Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ptsecurityPositive TechnologiesPT-2021-13
HistoryDec 15, 2021 - 12:00 a.m.

PT-2021-13: Access to sensitive PLC information in FX5U(C) CPU and FX5UJ CPU modules

2021-12-1500:00:00
Positive Technologies
www.ptsecurity.com
8

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

0.002 Low

EPSS

Percentile

55.3%

JSON

PT-2021-13: Access to sensitive PLC information in FX5U© CPU and FX5UJ CPU modules

FX5U© CPU and FX5UJ CPU modules

Severity level

Severity level: Medium
Impact: Access to sensitive PLC information in FX5U© CPU and FX5UJ CPU modules
Access Vector: Remote

CVSS v3.0
Base Score: 6,8
Vector: (AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N)

CVE-2022-25160

Vulnerability description:

The vulnerability of the FX5U© CPU and FX5UJ CPU modules of Mitsubishi Electric FA products is associated with the possibility of access to sensitive PLC information. Exploiting the vulnerability may allow an attacker who has access to the project file to obtain the values of the parameters of the key security mechanism, which are stored in the clear.

Advisory status

15.12.2021 - Vendor gets vulnerability details
31.03.2022 - Security advisory publication date (https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-031_en.pdf )

Credits

The vulnerability was detected by Anton Dorfman and Artur Akhatov (Positive Technologies)

Related

cve 1
nessus 1
nvd 1
cvelist 1
prion 1
ics 1
cve
cve
CVE-2022-25160
2022-04-01 23:15:14
nessus
nessus
Mitsubishi Electric FA Products Cleartext Storage of Sensitive Information (CVE-2022-25160)
2022-04-28 00:00:00
nvd
nvd
CVE-2022-25160
2022-04-01 23:15:14
cvelist
cvelist
CVE-2022-25160
2022-04-01 22:18:02
prion
prion
Information disclosure
2022-04-01 23:15:00
ics
ics
Mitsubishi Electric FA Products (Update A)
2022-06-01 12:00:00

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

0.002 Low

EPSS

Percentile

55.3%

JSON
Related for PT-2021-13
cve1nessus1nvd1cvelist1prion1ics1