Lucene search

[email protected]CVE-2022-24296

HistoryJun 08, 2022 - 3:15 p.m.

CVE-2022-24296

2022-06-0815:15:00

CWE-327

[email protected]

web.nvd.nist.gov

cve-2022-24296

air conditioning system

cryptographic algorithm

vulnerability

nvd

security

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

58.3%

JSON

Use of a Broken or Risky Cryptographic Algorithm vulnerability in Air Conditioning System G-150AD Ver. 3.21 and prior, Air Conditioning System AG-150A-A Ver. 3.21 and prior, Air Conditioning System AG-150A-J Ver. 3.21 and prior, Air Conditioning System GB-50AD Ver. 3.21 and prior, Air Conditioning System GB-50ADA-A Ver. 3.21 and prior, Air Conditioning System GB-50ADA-J Ver. 3.21 and prior, Air Conditioning System EB-50GU-A Ver. 7.10 and prior, Air Conditioning System EB-50GU-J Ver. 7.10 and prior, Air Conditioning System AE-200J Ver. 7.97 and prior, Air Conditioning System AE-200A Ver. 7.97 and prior, Air Conditioning System AE-200E Ver. 7.97 and prior, Air Conditioning System AE-50J Ver. 7.97 and prior, Air Conditioning System AE-50A Ver. 7.97 and prior, Air Conditioning System AE-50E Ver. 7.97 and prior, Air Conditioning System EW-50J Ver. 7.97 and prior, Air Conditioning System EW-50A Ver. 7.97 and prior, Air Conditioning System EW-50E Ver. 7.97 and prior, Air Conditioning System TE-200A Ver. 7.97 and prior, Air Conditioning System TE-50A Ver. 7.97 and prior and Air Conditioning System TW-50A Ver. 7.97 and prior allows a remote unauthenticated attacker to cause a disclosure of encrypted message of the air conditioning systems by sniffing encrypted communications.

CPENameOperatorVersion
mitsubishi:ae-200a_firmwaremitsubishi ae-200a firmwarele7.97
mitsubishi:ae-200e_firmwaremitsubishi ae-200e firmwarele7.97
mitsubishi:ae-200j_firmwaremitsubishi ae-200j firmwarele7.97
mitsubishi:ae-50a_firmwaremitsubishi ae-50a firmwarele7.97
mitsubishi:ae-50e_firmwaremitsubishi ae-50e firmwarele7.97
mitsubishi:ae-50j_firmwaremitsubishi ae-50j firmwarele7.97
mitsubishi:ag-150a-a_firmwaremitsubishi ag-150a-a firmwarele3.21
mitsubishi:ag-150a-j_firmwaremitsubishi ag-150a-j firmwarele3.21
mitsubishi:eb-50gu-a_firmwaremitsubishi eb-50gu-a firmwarele7.10
mitsubishi:eb-50gu-j_firmwaremitsubishi eb-50gu-j firmwarele7.10

CPE	Name	Operator	Version
mitsubishi:ae-200a_firmware	mitsubishi ae-200a firmware	le	7.97
mitsubishi:ae-200e_firmware	mitsubishi ae-200e firmware	le	7.97
mitsubishi:ae-200j_firmware	mitsubishi ae-200j firmware	le	7.97
mitsubishi:ae-50a_firmware	mitsubishi ae-50a firmware	le	7.97
mitsubishi:ae-50e_firmware	mitsubishi ae-50e firmware	le	7.97
mitsubishi:ae-50j_firmware	mitsubishi ae-50j firmware	le	7.97
mitsubishi:ag-150a-a_firmware	mitsubishi ag-150a-a firmware	le	3.21
mitsubishi:ag-150a-j_firmware	mitsubishi ag-150a-j firmware	le	3.21
mitsubishi:eb-50gu-a_firmware	mitsubishi eb-50gu-a firmware	le	7.10
mitsubishi:eb-50gu-j_firmware	mitsubishi eb-50gu-j firmware	le	7.10

Rows per page:

1-10 of 201

References

jvn.jp/vu/JVNVU95298925/index.html

www.mee.co.jp/psirt/vulnerability/pdf/2022-001.pdf

www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-005_en.pdf

Social References

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

58.3%

JSON

Related for CVE-2022-24296

prion1 ics1