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC L series LJ72GF15-T2 all versions"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use of Weak Hash vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions, Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU all versions, Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4) all versions, Mitsubishi Electric MELSEC iQ-R series RJ71EN71 all versions, Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2 all versions, Mitsubishi Electric MELSEC Q series Q03UDECPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/10/13/20/26/50/100UDEHCPU all versions, Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU all versions, Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4) all versions, Mitsubishi Electric MELSEC Q series QJ71E71-100 all versions, Mitsubishi Electric MELSEC Q series QJ72BR15 all versions, Mitsubishi Electric MELSEC Q series QJ72LP25(-25/G/GE) all versions, Mitsubishi Electric MELSEC L series L02/06/26CPU(-P) all versions, Mitsubishi Electric MELSEC L series L26CPU-(P)BT all versions, Mitsubishi Electric MELSEC L series LJ71C24(-R2) all versions, Mitsubishi Electric MELSEC L series LJ71E71-100 all versions and Mitsubishi Electric MELSEC L series LJ72GF15-T2 all versions allows a remote unauthenticated attacker to login to the product by using a password reversed from a previously eavesdropped password hash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use of Weak Hash"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-031_en.pdf",
"refsource": "MISC",
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-031_en.pdf"
},
{
"name": "https://jvn.jp/vu/JVNVU96577897/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/vu/JVNVU96577897/index.html"
},
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-04",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-04"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
"assignerShortName": "Mitsubishi",
"cveId": "CVE-2022-25156",
"datePublished": "2022-04-01T22:17:58",
"dateReserved": "2022-02-14T00:00:00",
"dateUpdated": "2024-08-03T04:29:01.873Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-25158
Vulnerability from cvelistv5
Published
2022-04-01 22:18
Modified
2024-08-03 04:29
Severity ?
EPSS score ?
Summary
Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions, Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU all versions, Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4) all versions, Mitsubishi Electric MELSEC iQ-R series RJ71EN71 all versions, Mitsubishi Electric MELSEC iQ-R series RJ71GF11-T2 all versions, Mitsubishi Electric MELSEC iQ-R series RJ71GP21(S)-SX all versions, Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2 all versions, Mitsubishi Electric MELSEC Q series Q03UDECPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/10/13/20/26/50/100UDEHCPU all versions, Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU all versions, Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4) all versions, Mitsubishi Electric MELSEC Q series QJ71E71-100 all versions, Mitsubishi Electric MELSEC L series L02/06/26CPU(-P) all versions, Mitsubishi Electric MELSEC L series L26CPU-(P)BT all versions, Mitsubishi Electric MELSEC L series LJ71C24(-R2) all versions, Mitsubishi Electric MELSEC L series LJ71E71-100 all versions and Mitsubishi Electric MELSEC L series LJ72GF15-T2 all versions allows a remote attacker to disclose or tamper with a file in which password hash is saved in cleartext.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-031_en.pdf | x_refsource_MISC | |
| https://jvn.jp/vu/JVNVU96577897/index.html | x_refsource_MISC | |
| https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-04 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU; Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU; Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU; Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU; itsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4); Mitsubishi Electric MELSEC iQ-R series RJ71EN71; Mitsubishi Electric MELSEC iQ-R series RJ71GF11-T2; Mitsubishi Electric MELSEC iQ-R series RJ71GP21(S)-SX; Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2; Mitsubishi Electric MELSEC Q series Q03UDECPU; Mitsubishi Electric MELSEC Q series Q04/06/10/13/20/26/50/100UDEHCPU; Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU; Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU; Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4); Mitsubishi Electric MELSEC Q series QJ71E71-100; Mitsubishi Electric MELSEC L series L02/06/26CPU(-P); Mitsubishi Electric MELSEC L series L26CPU-(P)BT; Mitsubishi Electric MELSEC L series LJ71C24(-R2); Mitsubishi Electric MELSEC L series LJ71E71-100; Mitsubishi Electric MELSEC L series LJ72GF15-T2 |
Version: Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions Version: Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions Version: Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions Version: Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU all versions Version: Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU all versions Version: Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU all versions Version: Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU all versions Version: Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4) all versions Version: Mitsubishi Electric MELSEC iQ-R series RJ71EN71 all versions Version: Mitsubishi Electric MELSEC iQ-R series RJ71GF11-T2 all versions Version: Mitsubishi Electric MELSEC iQ-R series RJ71GP21(S)-SX all versions Version: Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2 all versions Version: Mitsubishi Electric MELSEC Q series Q03UDECPU all versions Version: Mitsubishi Electric MELSEC Q series Q04/06/10/13/20/26/50/100UDEHCPU all versions Version: Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU all versions Version: Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU all versions Version: Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4) all versions Version: Mitsubishi Electric MELSEC Q series QJ71E71-100 all versions Version: Mitsubishi Electric MELSEC L series L02/06/26CPU(-P) all versions Version: Mitsubishi Electric MELSEC L series L26CPU-(P)BT all versions Version: Mitsubishi Electric MELSEC L series LJ71C24(-R2) all versions Version: Mitsubishi Electric MELSEC L series LJ71E71-100 all versions Version: Mitsubishi Electric MELSEC L series LJ72GF15-T2 all versions |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:29:01.545Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-031_en.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/vu/JVNVU96577897/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-04"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU; Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU; Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU; Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU; itsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4); Mitsubishi Electric MELSEC iQ-R series RJ71EN71; Mitsubishi Electric MELSEC iQ-R series RJ71GF11-T2; Mitsubishi Electric MELSEC iQ-R series RJ71GP21(S)-SX; Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2; Mitsubishi Electric MELSEC Q series Q03UDECPU; Mitsubishi Electric MELSEC Q series Q04/06/10/13/20/26/50/100UDEHCPU; Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU; Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU; Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4); Mitsubishi Electric MELSEC Q series QJ71E71-100; Mitsubishi Electric MELSEC L series L02/06/26CPU(-P); Mitsubishi Electric MELSEC L series L26CPU-(P)BT; Mitsubishi Electric MELSEC L series LJ71C24(-R2); Mitsubishi Electric MELSEC L series LJ71E71-100; Mitsubishi Electric MELSEC L series LJ72GF15-T2",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions"
},
{
"status": "affected",
"version": "Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions"
},
{
"status": "affected",
"version": "Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions"
},
{
"status": "affected",
"version": "Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU all versions"
},
{
"status": "affected",
"version": "Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU all versions"
},
{
"status": "affected",
"version": "Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU all versions"
},
{
"status": "affected",
"version": "Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU all versions"
},
{
"status": "affected",
"version": "Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4) all versions"
},
{
"status": "affected",
"version": "Mitsubishi Electric MELSEC iQ-R series RJ71EN71 all versions"
},
{
"status": "affected",
"version": "Mitsubishi Electric MELSEC iQ-R series RJ71GF11-T2 all versions"
},
{
"status": "affected",
"version": "Mitsubishi Electric MELSEC iQ-R series RJ71GP21(S)-SX all versions"
},
{
"status": "affected",
"version": "Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2 all versions"
},
{
"status": "affected",
"version": "Mitsubishi Electric MELSEC Q series Q03UDECPU all versions"
},
{
"status": "affected",
"version": "Mitsubishi Electric MELSEC Q series Q04/06/10/13/20/26/50/100UDEHCPU all versions"
},
{
"status": "affected",
"version": "Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU all versions"
},
{
"status": "affected",
"version": "Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU all versions"
},
{
"status": "affected",
"version": "Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4) all versions"
},
{
"status": "affected",
"version": "Mitsubishi Electric MELSEC Q series QJ71E71-100 all versions"
},
{
"status": "affected",
"version": "Mitsubishi Electric MELSEC L series L02/06/26CPU(-P) all versions"
},
{
"status": "affected",
"version": "Mitsubishi Electric MELSEC L series L26CPU-(P)BT all versions"
},
{
"status": "affected",
"version": "Mitsubishi Electric MELSEC L series LJ71C24(-R2) all versions"
},
{
"status": "affected",
"version": "Mitsubishi Electric MELSEC L series LJ71E71-100 all versions"
},
{
"status": "affected",
"version": "Mitsubishi Electric MELSEC L series LJ72GF15-T2 all versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions, Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU all versions, Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4) all versions, Mitsubishi Electric MELSEC iQ-R series RJ71EN71 all versions, Mitsubishi Electric MELSEC iQ-R series RJ71GF11-T2 all versions, Mitsubishi Electric MELSEC iQ-R series RJ71GP21(S)-SX all versions, Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2 all versions, Mitsubishi Electric MELSEC Q series Q03UDECPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/10/13/20/26/50/100UDEHCPU all versions, Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU all versions, Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4) all versions, Mitsubishi Electric MELSEC Q series QJ71E71-100 all versions, Mitsubishi Electric MELSEC L series L02/06/26CPU(-P) all versions, Mitsubishi Electric MELSEC L series L26CPU-(P)BT all versions, Mitsubishi Electric MELSEC L series LJ71C24(-R2) all versions, Mitsubishi Electric MELSEC L series LJ71E71-100 all versions and Mitsubishi Electric MELSEC L series LJ72GF15-T2 all versions allows a remote attacker to disclose or tamper with a file in which password hash is saved in cleartext."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cleartext Storage of Sensitive Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-02T16:35:52",
"orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
"shortName": "Mitsubishi"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-031_en.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/vu/JVNVU96577897/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-04"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"ID": "CVE-2022-25158",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU; Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU; Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU; Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU; itsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4); Mitsubishi Electric MELSEC iQ-R series RJ71EN71; Mitsubishi Electric MELSEC iQ-R series RJ71GF11-T2; Mitsubishi Electric MELSEC iQ-R series RJ71GP21(S)-SX; Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2; Mitsubishi Electric MELSEC Q series Q03UDECPU; Mitsubishi Electric MELSEC Q series Q04/06/10/13/20/26/50/100UDEHCPU; Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU; Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU; Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4); Mitsubishi Electric MELSEC Q series QJ71E71-100; Mitsubishi Electric MELSEC L series L02/06/26CPU(-P); Mitsubishi Electric MELSEC L series L26CPU-(P)BT; Mitsubishi Electric MELSEC L series LJ71C24(-R2); Mitsubishi Electric MELSEC L series LJ71E71-100; Mitsubishi Electric MELSEC L series LJ72GF15-T2",
"version": {
"version_data": [
{
"version_value": "Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4) all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-R series RJ71EN71 all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-R series RJ71GF11-T2 all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-R series RJ71GP21(S)-SX all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2 all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC Q series Q03UDECPU all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC Q series Q04/06/10/13/20/26/50/100UDEHCPU all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4) all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC Q series QJ71E71-100 all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC L series L02/06/26CPU(-P) all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC L series L26CPU-(P)BT all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC L series LJ71C24(-R2) all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC L series LJ71E71-100 all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC L series LJ72GF15-T2 all versions"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions, Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU all versions, Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4) all versions, Mitsubishi Electric MELSEC iQ-R series RJ71EN71 all versions, Mitsubishi Electric MELSEC iQ-R series RJ71GF11-T2 all versions, Mitsubishi Electric MELSEC iQ-R series RJ71GP21(S)-SX all versions, Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2 all versions, Mitsubishi Electric MELSEC Q series Q03UDECPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/10/13/20/26/50/100UDEHCPU all versions, Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU all versions, Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4) all versions, Mitsubishi Electric MELSEC Q series QJ71E71-100 all versions, Mitsubishi Electric MELSEC L series L02/06/26CPU(-P) all versions, Mitsubishi Electric MELSEC L series L26CPU-(P)BT all versions, Mitsubishi Electric MELSEC L series LJ71C24(-R2) all versions, Mitsubishi Electric MELSEC L series LJ71E71-100 all versions and Mitsubishi Electric MELSEC L series LJ72GF15-T2 all versions allows a remote attacker to disclose or tamper with a file in which password hash is saved in cleartext."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cleartext Storage of Sensitive Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-031_en.pdf",
"refsource": "MISC",
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-031_en.pdf"
},
{
"name": "https://jvn.jp/vu/JVNVU96577897/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/vu/JVNVU96577897/index.html"
},
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-04",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-04"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
"assignerShortName": "Mitsubishi",
"cveId": "CVE-2022-25158",
"datePublished": "2022-04-01T22:18:01",
"dateReserved": "2022-02-14T00:00:00",
"dateUpdated": "2024-08-03T04:29:01.545Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-25159
Vulnerability from cvelistv5
Published
2022-04-01 22:18
Modified
2024-08-03 04:29
Severity ?
EPSS score ?
Summary
Authentication Bypass by Capture-replay vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions, Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU all versions, Mitsubishi Electric MELSEC iQ-R series R16/32/64MTCPU all versions, Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4) all versions, Mitsubishi Electric MELSEC iQ-R series RJ71EN71 all versions, Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2 all versions, Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU all versions, Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4) all versions and Mitsubishi Electric MELSEC Q series QJ71E71-100 all versions allows a remote unauthenticated attacker to login to the product by replay attack.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-031_en.pdf | x_refsource_MISC | |
| https://jvn.jp/vu/JVNVU96577897/index.html | x_refsource_MISC | |
| https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-04 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU; Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU; Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU; Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU; Mitsubishi Electric MELSEC iQ-R series R16/32/64MTCPU; Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4); Mitsubishi Electric MELSEC iQ-R series RJ71EN71; Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2; Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU; Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU; Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4); Mitsubishi Electric MELSEC Q series QJ71E71-100 |
Version: Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions Version: Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions Version: Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions Version: Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU all versions Version: Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU all versions Version: Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU all versions Version: Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU all versions Version: Mitsubishi Electric MELSEC iQ-R series R16/32/64MTCPU all versions Version: Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4) all versions Version: Mitsubishi Electric MELSEC iQ-R series RJ71EN71 all versions Version: Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2 all versions Version: Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU all versions Version: Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU all versions Version: Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4) all versions Version: Mitsubishi Electric MELSEC Q series QJ71E71-100 all versions |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:29:01.704Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-031_en.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/vu/JVNVU96577897/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-04"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU; Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU; Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU; Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU; Mitsubishi Electric MELSEC iQ-R series R16/32/64MTCPU; Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4); Mitsubishi Electric MELSEC iQ-R series RJ71EN71; Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2; Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU; Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU; Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4); Mitsubishi Electric MELSEC Q series QJ71E71-100",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions"
},
{
"status": "affected",
"version": "Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions"
},
{
"status": "affected",
"version": "Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions"
},
{
"status": "affected",
"version": "Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU all versions"
},
{
"status": "affected",
"version": "Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU all versions"
},
{
"status": "affected",
"version": "Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU all versions"
},
{
"status": "affected",
"version": "Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU all versions"
},
{
"status": "affected",
"version": "Mitsubishi Electric MELSEC iQ-R series R16/32/64MTCPU all versions"
},
{
"status": "affected",
"version": "Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4) all versions"
},
{
"status": "affected",
"version": "Mitsubishi Electric MELSEC iQ-R series RJ71EN71 all versions"
},
{
"status": "affected",
"version": "Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2 all versions"
},
{
"status": "affected",
"version": "Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU all versions"
},
{
"status": "affected",
"version": "Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU all versions"
},
{
"status": "affected",
"version": "Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4) all versions"
},
{
"status": "affected",
"version": "Mitsubishi Electric MELSEC Q series QJ71E71-100 all versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Authentication Bypass by Capture-replay vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions, Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU all versions, Mitsubishi Electric MELSEC iQ-R series R16/32/64MTCPU all versions, Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4) all versions, Mitsubishi Electric MELSEC iQ-R series RJ71EN71 all versions, Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2 all versions, Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU all versions, Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4) all versions and Mitsubishi Electric MELSEC Q series QJ71E71-100 all versions allows a remote unauthenticated attacker to login to the product by replay attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authentication Bypass by Capture-replay",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-02T16:41:25",
"orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
"shortName": "Mitsubishi"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-031_en.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/vu/JVNVU96577897/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-04"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"ID": "CVE-2022-25159",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU; Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU; Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU; Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU; Mitsubishi Electric MELSEC iQ-R series R16/32/64MTCPU; Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4); Mitsubishi Electric MELSEC iQ-R series RJ71EN71; Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2; Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU; Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU; Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4); Mitsubishi Electric MELSEC Q series QJ71E71-100",
"version": {
"version_data": [
{
"version_value": "Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-R series R16/32/64MTCPU all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4) all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-R series RJ71EN71 all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2 all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4) all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC Q series QJ71E71-100 all versions"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Authentication Bypass by Capture-replay vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions, Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU all versions, Mitsubishi Electric MELSEC iQ-R series R16/32/64MTCPU all versions, Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4) all versions, Mitsubishi Electric MELSEC iQ-R series RJ71EN71 all versions, Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2 all versions, Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU all versions, Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4) all versions and Mitsubishi Electric MELSEC Q series QJ71E71-100 all versions allows a remote unauthenticated attacker to login to the product by replay attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authentication Bypass by Capture-replay"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-031_en.pdf",
"refsource": "MISC",
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-031_en.pdf"
},
{
"name": "https://jvn.jp/vu/JVNVU96577897/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/vu/JVNVU96577897/index.html"
},
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-04",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-04"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
"assignerShortName": "Mitsubishi",
"cveId": "CVE-2022-25159",
"datePublished": "2022-04-01T22:18:00",
"dateReserved": "2022-02-14T00:00:00",
"dateUpdated": "2024-08-03T04:29:01.704Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-5527
Vulnerability from cvelistv5
Published
2020-03-30 07:10
Modified
2024-08-04 08:30
Severity ?
EPSS score ?
Summary
When MELSOFT transmission port (UDP/IP) of Mitsubishi Electric MELSEC iQ-R series (all versions), MELSEC iQ-F series (all versions), MELSEC Q series (all versions), MELSEC L series (all versions), and MELSEC F series (all versions) receives massive amount of data via unspecified vectors, resource consumption occurs and the port does not process the data properly. As a result, it may fall into a denial-of-service (DoS) condition. The vendor states this vulnerability only affects Ethernet communication functions.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2019-005_en.pdf | x_refsource_MISC | |
| https://jvn.jp/en/vu/JVNVU91553662/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Mitsubishi Electric Corporation | MELSOFT transmission port (UDP/IP) of multiple Mitsubishi Electric MELSEC series |
Version: MELSEC iQ-R series (all versions), MELSEC iQ-F series (all versions), MELSEC Q series (all versions), MELSEC L series (all versions), and MELSEC F series (all versions) |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:30:24.568Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2019-005_en.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU91553662/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "MELSOFT transmission port (UDP/IP) of multiple Mitsubishi Electric MELSEC series",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "MELSEC iQ-R series (all versions), MELSEC iQ-F series (all versions), MELSEC Q series (all versions), MELSEC L series (all versions), and MELSEC F series (all versions)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "When MELSOFT transmission port (UDP/IP) of Mitsubishi Electric MELSEC iQ-R series (all versions), MELSEC iQ-F series (all versions), MELSEC Q series (all versions), MELSEC L series (all versions), and MELSEC F series (all versions) receives massive amount of data via unspecified vectors, resource consumption occurs and the port does not process the data properly. As a result, it may fall into a denial-of-service (DoS) condition. The vendor states this vulnerability only affects Ethernet communication functions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial-of-service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-30T07:10:14",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2019-005_en.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/vu/JVNVU91553662/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5527",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MELSOFT transmission port (UDP/IP) of multiple Mitsubishi Electric MELSEC series",
"version": {
"version_data": [
{
"version_value": "MELSEC iQ-R series (all versions), MELSEC iQ-F series (all versions), MELSEC Q series (all versions), MELSEC L series (all versions), and MELSEC F series (all versions)"
}
]
}
}
]
},
"vendor_name": "Mitsubishi Electric Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When MELSOFT transmission port (UDP/IP) of Mitsubishi Electric MELSEC iQ-R series (all versions), MELSEC iQ-F series (all versions), MELSEC Q series (all versions), MELSEC L series (all versions), and MELSEC F series (all versions) receives massive amount of data via unspecified vectors, resource consumption occurs and the port does not process the data properly. As a result, it may fall into a denial-of-service (DoS) condition. The vendor states this vulnerability only affects Ethernet communication functions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial-of-service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2019-005_en.pdf",
"refsource": "MISC",
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2019-005_en.pdf"
},
{
"name": "https://jvn.jp/en/vu/JVNVU91553662/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/vu/JVNVU91553662/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5527",
"datePublished": "2020-03-30T07:10:14",
"dateReserved": "2020-01-06T00:00:00",
"dateUpdated": "2024-08-04T08:30:24.568Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
var-202003-1411
Vulnerability from variot
When MELSOFT transmission port (UDP/IP) of Mitsubishi Electric MELSEC iQ-R series (all versions), MELSEC iQ-F series (all versions), MELSEC Q series (all versions), MELSEC L series (all versions), and MELSEC F series (all versions) receives massive amount of data via unspecified vectors, resource consumption occurs and the port does not process the data properly. As a result, it may fall into a denial-of-service (DoS) condition. The vendor states this vulnerability only affects Ethernet communication functions. Provided by Mitsubishi Electric Corporation MELSEC iQ-R , iQ-F , Q , L , F Of the series MELSOFT Communication port (UDP/IP) Is a resource exhaustion vulnerability (CWE-400) Exists. MELSOFT If a large amount of data is sent to the communication port, the resources will be exhausted and processing will not be performed on that port, which will interfere with service operation. (DoS) It may be in a state. This vulnerability information is provided by the developer for the purpose of disseminating it to product users. JPCERT/CC Report to JPCERT/CC Coordinated with the developer.MELSOFT If the communication port goes into an unprocessable state, a normal client MELSOFT You will not be able to connect to the communication port. Also, it becomes difficult to connect devices that are communicating on other communication ports. Misubishi Electric MELSEC iQ-R series, etc. are all programmable logic controllers of Japan Mitsubishi Electric (Misubishi Electric) company.
Many Mitsubishi Electric products have resource management error vulnerabilities
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202003-1411",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fx3s",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "q25phcpu",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "l02scpu",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "fx5uj",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "fx3gc",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "r16cpu",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "r08cpu",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "l26cpu",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "l02scpu-p",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "fx3g",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "q12prhcpu",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "q25prhcpu",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "r08encpu",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "q24dhccpu-vg2",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "r32cpu",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "l26cpu-p",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "q02phcpu",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "q26dhccpu-ls",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "q173nccpu",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "cr800-q",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "q12phcpu",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "q12dccpu-v",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "r16encpu",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "q24dhccpu-ls",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "fx5u",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "l02cpu-p",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "fx5uc",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "l26cpu-bt",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "r02cpu",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "r04cpu",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "r32encpu",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "r120encpu",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "q06phcpu",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "fx3u",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "l02cpu",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "l06cpu",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "l26cpu-pbt",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "q172dscpu",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "q173dscpu",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "r120cpu",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "r00cpu",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "q24dhccpu-v",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "r01cpu",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "r04encpu",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "l06cpu-p",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "fx3uc",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "melsec f series",
"scope": null,
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": null
},
{
"model": "melsec iq-f series",
"scope": null,
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": null
},
{
"model": "melsec iq-r series",
"scope": null,
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": null
},
{
"model": "melsec l series",
"scope": null,
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": null
},
{
"model": "melsec q series",
"scope": null,
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": null
},
{
"model": "electric melsec iq-r series",
"scope": null,
"trust": 0.6,
"vendor": "misubishi",
"version": null
},
{
"model": "electric melsec iq-f series",
"scope": null,
"trust": 0.6,
"vendor": "misubishi",
"version": null
},
{
"model": "electric melsec q series",
"scope": null,
"trust": 0.6,
"vendor": "misubishi",
"version": null
},
{
"model": "electric melsec l series",
"scope": null,
"trust": 0.6,
"vendor": "misubishi",
"version": null
},
{
"model": "electric melsec f series",
"scope": null,
"trust": 0.6,
"vendor": "misubishi",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-29576"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002958"
},
{
"db": "NVD",
"id": "CVE-2020-5527"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:cr800-q_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:cr800-q:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:fx3g_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:fx3g:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:fx3gc_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:fx3gc:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:fx3s_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:fx3s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:fx3u_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:fx3u:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:fx3uc_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:fx3uc:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:fx5u_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:fx5u:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:fx5uc_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:fx5uc:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:fx5uj_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:fx5uj:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:l02cpu_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:l02cpu:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:l02cpu-p_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:l02cpu-p:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:l02scpu_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:l02scpu:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:l02scpu-p_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:l02scpu-p:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:l06cpu_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:l06cpu:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:l06cpu-p_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:l06cpu-p:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:l26cpu_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:l26cpu:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:l26cpu-bt_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:l26cpu-bt:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:l26cpu-p_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:l26cpu-p:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:l26cpu-pbt_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:l26cpu-pbt:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:q02phcpu_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:q02phcpu:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:q06phcpu_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:q06phcpu:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:q12dccpu-v_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:q12dccpu-v:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:q12phcpu_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:q12phcpu:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:q12prhcpu_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:q12prhcpu:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:q172dscpu_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:q172dscpu:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:q173dscpu_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:q173dscpu:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:q173nccpu_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:q173nccpu:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:q24dhccpu-ls_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:q24dhccpu-ls:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:q24dhccpu-v_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:q24dhccpu-v:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:q24dhccpu-vg2_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:q24dhccpu-vg2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:q25phcpu_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:q25phcpu:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:q25prhcpu_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:q25prhcpu:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:q26dhccpu-ls_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:q26dhccpu-ls:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:r00cpu_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:r00cpu:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:r01cpu_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:r01cpu:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:r02cpu_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:r02cpu:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:r04cpu_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:r04cpu:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:r04encpu_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:r04encpu:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:r08cpu_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:r08cpu:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:r08encpu_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:r08encpu:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:r120cpu_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:r120cpu:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:r120encpu_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:r120encpu:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:r16cpu_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:r16cpu:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:r16encpu_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:r16encpu:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:r32cpu_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:r32cpu:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:r32encpu_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:r32encpu:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-5527"
}
]
},
"cve": "CVE-2020-5527",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-002958",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-29576",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "Low",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-002958",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-5527",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2020-002958",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2020-29576",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-1699",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-29576"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002958"
},
{
"db": "NVD",
"id": "CVE-2020-5527"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1699"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "When MELSOFT transmission port (UDP/IP) of Mitsubishi Electric MELSEC iQ-R series (all versions), MELSEC iQ-F series (all versions), MELSEC Q series (all versions), MELSEC L series (all versions), and MELSEC F series (all versions) receives massive amount of data via unspecified vectors, resource consumption occurs and the port does not process the data properly. As a result, it may fall into a denial-of-service (DoS) condition. The vendor states this vulnerability only affects Ethernet communication functions. Provided by Mitsubishi Electric Corporation MELSEC iQ-R \uff0c iQ-F \uff0c Q \uff0c L \uff0c F Of the series MELSOFT Communication port (UDP/IP) Is a resource exhaustion vulnerability (CWE-400) Exists. MELSOFT If a large amount of data is sent to the communication port, the resources will be exhausted and processing will not be performed on that port, which will interfere with service operation. (DoS) It may be in a state. This vulnerability information is provided by the developer for the purpose of disseminating it to product users. JPCERT/CC Report to JPCERT/CC Coordinated with the developer.MELSOFT If the communication port goes into an unprocessable state, a normal client MELSOFT You will not be able to connect to the communication port. Also, it becomes difficult to connect devices that are communicating on other communication ports. Misubishi Electric MELSEC iQ-R series, etc. are all programmable logic controllers of Japan Mitsubishi Electric (Misubishi Electric) company. \n\r\n\r\nMany Mitsubishi Electric products have resource management error vulnerabilities",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-5527"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002958"
},
{
"db": "CNVD",
"id": "CNVD-2020-29576"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-5527",
"trust": 3.0
},
{
"db": "JVN",
"id": "JVNVU91553662",
"trust": 2.4
},
{
"db": "ICS CERT",
"id": "ICSA-20-091-02",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002958",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-29576",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1157",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1699",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-29576"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002958"
},
{
"db": "NVD",
"id": "CVE-2020-5527"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1699"
}
]
},
"id": "VAR-202003-1411",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-29576"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-29576"
}
]
},
"last_update_date": "2023-12-18T11:53:22.393000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MELSOFT\u4ea4\u4fe1\u30dd\u30fc\u30c8\uff08UDP/IP\uff09\u306b\u304a\u3051\u308b\u30ea\u30e2\u30fc\u30c8\u30a2\u30af\u30bb\u30b9\u306e\u8106\u5f31\u6027",
"trust": 0.8,
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2019-005.pdf"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-002958"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-400",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-5527"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://jvn.jp/en/vu/jvnvu91553662/index.html"
},
{
"trust": 1.6,
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2019-005_en.pdf"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5527"
},
{
"trust": 0.8,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-091-02"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu91553662/"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-5527"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1157/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-002958"
},
{
"db": "NVD",
"id": "CVE-2020-5527"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1699"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-29576"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002958"
},
{
"db": "NVD",
"id": "CVE-2020-5527"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1699"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-05-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-29576"
},
{
"date": "2020-03-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-002958"
},
{
"date": "2020-03-30T08:15:17.640000",
"db": "NVD",
"id": "CVE-2020-5527"
},
{
"date": "2020-03-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-1699"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-05-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-29576"
},
{
"date": "2020-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-002958"
},
{
"date": "2020-04-07T13:49:38.617000",
"db": "NVD",
"id": "CVE-2020-5527"
},
{
"date": "2020-04-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-1699"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-1699"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Made by Mitsubishi Electric MELSEC Of the series MELSOFT Resource exhaustion vulnerability in communication ports",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-002958"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-1699"
}
],
"trust": 0.6
}
}
var-202203-1529
Vulnerability from variot
Use of Weak Hash vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions, Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU all versions, Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4) all versions, Mitsubishi Electric MELSEC iQ-R series RJ71EN71 all versions, Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2 all versions, Mitsubishi Electric MELSEC Q series Q03UDECPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/10/13/20/26/50/100UDEHCPU all versions, Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU all versions, Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4) all versions, Mitsubishi Electric MELSEC Q series QJ71E71-100 all versions, Mitsubishi Electric MELSEC Q series QJ72BR15 all versions, Mitsubishi Electric MELSEC Q series QJ72LP25(-25/G/GE) all versions, Mitsubishi Electric MELSEC L series L02/06/26CPU(-P) all versions, Mitsubishi Electric MELSEC L series L26CPU-(P)BT all versions, Mitsubishi Electric MELSEC L series LJ71C24(-R2) all versions, Mitsubishi Electric MELSEC L series LJ71E71-100 all versions and Mitsubishi Electric MELSEC L series LJ72GF15-T2 all versions allows a remote unauthenticated attacker to login to the product by using a password reversed from a previously eavesdropped password hash. plural Mitsubishi Electric MELSEC iQ-F A series of products contains a vulnerability related to the use of password hashes that are not strong enough.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Mitsubishi Electric Automation (China) Co., Ltd. is a wholly-owned enterprise in China invested by Mitsubishi Electric Corporation. Mainly produces mechanical appliances for power distribution (including low-voltage circuit breakers, electromagnetic switches), electrical processing products (including CNC EDM machines, wire-cut EDM machines, and laser processing machines).
Mitsubishi MELSEC Q03UDECPU PLC has a logic flaw vulnerability, an attacker can use the vulnerability to decrypt the correct key through the encrypted password, and directly replay the message containing the key
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202203-1529",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fx5uj-24mt\\/ess",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "fx5uj-60mt\\/ess",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "fx5uc-32mr\\/ds-ts",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "fx5uc",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "fx5uc-32mt\\/d",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "fx5uj-40mt\\/ess",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "fx5uj-60mt\\/es",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "fx5uc-32mt\\/dss",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "fx5uj",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "fx5uc-32mt\\/dss-ts",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "fx5uj-60mr\\/es",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "fx5uc-32mt\\/ds-ts",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "fx5uj-24mr\\/es",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "fx5uj-40mt\\/es",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "fx5uj-24mt\\/es",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "fx5uj-40mr\\/es",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "fx5uc-32mt/d",
"scope": null,
"trust": 0.8,
"vendor": "\u4e09\u83f1\u96fb\u6a5f",
"version": null
},
{
"model": "fx5uc-32mr/ds-ts",
"scope": null,
"trust": 0.8,
"vendor": "\u4e09\u83f1\u96fb\u6a5f",
"version": null
},
{
"model": "fx5uj-40mt/es",
"scope": null,
"trust": 0.8,
"vendor": "\u4e09\u83f1\u96fb\u6a5f",
"version": null
},
{
"model": "fx5uj-40mr/es",
"scope": null,
"trust": 0.8,
"vendor": "\u4e09\u83f1\u96fb\u6a5f",
"version": null
},
{
"model": "fx5uc",
"scope": null,
"trust": 0.8,
"vendor": "\u4e09\u83f1\u96fb\u6a5f",
"version": null
},
{
"model": "fx5uj-24mt/ess",
"scope": null,
"trust": 0.8,
"vendor": "\u4e09\u83f1\u96fb\u6a5f",
"version": null
},
{
"model": "fx5uc-32mt/dss",
"scope": null,
"trust": 0.8,
"vendor": "\u4e09\u83f1\u96fb\u6a5f",
"version": null
},
{
"model": "fx5uj-24mr/es",
"scope": null,
"trust": 0.8,
"vendor": "\u4e09\u83f1\u96fb\u6a5f",
"version": null
},
{
"model": "fx5uj-40mt/ess",
"scope": null,
"trust": 0.8,
"vendor": "\u4e09\u83f1\u96fb\u6a5f",
"version": null
},
{
"model": "fx5uj-24mt/es",
"scope": null,
"trust": 0.8,
"vendor": "\u4e09\u83f1\u96fb\u6a5f",
"version": null
},
{
"model": "melsec q03udecpu plc",
"scope": null,
"trust": 0.6,
"vendor": "mitsubishi electric automation",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-41726"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001564"
},
{
"db": "NVD",
"id": "CVE-2022-25156"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:fx5uc_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:fx5uc:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:fx5uc-32mr\\/ds-ts_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:fx5uc-32mr\\/ds-ts:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:fx5uc-32mt\\/d_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:fx5uc-32mt\\/d:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:fx5uc-32mt\\/dss_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:fx5uc-32mt\\/dss:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:fx5uj-24mr\\/es_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:fx5uj-24mr\\/es:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:fx5uj-24mt\\/es_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:fx5uj-24mt\\/es:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:fx5uj-24mt\\/ess_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:fx5uj-24mt\\/ess:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:fx5uj-40mr\\/es_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:fx5uj-40mr\\/es:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:fx5uj-40mt\\/es_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:fx5uj-40mt\\/es:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:fx5uj-40mt\\/ess_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:fx5uj-40mt\\/ess:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:fx5uj-60mr\\/es_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:fx5uj-60mr\\/es:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:fx5uj-60mt\\/es_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:fx5uj-60mt\\/es:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:fx5uj-60mt\\/ess_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:fx5uj-60mt\\/ess:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:fx5uc-32mt\\/dss-ts_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:fx5uc-32mt\\/dss-ts:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:fx5uc-32mt\\/ds-ts_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:fx5uc-32mt\\/ds-ts:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:fx5uj_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:fx5uj:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-25156"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Iliya Rogachev and Artur Akhatov of Positive Technologies reported these vulnerabilities to Mitsubishi Electric.,Anton Dorfman, Dmitry Sklyarov",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-2694"
}
],
"trust": 0.6
},
"cve": "CVE-2022-25156",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2022-25156",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "CNVD-2022-41726",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.1,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-25156",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-25156",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2022-41726",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-202203-2694",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-41726"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001564"
},
{
"db": "NVD",
"id": "CVE-2022-25156"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-2694"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Use of Weak Hash vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions, Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU all versions, Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4) all versions, Mitsubishi Electric MELSEC iQ-R series RJ71EN71 all versions, Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2 all versions, Mitsubishi Electric MELSEC Q series Q03UDECPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/10/13/20/26/50/100UDEHCPU all versions, Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU all versions, Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4) all versions, Mitsubishi Electric MELSEC Q series QJ71E71-100 all versions, Mitsubishi Electric MELSEC Q series QJ72BR15 all versions, Mitsubishi Electric MELSEC Q series QJ72LP25(-25/G/GE) all versions, Mitsubishi Electric MELSEC L series L02/06/26CPU(-P) all versions, Mitsubishi Electric MELSEC L series L26CPU-(P)BT all versions, Mitsubishi Electric MELSEC L series LJ71C24(-R2) all versions, Mitsubishi Electric MELSEC L series LJ71E71-100 all versions and Mitsubishi Electric MELSEC L series LJ72GF15-T2 all versions allows a remote unauthenticated attacker to login to the product by using a password reversed from a previously eavesdropped password hash. plural Mitsubishi Electric MELSEC iQ-F A series of products contains a vulnerability related to the use of password hashes that are not strong enough.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Mitsubishi Electric Automation (China) Co., Ltd. is a wholly-owned enterprise in China invested by Mitsubishi Electric Corporation. Mainly produces mechanical appliances for power distribution (including low-voltage circuit breakers, electromagnetic switches), electrical processing products (including CNC EDM machines, wire-cut EDM machines, and laser processing machines). \n\r\n\r\nMitsubishi MELSEC Q03UDECPU PLC has a logic flaw vulnerability, an attacker can use the vulnerability to decrypt the correct key through the encrypted password, and directly replay the message containing the key",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-25156"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001564"
},
{
"db": "CNVD",
"id": "CNVD-2022-41726"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-25156",
"trust": 3.8
},
{
"db": "ICS CERT",
"id": "ICSA-22-090-04",
"trust": 2.4
},
{
"db": "JVN",
"id": "JVNVU96577897",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001564",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2022-41726",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202203-2694",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-41726"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001564"
},
{
"db": "NVD",
"id": "CVE-2022-25156"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-2694"
}
]
},
"id": "VAR-202203-1529",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-41726"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-41726"
}
]
},
"last_update_date": "2023-12-18T12:42:00.843000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Authentication\u00a0Bypass,\u00a0Information\u00a0Disclosure\u00a0and\u00a0Information\u00a0Tampering\u00a0Vulnerabilities\u00a0in\u00a0Multiple\u00a0FA\u00a0Products",
"trust": 0.8,
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-031_en.pdf"
},
{
"title": "Patch for Mitsubishi MELSEC Q03UDECPU PLC has logic flaw vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/332961"
},
{
"title": "Mitsubishi Electric MELSEC iQ-F series Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=194631"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-41726"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001564"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-2694"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-326",
"trust": 1.0
},
{
"problemtype": "Using weak password hashes (CWE-916) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-001564"
},
{
"db": "NVD",
"id": "CVE-2022-25156"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-04"
},
{
"trust": 1.6,
"url": "https://jvn.jp/vu/jvnvu96577897/index.html"
},
{
"trust": 1.6,
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-031_en.pdf"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu96577897/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-25156"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-25156/"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-090-04"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-001564"
},
{
"db": "NVD",
"id": "CVE-2022-25156"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-2694"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-41726"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001564"
},
{
"db": "NVD",
"id": "CVE-2022-25156"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-2694"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-41726"
},
{
"date": "2022-04-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-001564"
},
{
"date": "2022-04-01T23:15:14.253000",
"db": "NVD",
"id": "CVE-2022-25156"
},
{
"date": "2022-03-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202203-2694"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-41726"
},
{
"date": "2022-04-20T05:21:00",
"db": "JVNDB",
"id": "JVNDB-2022-001564"
},
{
"date": "2023-08-08T14:22:24.967000",
"db": "NVD",
"id": "CVE-2022-25156"
},
{
"date": "2022-06-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202203-2694"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-2694"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0Mitsubishi\u00a0Electric\u00a0MELSEC\u00a0iQ-F\u00a0 Insufficient password hash usage vulnerabilities in series products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-001564"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-2694"
}
],
"trust": 0.6
}
}