Positive TechnologiesPT-2021-09PT-2021-09: Possibility of authorization in Remote Password mechanism using password hash
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
74.3%
PT-2021-09: Possibility of authorization in Remote Password mechanism using password hash
FX5U© CPU and FX5UJ CPU modules
Severity level
Severity level: Medium
Impact: Possibility of authorization in Remote Password mechanism using password hash in FX5U© CPU and FX5UJ CPU modules
Access Vector: Remote
CVSS v3.0
Base Score: 5,9
Vector: (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVE-2022-25156
Vulnerability description:
The vulnerability of the FX5U© CPU and FX5UJ CPU modules of Mitsubishi Electric FA products is associated with the possibility of using a weak password hash. Exploiting the vulnerability may allow an attacker to use the resulting hash value to recover the password value.
Advisory status
15.12.2021 - Vendor gets vulnerability details
31.03.2022 - Security advisory publication date (https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-031_en.pdf )
Credits
The vulnerability was detected by Dmitry Sklyarov and Anton Dorfman (Positive Technologies)
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
74.3%