Lucene search

[email protected]CVE-2022-23128

HistoryJan 21, 2022 - 7:15 p.m.

CVE-2022-23128

2022-01-2119:15:09

[email protected]

web.nvd.nist.gov

183

cve

2022

23128

vulnerability

mitsubishi electric

iconics

mc works64

genesis64

hyper historian

analytix

mobilehmi

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.008 Low

EPSS

Percentile

81.6%

JSON

Incomplete List of Disallowed Inputs vulnerability in Mitsubishi Electric MC Works64 versions 4.00A (10.95.201.23) to 4.04E (10.95.210.01), ICONICS GENESIS64 versions 10.95.3 to 10.97, ICONICS Hyper Historian versions 10.95.3 to 10.97, ICONICS AnalytiX versions 10.95.3 to 10.97 and ICONICS MobileHMI versions 10.95.3 to 10.97 allows a remote unauthenticated attacker to bypass the authentication of MC Works64, GENESIS64, Hyper Historian, AnalytiX and MobileHMI, and gain unauthorized access to the products, by sending specially crafted WebSocket packets to FrameWorX server, one of the functions of the products.

Affected configurations

NVD

Node

iconicsanalytixRange10.95.3–10.97

iconicsgenesis64Range10.95.3–10.97

iconicshyper_historianRange10.95.3–10.97

iconicsmobilehmiRange10.95.3–10.97

mitsubishielectricmc_works64Range10.95.201.23–10.95.210.01

CPENameOperatorVersion
iconics:analytixiconics analytixle10.97
iconics:genesis64iconics genesis64le10.97
iconics:hyper_historianiconics hyper historianle10.97
iconics:mobilehmiiconics mobilehmile10.97
mitsubishielectric:mc_works64mitsubishielectric mc works64le10.95.210.01

CPE	Name	Operator	Version
iconics:analytix	iconics analytix	le	10.97
iconics:genesis64	iconics genesis64	le	10.97
iconics:hyper_historian	iconics hyper historian	le	10.97
iconics:mobilehmi	iconics mobilehmi	le	10.97
mitsubishielectric:mc_works64	mitsubishielectric mc works64	le	10.95.210.01

CNA Affected

[
  {
    "product": "Mitsubishi Electric MC Works64; ICONICS GENESIS64; ICONICS Hyper Historian; ICONICS AnalytiX; ICONICS MobileHMI",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Mitsubishi Electric MC Works64 versions 4.00A (10.95.201.23) to 4.04E (10.95.210.01)"
      },
      {
        "status": "affected",
        "version": "ICONICS GENESIS64 versions 10.95.3 to 10.97"
      },
      {
        "status": "affected",
        "version": "ICONICS Hyper Historian versions 10.95.3 to 10.97"
      },
      {
        "status": "affected",
        "version": "ICONICS AnalytiX versions 10.95.3 to 10.97"
      },
      {
        "status": "affected",
        "version": "ICONICS MobileHMI versions 10.95.3 to 10.97"
      }
    ]
  }
]

References

jvn.jp/vu/JVNVU95403720/index.html

www.cisa.gov/uscert/ics/advisories/icsa-22-020-01

www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-026_en.pdf

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.008 Low

EPSS

Percentile

81.6%

JSON

Related for CVE-2022-23128

cnvd1 nvd1 cvelist1 prion1 ics1