Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ptsecurityPositive TechnologiesPT-2021-10
HistoryDec 15, 2021 - 12:00 a.m.

PT-2021-10: Possibility of authorization in the file password mechanism using the password hash value in the FX5U(C) CPU and FX5UJ CPU modules

2021-12-1500:00:00
Positive Technologies
www.ptsecurity.com
3

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

0.002 Low

EPSS

Percentile

57.6%

JSON

PT-2021-10: Possibility of authorization in the file password mechanism using the password hash value in the FX5U© CPU and FX5UJ CPU modules

FX5U© CPU and FX5UJ CPU modules

Severity level

Severity level: High
Impact: Possibility of authorization in the file password mechanism using the password hash value in the FX5U© CPU and FX5UJ CPU modules
Access Vector: Remote

CVSS v3.0
Base Score: 7,4
Vector: (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)

CVE-2022-25157

Vulnerability description:

The vulnerability of the FX5U© CPU and FX5UJ CPU modules of Mitsubishi Electric FA products is associated with the possibility of using a password hash instead of a password for authentication. Exploiting the vulnerability may allow an attacker who knows the hash value of the password to perform authorization in the file password mechanism using password hash.

Advisory status

15.12.2021 - Vendor gets vulnerability details
31.03.2022 - Security advisory publication date (https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-031_en.pdf )

Credits

The vulnerability was detected by Anton Dorfman (Positive Technologies)

Related

prion 1
cve 1
cvelist 1
nessus 1
nvd 1
ics 1
prion
prion
Authentication flaw
2022-04-01 23:15:00
cve
cve
CVE-2022-25157
2022-04-01 23:15:14
cvelist
cvelist
CVE-2022-25157
2022-04-01 22:17:59
nessus
nessus
Mitsubishi Electric FA Products Use of Password Hash Instead of Password For Authentication (CVE-2022-25157)
2022-04-28 00:00:00
nvd
nvd
CVE-2022-25157
2022-04-01 23:15:14
ics
ics
Mitsubishi Electric FA Products (Update A)
2022-06-01 12:00:00

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

0.002 Low

EPSS

Percentile

57.6%

JSON
Related for PT-2021-10
prion1cve1cvelist1nessus1nvd1ics1