Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistMitsubishiCVELIST:CVE-2022-23127
HistoryJan 21, 2022 - 6:17 p.m.

CVE-2022-23127

2022-01-2118:17:32
Mitsubishi
www.cve.org
2
cve-2022-23127
cross-site scripting
mitsubishi electric
iconics
mc works64
mobilehmi
remote attack
unauthenticated
authentication information
malicious script
url injection
monitoring screen
mobile devices

EPSS

0.002

Percentile

57.9%

JSON

Cross-site Scripting vulnerability in Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior and ICONICS MobileHMI versions 10.96.2 and prior allows a remote unauthenticated attacker to gain authentication information of an MC Works64 or MobileHMI and perform any operation using the acquired authentication information, by injecting a malicious script in the URL of a monitoring screen delivered from the MC Works64 server or MobileHMI server to an application for mobile devices and leading a legitimate user to access this URL.

CNA Affected

[
  {
    "product": "Mitsubishi Electric MC Works64; ICONICS MobileHMI",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior"
      },
      {
        "status": "affected",
        "version": "ICONICS MobileHMI versions 10.96.2 and prior"
      }
    ]
  }
]

Related

cnvd 1
nvd 1
prion 1
cve 1
ics 1
cnvd
cnvd
Mitsubishi Electric MC Works64 Cross-Site Scripting Vulnerability
2022-01-23 00:00:00
nvd
nvd
CVE-2022-23127
2022-01-21 19:15:09
prion
prion
Cross site scripting
2022-01-21 19:15:00
cve
cve
CVE-2022-23127
2022-01-21 19:15:09
ics
ics
ICONICS and Mitsubishi Electric HMI SCADA
2022-01-20 12:00:00

EPSS

0.002

Percentile

57.9%

JSON
Related for CVELIST:CVE-2022-23127
cnvd1nvd1prion1cve1ics1