var-202201-0603
Vulnerability from variot
Incomplete List of Disallowed Inputs vulnerability in Mitsubishi Electric MC Works64 versions 4.00A (10.95.201.23) to 4.04E (10.95.210.01), ICONICS GENESIS64 versions 10.95.3 to 10.97, ICONICS Hyper Historian versions 10.95.3 to 10.97, ICONICS AnalytiX versions 10.95.3 to 10.97 and ICONICS MobileHMI versions 10.95.3 to 10.97 allows a remote unauthenticated attacker to bypass the authentication of MC Works64, GENESIS64, Hyper Historian, AnalytiX and MobileHMI, and gain unauthorized access to the products, by sending specially crafted WebSocket packets to FrameWorX server, one of the functions of the products. Mitsubishi Electric products and multiple ICONICS There are unspecified vulnerabilities in the product.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Mitsubishi Electric MC Works64 is a set of data acquisition and monitoring and control system (SCADA) of Japan's Mitsubishi Electric (Mitsubishi Electric).
A security vulnerability exists in Mitsubishi Electric MC Works64 that originates in the ICONICS and Mitsubishi Electric ICONICS product suites. The FrameWorX server in the Mitsubishi Electric MC Works64 product could allow an attacker to exploit the vulnerability to open a WebSocket endpoint (port 80 or 443) when bypassing GENESIS64 MC Works64 security. No detailed vulnerability details are currently provided
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202201-0603", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "mc works64", scope: "gte", trust: 1, vendor: "mitsubishielectric", version: "10.95.201.23", }, { model: "mc works64", scope: "lte", trust: 1, vendor: "mitsubishielectric", version: "10.95.210.01", }, { model: "mobilehmi", scope: "lte", trust: 1, vendor: "iconics", version: "10.97", }, { model: "hyper historian", scope: "lte", trust: 1, vendor: "iconics", version: "10.97", }, { model: "genesis64", scope: "lte", trust: 1, vendor: "iconics", version: "10.97", }, { model: "hyper historian", scope: "gte", trust: 1, vendor: "iconics", version: "10.95.3", }, { model: "genesis64", scope: "gte", trust: 1, vendor: "iconics", version: "10.95.3", }, { model: "mobilehmi", scope: "gte", trust: 1, vendor: "iconics", version: "10.95.3", }, { model: "analytix", scope: "gte", trust: 1, vendor: "iconics", version: "10.95.3", }, { model: "analytix", scope: "lte", trust: 1, vendor: "iconics", version: "10.97", }, { model: "hyper historian", scope: null, trust: 0.8, vendor: "iconics", version: null, }, { model: "mc works64", scope: "eq", trust: 0.8, vendor: "三菱電機", version: "4.00a (10.95.201.23) to 4.04e (10.95.210.01)", }, { model: "mobilehmi", scope: null, trust: 0.8, vendor: "iconics", version: null, }, { model: "analytix", scope: null, trust: 0.8, vendor: "iconics", version: null, }, { model: "genesis 64", scope: null, trust: 0.8, vendor: "iconics", version: null, }, { model: "electric mc works64", scope: "gte", trust: 0.6, vendor: "mitsubishi", version: "10.95.201.23,<=10.95.210.01", }, ], sources: [ { db: "CNVD", id: "CNVD-2022-08358", }, { db: "JVNDB", id: "JVNDB-2022-003883", }, { db: "NVD", id: "CVE-2022-23128", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:iconics:analytix:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "10.97", versionStartIncluding: "10.95.3", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:iconics:genesis64:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "10.97", versionStartIncluding: "10.95.3", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:iconics:hyper_historian:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "10.97", versionStartIncluding: "10.95.3", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:iconics:mobilehmi:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "10.97", versionStartIncluding: "10.95.3", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:mitsubishielectric:mc_works64:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "10.95.210.01", versionStartIncluding: "10.95.201.23", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2022-23128", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "ICONICS and Mitsubishi Electric reported these vulnerabilities to CISA.", sources: [ { db: "CNNVD", id: "CNNVD-202201-1829", }, ], trust: 0.6, }, cve: "CVE-2022-23128", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, impactScore: 6.4, integrityImpact: "PARTIAL", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "HIGH", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "Partial", baseScore: 7.5, confidentialityImpact: "Partial", exploitabilityScore: null, id: "CVE-2022-23128", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "High", trust: 0.9, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, id: "CNVD-2022-08358", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "HIGH", trust: 0.6, vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 9.8, baseSeverity: "Critical", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2022-23128", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2022-23128", trust: 1.8, value: "CRITICAL", }, { author: "CNVD", id: "CNVD-2022-08358", trust: 0.6, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-202201-1829", trust: 0.6, value: "CRITICAL", }, { author: "VULMON", id: "CVE-2022-23128", trust: 0.1, value: "HIGH", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2022-08358", }, { db: "VULMON", id: "CVE-2022-23128", }, { db: "JVNDB", id: "JVNDB-2022-003883", }, { db: "CNNVD", id: "CNNVD-202201-1829", }, { db: "NVD", id: "CVE-2022-23128", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Incomplete List of Disallowed Inputs vulnerability in Mitsubishi Electric MC Works64 versions 4.00A (10.95.201.23) to 4.04E (10.95.210.01), ICONICS GENESIS64 versions 10.95.3 to 10.97, ICONICS Hyper Historian versions 10.95.3 to 10.97, ICONICS AnalytiX versions 10.95.3 to 10.97 and ICONICS MobileHMI versions 10.95.3 to 10.97 allows a remote unauthenticated attacker to bypass the authentication of MC Works64, GENESIS64, Hyper Historian, AnalytiX and MobileHMI, and gain unauthorized access to the products, by sending specially crafted WebSocket packets to FrameWorX server, one of the functions of the products. Mitsubishi Electric products and multiple ICONICS There are unspecified vulnerabilities in the product.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Mitsubishi Electric MC Works64 is a set of data acquisition and monitoring and control system (SCADA) of Japan's Mitsubishi Electric (Mitsubishi Electric). \n\r\n\r\nA security vulnerability exists in Mitsubishi Electric MC Works64 that originates in the ICONICS and Mitsubishi Electric ICONICS product suites. The FrameWorX server in the Mitsubishi Electric MC Works64 product could allow an attacker to exploit the vulnerability to open a WebSocket endpoint (port 80 or 443) when bypassing GENESIS64 MC Works64 security. No detailed vulnerability details are currently provided", sources: [ { db: "NVD", id: "CVE-2022-23128", }, { db: "JVNDB", id: "JVNDB-2022-003883", }, { db: "CNVD", id: "CNVD-2022-08358", }, { db: "VULMON", id: "CVE-2022-23128", }, ], trust: 2.25, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2022-23128", trust: 3.9, }, { db: "ICS CERT", id: "ICSA-22-020-01", trust: 3.1, }, { db: "JVN", id: "JVNVU95403720", trust: 2.5, }, { db: "JVNDB", id: "JVNDB-2022-003883", trust: 0.8, }, { db: "CNVD", id: "CNVD-2022-08358", trust: 0.6, }, { db: "AUSCERT", id: "ESB-2022.0311", trust: 0.6, }, { db: "CS-HELP", id: "SB2022012108", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202201-1829", trust: 0.6, }, { db: "VULMON", id: "CVE-2022-23128", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2022-08358", }, { db: "VULMON", id: "CVE-2022-23128", }, { db: "JVNDB", id: "JVNDB-2022-003883", }, { db: "CNNVD", id: "CNNVD-202201-1829", }, { db: "NVD", id: "CVE-2022-23128", }, ], }, id: "VAR-202201-0603", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2022-08358", }, ], trust: 1.6, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "ICS", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2022-08358", }, ], }, last_update_date: "2024-02-13T22:46:25.925000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Top Page Mitsubishi Electric Mitsubishi Electric Corporation", trust: 0.8, url: "https://iconics.com/", }, { title: "Patch for Unknown Vulnerability in Mitsubishi Electric MC Works64", trust: 0.6, url: "https://www.cnvd.org.cn/patchinfo/show/317671", }, { title: "Mitsubishi Electric MC Works64 Security vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=179152", }, { title: "CVE-2022-XXXX", trust: 0.1, url: "https://github.com/alphabugx/cve-2022-23305 ", }, { title: "CVE-2022-XXXX", trust: 0.1, url: "https://github.com/alphabugx/cve-2022-rce ", }, ], sources: [ { db: "CNVD", id: "CNVD-2022-08358", }, { db: "VULMON", id: "CVE-2022-23128", }, { db: "JVNDB", id: "JVNDB-2022-003883", }, { db: "CNNVD", id: "CNNVD-202201-1829", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "NVD-CWE-Other", trust: 1, }, { problemtype: "others (CWE-Other) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-003883", }, { db: "NVD", id: "CVE-2022-23128", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.8, url: "https://www.cisa.gov/uscert/ics/advisories/icsa-22-020-01", }, { trust: 1.7, url: "https://jvn.jp/vu/jvnvu95403720/index.html", }, { trust: 1.7, url: "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-026_en.pdf", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2022-23128", }, { trust: 1.2, url: "https://us-cert.cisa.gov/ics/advisories/icsa-22-020-01", }, { trust: 0.8, url: "https://jvn.jp/vu/jvnvu95403720/", }, { trust: 0.8, url: "https://www.cisa.gov/news-events/ics-advisories/icsa-22-020-01", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2022.0311", }, { trust: 0.6, url: "https://vigilance.fr/vulnerability/iconics-genesis64-four-vulnerabilities-37339", }, { trust: 0.6, url: "https://www.cybersecurity-help.cz/vdb/sb2022012108", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, { trust: 0.1, url: "https://github.com/alphabugx/cve-2022-23305", }, ], sources: [ { db: "CNVD", id: "CNVD-2022-08358", }, { db: "VULMON", id: "CVE-2022-23128", }, { db: "JVNDB", id: "JVNDB-2022-003883", }, { db: "CNNVD", id: "CNNVD-202201-1829", }, { db: "NVD", id: "CVE-2022-23128", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2022-08358", }, { db: "VULMON", id: "CVE-2022-23128", }, { db: "JVNDB", id: "JVNDB-2022-003883", }, { db: "CNNVD", id: "CNNVD-202201-1829", }, { db: "NVD", id: "CVE-2022-23128", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-02-05T00:00:00", db: "CNVD", id: "CNVD-2022-08358", }, { date: "2022-01-21T00:00:00", db: "VULMON", id: "CVE-2022-23128", }, { date: "2023-03-10T00:00:00", db: "JVNDB", id: "JVNDB-2022-003883", }, { date: "2022-01-20T00:00:00", db: "CNNVD", id: "CNNVD-202201-1829", }, { date: "2022-01-21T19:15:09.977000", db: "NVD", id: "CVE-2022-23128", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-06-13T00:00:00", db: "CNVD", id: "CNVD-2022-08358", }, { date: "2022-01-27T00:00:00", db: "VULMON", id: "CVE-2022-23128", }, { date: "2023-03-10T03:20:00", db: "JVNDB", id: "JVNDB-2022-003883", }, { date: "2022-02-14T00:00:00", db: "CNNVD", id: "CNNVD-202201-1829", }, { date: "2022-01-27T20:20:33.137000", db: "NVD", id: "CVE-2022-23128", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202201-1829", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Mitsubishi Electric products and multiple ICONICS Product vulnerabilities", sources: [ { db: "JVNDB", id: "JVNDB-2022-003883", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "other", sources: [ { db: "CNNVD", id: "CNNVD-202201-1829", }, ], trust: 0.6, }, }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.