6.4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
9.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
0.002 Low
EPSS
Percentile
57.6%
FX5U© CPU and FX5UJ CPU modules
Severity level: High
Impact: Possibility of authorization in the file password mechanism using the password hash value in the FX5U© CPU and FX5UJ CPU modules
Access Vector: Remote
CVSS v3.0
Base Score: 7,4
Vector: (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)
CVE-2022-25157
Vulnerability description:
The vulnerability of the FX5U© CPU and FX5UJ CPU modules of Mitsubishi Electric FA products is associated with the possibility of using a password hash instead of a password for authentication. Exploiting the vulnerability may allow an attacker who knows the hash value of the password to perform authorization in the file password mechanism using password hash.
Advisory status
15.12.2021 - Vendor gets vulnerability details
31.03.2022 - Security advisory publication date (https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-031_en.pdf )
Credits
The vulnerability was detected by Anton Dorfman (Positive Technologies)
6.4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
9.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
0.002 Low
EPSS
Percentile
57.6%