Lucene search

[email protected]NVD:CVE-2022-40267

HistoryJan 20, 2023 - 8:15 a.m.

CVE-2022-40267

2023-01-2008:15:11

CWE-335

CWE-337

[email protected]

web.nvd.nist.gov

vulnerability

predictable seed

mitsubishi electric corporation

melsec iq

remote access

unauthenticated access

web server

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

7.6 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

70.1%

JSON

Predictable Seed in Pseudo-Random Number Generator (PRNG) vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-xMy/z (x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) with serial number 17X**** or later, and versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-xMy/z (x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) with serial number 179**** and prior, and versions 1.074 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-xMy/z (x=32,64,96, y=T, z=D,DSS)) with serial number 17X**** or later, and versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-xMy/z (x=32,64,96, y=T, z=D,DSS)) with serial number 179**** and prior, and versions 1.074 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-32MT/DS-TS versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-32MT/DSS-TS versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-xMy/z (x=24,40,60, y=T,R, z=ES,ESS) versions 1.042 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-xMy/ES-A (x=24,40,60, y=T,R) versions 1.043 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5S-xMy/z (x=30,40,60,80, y=T,R, z=ES,ESS) versions 1.003 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-32MR/DS-TS versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R00/01/02CPU versions 33 and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120(EN)CPU versions 66 and prior allows a remote unauthenticated attacker to access the Web server function by guessing the random numbers used for authentication from several used random numbers.

Affected configurations

NVD

Node

mitsubishielectricfx5u-80mt\/ess_firmwareMatch-

AND

mitsubishielectricfx5u-80mt\/essMatch-

Node

mitsubishielectricfx5u-32mt\/dss_firmwareMatch-

AND

mitsubishielectricfx5u-32mt\/dssMatch-

Node

mitsubishielectricfx5u-64mt\/dss_firmwareMatch-

AND

mitsubishielectricfx5u-64mt\/dssMatch-

Node

mitsubishielectricfx5u-80mt\/dss_firmwareMatch-

AND

mitsubishielectricfx5u-80mt\/dssMatch-

Node

mitsubishielectricfx5uc-32mt\/d_firmwareMatch-

AND

mitsubishielectricfx5uc-32mt\/dMatch-

Node

mitsubishielectricfx5uc-64mt\/d_firmwareMatch-

AND

mitsubishielectricfx5uc-64mt\/dMatch-

Node

mitsubishielectricfx5uc-96mt\/d_firmwareMatch-

AND

mitsubishielectricfx5uc-96mt\/dMatch-

Node

mitsubishielectricfx5uc-32mt\/dss_firmwareMatch-

AND

mitsubishielectricfx5uc-32mt\/dssMatch-

Node

mitsubishielectricfx5uc-64mt\/dss_firmwareMatch-

AND

mitsubishielectricfx5uc-64mt\/dssMatch-

Node

mitsubishielectricfx5uc-96mt\/dss_firmwareMatch-

AND

mitsubishielectricfx5uc-96mt\/dssMatch-

Node

mitsubishielectricfx5uc-32mt\/ds-ts_firmwareRange<1.280

AND

mitsubishielectricfx5uc-32mt\/ds-tsMatch-

Node

mitsubishielectricfx5uc-32mt\/dss-ts_firmwareRange<1.280

AND

mitsubishielectricfx5uc-32mt\/dss-tsMatch-

Node

mitsubishielectricfx5uc-32mr\/ds-ts_firmwareRange<1.280

AND

mitsubishielectricfx5uc-32mr\/ds-tsMatch-

Node

mitsubishielectricr00cpu_firmwareMatch-

AND

mitsubishielectricr00cpuMatch-

Node

mitsubishielectricr01cpu_firmwareMatch-

AND

mitsubishielectricr01cpuMatch-

Node

mitsubishielectricr02cpu_firmwareMatch-

AND

mitsubishielectricr02cpuMatch-

Node

mitsubishielectricr04cpu_firmwareMatch-

AND

mitsubishielectricr04cpuMatch-

Node

mitsubishielectricr08cpu_firmwareMatch-

AND

mitsubishielectricr08cpuMatch-

Node

mitsubishielectricr16cpu_firmwareMatch-

AND

mitsubishielectricr16cpuMatch-

Node

mitsubishielectricr32cpu_firmwareMatch-

AND

mitsubishielectricr32cpuMatch-

Node

mitsubishielectricr120cpu_firmwareMatch-

AND

mitsubishielectricr120cpuMatch-

Node

mitsubishielectricr04encpu_firmwareMatch-

AND

mitsubishielectricr04encpuMatch-

Node

mitsubishielectricr08encpu_firmwareMatch-

AND

mitsubishielectricr08encpuMatch-

Node

mitsubishielectricr16encpu_firmwareMatch-

AND

mitsubishielectricr16encpuMatch-

Node

mitsubishielectricr32encpu_firmwareMatch-

AND

mitsubishielectricr32encpuMatch-

Node

mitsubishielectricr120encpu_firmwareMatch-

AND

mitsubishielectricr120encpuMatch-

Node

mitsubishielectricfx5uj-24mt\/es_firmwareRange<1.042

AND

mitsubishielectricfx5uj-24mt\/esMatch-

Node

mitsubishielectricfx5uj-40mt\/es_firmwareRange<1.042

AND

mitsubishielectricfx5uj-40mt\/esMatch-

Node

mitsubishielectricfx5uj-60mt\/es_firmwareRange<1.042

AND

mitsubishielectricfx5uj-60mt\/esMatch-

Node

mitsubishielectricfx5uj-24mr\/es_firmwareRange<1.042

AND

mitsubishielectricfx5uj-24mr\/esMatch-

Node

mitsubishielectricfx5uj-40mr\/es_firmwareRange<1.042

AND

mitsubishielectricfx5uj-40mr\/esMatch-

Node

mitsubishielectricfx5uj-60mr\/es_firmwareRange<1.042

AND

mitsubishielectricfx5uj-60mr\/esMatch-

Node

mitsubishielectricfx5uj-24mt\/ess_firmwareRange<1.042

AND

mitsubishielectricfx5uj-24mt\/essMatch-

Node

mitsubishielectricfx5uj-40mt\/ess_firmwareRange<1.042

AND

mitsubishielectricfx5uj-40mt\/essMatch-

Node

mitsubishielectricfx5uj-60mt\/ess_firmwareRange<1.042

AND

mitsubishielectricfx5uj-60mt\/essMatch-

Node

mitsubishielectricfx5uj-24mt\/es-a_firmwareRange<1.043

AND

mitsubishielectricfx5uj-24mt\/es-aMatch-

Node

mitsubishielectricfx5uj-40mt\/es-a_firmwareRange<1.043

AND

mitsubishielectricfx5uj-40mt\/es-aMatch-

Node

mitsubishielectricfx5uj-60mt\/es-a_firmwareRange<1.043

AND

mitsubishielectricfx5uj-60mt\/es-aMatch-

Node

mitsubishielectricfx5uj-24mr\/es-a_firmwareRange<1.043

AND

mitsubishielectricfx5uj-24mr\/es-aMatch-

Node

mitsubishielectricfx5uj-40mr\/es-a_firmwareRange<1.043

AND

mitsubishielectricfx5uj-40mr\/es-aMatch-

Node

mitsubishielectricfx5uj-60mr\/es-a_firmwareRange<1.043

AND

mitsubishielectricfx5uj-60mr\/es-aMatch-

Node

mitsubishielectricfx5s-30mt\/es_firmwareRange<1.003

AND

mitsubishielectricfx5s-30mt\/esMatch-

Node

mitsubishielectricfx5s-40mt\/es_firmwareRange<1.003

AND

mitsubishielectricfx5s-40mt\/esMatch-

Node

mitsubishielectricfx5s-60mt\/es_firmwareRange<1.003

AND

mitsubishielectricfx5s-60mt\/esMatch-

Node

mitsubishielectricfx5s-80mt\/es_firmwareRange<1.003

AND

mitsubishielectricfx5s-80mt\/esMatch-

Node

mitsubishielectricfx5s-30mr\/es_firmwareRange<1.003

AND

mitsubishielectricfx5s-30mr\/esMatch-

Node

mitsubishielectricfx5s-40mr\/es_firmwareRange<1.003

AND

mitsubishielectricfx5s-40mr\/esMatch-

Node

mitsubishielectricfx5s-60mr\/es_firmwareRange<1.003

AND

mitsubishielectricfx5s-60mr\/esMatch-

Node

mitsubishielectricfx5s-80mr\/es_firmwareRange<1.003

AND

mitsubishielectricfx5s-80mr\/esMatch-

Node

mitsubishielectricfx5s-30mt\/ess_firmwareRange<1.003

AND

mitsubishielectricfx5s-30mt\/essMatch-

Node

mitsubishielectricfx5s-40mt\/ess_firmwareRange<1.003

AND

mitsubishielectricfx5s-40mt\/essMatch-

Node

mitsubishielectricfx5s-60mt\/ess_firmwareRange<1.003

AND

mitsubishielectricfx5s-60mt\/essMatch-

Node

mitsubishielectricfx5s-80mt\/ess_firmwareRange<1.003

AND

mitsubishielectricfx5s-80mt\/essMatch-

References

jvn.jp/vu/JVNVU99673580/index.html

www.cisa.gov/uscert/ics/advisories/icsa-23-017-02

www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-019_en.pdf

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

7.6 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

70.1%

JSON

Related for NVD:CVE-2022-40267

talos1 nessus1 ics1 prion1 cve1 cvelist1