Common Weakness Enumeration
CWE-337
AllowedPredictable Seed in Pseudo-Random Number Generator (PRNG)
Abstraction: Variant · Status: Draft
A Pseudo-Random Number Generator (PRNG) is initialized from a predictable seed, such as the process ID or system time.
23 vulnerabilities reference this CWE, most recent first.
CVE-2026-26018 (GCVE-0-2026-26018)
Vulnerability from cvelistv5 – Published: 2026-03-06 15:35 – Updated: 2026-07-15 01:15
VLAI
EPSS
VEX
Title
CoreDNS Loop Detection Denial of Service Vulnerability
Summary
CoreDNS is a DNS server that chains plugins. Prior to version 1.14.2, a denial of service vulnerability exists in CoreDNS's loop detection plugin that allows an attacker to crash the DNS server by sending specially crafted DNS queries. The vulnerability stems from the use of a predictable pseudo-random number generator (PRNG) for generating a secret query name, combined with a fatal error handler that terminates the entire process. This issue has been patched in version 1.14.2.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
8 references
| URL | Tags |
|---|---|
| https://github.com/coredns/coredns/security/advis… | x_refsource_CONFIRM |
| https://github.com/coredns/coredns/releases/tag/v1.14.2 | x_refsource_MISC |
| https://access.redhat.com/security/cve/CVE-2026-26018 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2445242 | issue-trackingx_refsource_REDHAT |
| https://security.access.redhat.com/data/csaf/v2/v… | x_sadp-csaf-vex |
| https://access.redhat.com/errata/RHSA-2026:36873 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:25127 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:8151 | vendor-advisoryx_refsource_REDHAT |
Impacted products
8 products
| Vendor | Product | Version | |
|---|---|---|---|
| coredns | coredns |
Affected:
< 1.14.2
|
|
| Red Hat | Red Hat Advanced Cluster Management for Kubernetes 2.13 |
Unaffected:
1782924920 , < *
(rpm)
cpe:/a:redhat:acm:2.13::el9 |
|
| Red Hat | Red Hat Advanced Cluster Management for Kubernetes 2.13 |
Unaffected:
1782924937 , < *
(rpm)
cpe:/a:redhat:acm:2.13::el9 |
|
| Red Hat | Red Hat Advanced Cluster Management for Kubernetes 2.14 |
Unaffected:
1780204232 , < *
(rpm)
cpe:/a:redhat:acm:2.14::el9 |
|
| Red Hat | Red Hat Advanced Cluster Management for Kubernetes 2.14 |
Unaffected:
1780204249 , < *
(rpm)
cpe:/a:redhat:acm:2.14::el9 |
|
| Red Hat | Red Hat Advanced Cluster Management for Kubernetes 2.15 |
Unaffected:
1774086225 , < *
(rpm)
cpe:/a:redhat:acm:2.15::el9 |
|
| Red Hat | Red Hat Connectivity Link 1 |
cpe:/a:redhat:connectivity_link:1 |
|
| Red Hat | Red Hat OpenShift Container Platform 4 |
cpe:/a:redhat:openshift:4 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-26018",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-06T16:07:22.371186Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-06T16:07:31.587Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:acm:2.13::el9"
],
"defaultStatus": "affected",
"packageName": "rhacm2/lighthouse-agent-rhel9",
"product": "Red Hat Advanced Cluster Management for Kubernetes 2.13",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1782924920",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:acm:2.13::el9"
],
"defaultStatus": "affected",
"packageName": "rhacm2/lighthouse-coredns-rhel9",
"product": "Red Hat Advanced Cluster Management for Kubernetes 2.13",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1782924937",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:acm:2.14::el9"
],
"defaultStatus": "affected",
"packageName": "rhacm2/lighthouse-agent-rhel9",
"product": "Red Hat Advanced Cluster Management for Kubernetes 2.14",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1780204232",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:acm:2.14::el9"
],
"defaultStatus": "affected",
"packageName": "rhacm2/lighthouse-coredns-rhel9",
"product": "Red Hat Advanced Cluster Management for Kubernetes 2.14",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1780204249",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:acm:2.15::el9"
],
"defaultStatus": "affected",
"packageName": "rhacm2/lighthouse-coredns-rhel9",
"product": "Red Hat Advanced Cluster Management for Kubernetes 2.15",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1774086225",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:connectivity_link:1"
],
"defaultStatus": "affected",
"packageName": "rhcl-1/coredns-rhel9",
"product": "Red Hat Connectivity Link 1",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "unaffected",
"packageName": "openshift4/ose-coredns-rhel9",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
}
],
"datePublic": "2026-03-06T15:35:50.801Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in CoreDNS, a DNS server that chains plugins. A remote attacker can exploit this flaw by sending specially crafted DNS queries. This vulnerability exists in CoreDNS\u0027s loop detection plugin due to the use of a predictable pseudo-random number generator (PRNG) for generating a secret query name. Successful exploitation can lead to a denial of service (DoS) by crashing the DNS server."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1241",
"description": "Use of Predictable Algorithm in Random Number Generator",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-15T01:15:33.876Z",
"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"shortName": "redhat-SADP"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-26018"
},
{
"name": "RHBZ#2445242",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445242"
},
{
"tags": [
"x_sadp-csaf-vex"
],
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-26018.json"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:36873"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:25127"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:8151"
}
],
"solutions": [
{
"lang": "en",
"value": "RHSA-2026:36873: Red Hat Advanced Cluster Management for Kubernetes 2.13"
},
{
"lang": "en",
"value": "RHSA-2026:25127: Red Hat Advanced Cluster Management for Kubernetes 2.14"
},
{
"lang": "en",
"value": "RHSA-2026:8151: Red Hat Advanced Cluster Management for Kubernetes 2.15"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-03-06T16:01:38.150Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-03-06T15:35:50.801Z",
"value": "Made public."
}
],
"title": "github.com/coredns/coredns: CoreDNS: Denial of Service vulnerability due to predictable pseudo-random number generation",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"x_adpType": "supplier",
"x_generator": {
"engine": "sadp-cli 1.0.0"
}
}
],
"cna": {
"affected": [
{
"product": "coredns",
"vendor": "coredns",
"versions": [
{
"status": "affected",
"version": "\u003c 1.14.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CoreDNS is a DNS server that chains plugins. Prior to version 1.14.2, a denial of service vulnerability exists in CoreDNS\u0027s loop detection plugin that allows an attacker to crash the DNS server by sending specially crafted DNS queries. The vulnerability stems from the use of a predictable pseudo-random number generator (PRNG) for generating a secret query name, combined with a fatal error handler that terminates the entire process. This issue has been patched in version 1.14.2."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-337",
"description": "CWE-337: Predictable Seed in Pseudo-Random Number Generator (PRNG)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770: Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-06T15:35:50.801Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/coredns/coredns/security/advisories/GHSA-h75p-j8xm-m278",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/coredns/coredns/security/advisories/GHSA-h75p-j8xm-m278"
},
{
"name": "https://github.com/coredns/coredns/releases/tag/v1.14.2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/coredns/coredns/releases/tag/v1.14.2"
}
],
"source": {
"advisory": "GHSA-h75p-j8xm-m278",
"discovery": "UNKNOWN"
},
"title": "CoreDNS Loop Detection Denial of Service Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-26018",
"datePublished": "2026-03-06T15:35:50.801Z",
"dateReserved": "2026-02-09T21:36:29.554Z",
"dateUpdated": "2026-07-15T01:15:33.876Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-25235 (GCVE-0-2026-25235)
Vulnerability from cvelistv5 – Published: 2026-02-03 18:29 – Updated: 2026-02-04 20:34
VLAI
EPSS
VEX
Title
PEAR Has a Predictable Verification Hash in Election Account Requests
Summary
PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, predictable verification hashes may allow attackers to guess verification tokens and potentially verify election account requests without authorization. This issue has been patched in version 1.33.0.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-337 - Predictable Seed in Pseudo-Random Number Generator (PRNG)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/pear/pearweb/security/advisori… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-25235",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-04T20:34:51.725693Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-04T20:34:59.115Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pearweb",
"vendor": "pear",
"versions": [
{
"status": "affected",
"version": "\u003c 1.33.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, predictable verification hashes may allow attackers to guess verification tokens and potentially verify election account requests without authorization. This issue has been patched in version 1.33.0."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-337",
"description": "CWE-337: Predictable Seed in Pseudo-Random Number Generator (PRNG)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-03T18:29:39.698Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/pear/pearweb/security/advisories/GHSA-477r-4cmw-3cgf",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pear/pearweb/security/advisories/GHSA-477r-4cmw-3cgf"
}
],
"source": {
"advisory": "GHSA-477r-4cmw-3cgf",
"discovery": "UNKNOWN"
},
"title": "PEAR Has a Predictable Verification Hash in Election Account Requests"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-25235",
"datePublished": "2026-02-03T18:29:39.698Z",
"dateReserved": "2026-01-30T14:44:47.328Z",
"dateUpdated": "2026-02-04T20:34:59.115Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-62710 (GCVE-0-2025-62710)
Vulnerability from cvelistv5 – Published: 2025-10-22 22:19 – Updated: 2025-10-24 18:28
VLAI
EPSS
VEX
Title
Sakai kernel-impl: predictable PRNG used to generate server‑side encryption key in EncryptionUtilityServiceImpl
Summary
Sakai is a Collaboration and Learning Environment. Prior to versions 23.5 and 25.0, EncryptionUtilityServiceImpl initialized an AES256TextEncryptor password (serverSecretKey) using RandomStringUtils with the default java.util.Random. java.util.Random is a non‑cryptographic PRNG and can be predicted from limited state/seed information (e.g., start time window), substantially reducing the effective search space of the generated key. An attacker who can obtain ciphertexts (e.g., exported or at‑rest strings protected by this service) and approximate the PRNG seed can feasibly reconstruct the serverSecretKey and decrypt affected data. SAK-49866 is patched in Sakai 23.5, 25.0, and trunk.
Severity
5.9 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-337 - Predictable Seed in Pseudo-Random Number Generator (PRNG)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/sakaiproject/sakai/security/ad… | x_refsource_CONFIRM |
| https://github.com/sakaiproject/sakai/commit/bde0… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| sakaiproject | sakai |
Affected:
< 23.5
Affected: < 25.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-62710",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-23T15:37:06.777893Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-23T15:38:10.508Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "sakai",
"vendor": "sakaiproject",
"versions": [
{
"status": "affected",
"version": "\u003c 23.5"
},
{
"status": "affected",
"version": "\u003c 25.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sakai is a Collaboration and Learning Environment. Prior to versions 23.5 and 25.0, EncryptionUtilityServiceImpl initialized an AES256TextEncryptor password (serverSecretKey) using RandomStringUtils with the default java.util.Random. java.util.Random is a non\u2011cryptographic PRNG and can be predicted from limited state/seed information (e.g., start time window), substantially reducing the effective search space of the generated key. An attacker who can obtain ciphertexts (e.g., exported or at\u2011rest strings protected by this service) and approximate the PRNG seed can feasibly reconstruct the serverSecretKey and decrypt affected data. SAK-49866 is patched in Sakai 23.5, 25.0, and trunk."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-337",
"description": "CWE-337: Predictable Seed in Pseudo-Random Number Generator (PRNG)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-24T18:28:07.317Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/sakaiproject/sakai/security/advisories/GHSA-gr7h-xw4f-wh86",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/sakaiproject/sakai/security/advisories/GHSA-gr7h-xw4f-wh86"
},
{
"name": "https://github.com/sakaiproject/sakai/commit/bde070104b1de01f4a6458dca6d9e0880a0e3c04",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/sakaiproject/sakai/commit/bde070104b1de01f4a6458dca6d9e0880a0e3c04"
}
],
"source": {
"advisory": "GHSA-gr7h-xw4f-wh86",
"discovery": "UNKNOWN"
},
"title": "Sakai kernel-impl: predictable PRNG used to generate server\u2011side encryption key in EncryptionUtilityServiceImpl"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-62710",
"datePublished": "2025-10-22T22:19:21.106Z",
"dateReserved": "2025-10-20T19:41:22.739Z",
"dateUpdated": "2025-10-24T18:28:07.317Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-55069 (GCVE-0-2025-55069)
Vulnerability from cvelistv5 – Published: 2025-09-23 22:15 – Updated: 2025-09-24 14:07
VLAI
EPSS
VEX
Title
AutomationDirect CLICK PLUS Predictable Seed in Pseudo-Random Number Generator
Summary
A predictable seed in pseudo-random number generator vulnerability has been discovered in firmware version 3.60 of the Click Plus PLC. The vulnerability relies on the fact that the software implements a predictable seed for its pseudo-random number generator, which compromises the security of the generated private keys.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-337 - Predictable Seed in Pseudo-Random Number Generator
Assigner
References
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| AutomationDirect | CLICK PLUS C0-0x CPU firmware |
Affected:
0 , < v3.71
(custom)
|
|
| AutomationDirect | CLICK PLUS C0-1x CPU firmware |
Affected:
0 , < v3.71
(custom)
|
|
| AutomationDirect | CLICK PLUS C2-x CPU firmware |
Affected:
0 , < v3.71
(custom)
|
Date Public
2025-09-23 16:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-55069",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-24T14:06:23.215875Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-24T14:07:59.115Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CLICK PLUS C0-0x CPU firmware",
"vendor": "AutomationDirect",
"versions": [
{
"lessThan": "v3.71",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CLICK PLUS C0-1x CPU firmware",
"vendor": "AutomationDirect",
"versions": [
{
"lessThan": "v3.71",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CLICK PLUS C2-x CPU firmware",
"vendor": "AutomationDirect",
"versions": [
{
"lessThan": "v3.71",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Luca Borzacchiello and Diego Zaffaroni of Nozomi Networks reported these vulnerabilities to Automation Direct."
}
],
"datePublic": "2025-09-23T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA predictable seed in pseudo-random number generator vulnerability has been discovered in firmware version 3.60 of the Click Plus PLC. The vulnerability relies on the fact that the software implements a predictable seed for its pseudo-random number generator, which compromises the security of the generated private keys.\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e"
}
],
"value": "A predictable seed in pseudo-random number generator vulnerability has been discovered in firmware version 3.60 of the Click Plus PLC. The vulnerability relies on the fact that the software implements a predictable seed for its pseudo-random number generator, which compromises the security of the generated private keys."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-337",
"description": "CWE-337 Predictable Seed in Pseudo-Random Number Generator",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-23T22:15:46.833Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-266-01"
},
{
"url": "https://www.automationdirect.com/support/software-downloads"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAutomationDirect recommends that users update CLICK PLUS and firmware to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.automationdirect.com/support/software-downloads\"\u003eV3.80.\u003c/a\u003e\u003c/p\u003e\u003cp\u003eIf the update cannot be applied right away, the following compensating controls are recommended until the upgrade can be performed:\u003c/p\u003e\u003cul\u003e\u003cli\u003eNetwork Isolation \u2013 Disconnect the CLICK PLUS PLC from external networks (e.g., the internet or corporate LAN) to reduce exposure.\u003c/li\u003e\u003cli\u003eSecure Communications \u2013 Use only trusted, dedicated internal networks or air-gapped systems for device communication.\u003c/li\u003e\u003cli\u003eAccess Control \u2013 Restrict both physical and logical access to authorized personnel only.\u003c/li\u003e\u003cli\u003eApplication Whitelisting \u2013 Configure whitelisting so that only trusted, pre-approved applications are allowed to run. Block any unauthorized software.\u003c/li\u003e\u003cli\u003eEndpoint Protection \u2013 Use antivirus or EDR tools and configure host-based firewalls to block unauthorized access attempts.\u003c/li\u003e\u003cli\u003eLogging \u0026amp; Monitoring \u2013 Enable and regularly review system logs to detect suspicious or unauthorized activity.\u003c/li\u003e\u003cli\u003eBackup \u0026amp; Recovery \u2013 Maintain secure, tested backups of the PLC and its configurations to minimize downtime in case of an incident.\u003c/li\u003e\u003cli\u003eOngoing Risk Assessment \u2013 Continuously evaluate risks associated with running outdated firmware and adjust compensating measures accordingly.\u003c/li\u003e\u003c/ul\u003e\n\n\u003cbr\u003e"
}
],
"value": "AutomationDirect recommends that users update CLICK PLUS and firmware to V3.80. https://www.automationdirect.com/support/software-downloads \n\nIf the update cannot be applied right away, the following compensating controls are recommended until the upgrade can be performed:\n\n * Network Isolation \u2013 Disconnect the CLICK PLUS PLC from external networks (e.g., the internet or corporate LAN) to reduce exposure.\n * Secure Communications \u2013 Use only trusted, dedicated internal networks or air-gapped systems for device communication.\n * Access Control \u2013 Restrict both physical and logical access to authorized personnel only.\n * Application Whitelisting \u2013 Configure whitelisting so that only trusted, pre-approved applications are allowed to run. Block any unauthorized software.\n * Endpoint Protection \u2013 Use antivirus or EDR tools and configure host-based firewalls to block unauthorized access attempts.\n * Logging \u0026 Monitoring \u2013 Enable and regularly review system logs to detect suspicious or unauthorized activity.\n * Backup \u0026 Recovery \u2013 Maintain secure, tested backups of the PLC and its configurations to minimize downtime in case of an incident.\n * Ongoing Risk Assessment \u2013 Continuously evaluate risks associated with running outdated firmware and adjust compensating measures accordingly."
}
],
"source": {
"advisory": "ICSA-25-266-01",
"discovery": "EXTERNAL"
},
"title": "AutomationDirect CLICK PLUS Predictable Seed in Pseudo-Random Number Generator",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-55069",
"datePublished": "2025-09-23T22:15:46.833Z",
"dateReserved": "2025-09-16T20:09:26.643Z",
"dateUpdated": "2025-09-24T14:07:59.115Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-20613 (GCVE-0-2025-20613)
Vulnerability from cvelistv5 – Published: 2025-08-12 16:58 – Updated: 2025-08-12 19:22
VLAI
EPSS
VEX
Summary
Predictable Seed in Pseudo-Random Number Generator (PRNG) in the firmware for some Intel(R) TDX may allow an authenticated user to potentially enable information disclosure via local access.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- Information Disclosure
- CWE-337 - Predictable Seed in Pseudo-Random Number Generator (PRNG)
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Intel(R) TDX |
Affected:
See references
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20613",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-12T19:22:09.607908Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-12T19:22:19.332Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) TDX",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "See references"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Predictable Seed in Pseudo-Random Number Generator (PRNG) in the firmware for some Intel(R) TDX may allow an authenticated user to potentially enable information disclosure via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 2,
"baseSeverity": "LOW",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en"
},
{
"cweId": "CWE-337",
"description": "Predictable Seed in Pseudo-Random Number Generator (PRNG)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-12T16:58:20.129Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01312.html",
"url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01312.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2025-20613",
"datePublished": "2025-08-12T16:58:20.129Z",
"dateReserved": "2025-01-08T04:00:28.773Z",
"dateUpdated": "2025-08-12T19:22:19.332Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-7770 (GCVE-0-2025-7770)
Vulnerability from cvelistv5 – Published: 2025-08-06 20:45 – Updated: 2025-08-07 14:49
VLAI
EPSS
VEX
Title
Predictable Seed in Pseudo-Random Number Generator (PRNG) in Tigo Energy Cloud Connect Advanced
Summary
Tigo Energy's CCA device is vulnerable to insecure session ID generation in their remote API. The session IDs are generated using a predictable method based on the current timestamp, allowing attackers to recreate valid session IDs. When combined with the ability to circumvent session ID requirements for certain commands, this enables unauthorized access to sensitive device functions on connected solar optimization systems.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-337 - Predictable Seed in Pseudo-Random Number Generator (PRNG)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.cisa.gov/news-events/ics-advisories/i… | government-resource |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Tigo Energy | Cloud Connect Advanced |
Affected:
0 , ≤ 4.0.1
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-7770",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-07T14:48:51.061697Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-07T14:49:00.875Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Cloud Connect Advanced",
"vendor": "Tigo Energy",
"versions": [
{
"lessThanOrEqual": "4.0.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Anthony Rose of BC Security"
},
{
"lang": "en",
"type": "reporter",
"value": "Jacob Krasnov of BC Security"
},
{
"lang": "en",
"type": "reporter",
"value": "Peter Kariuki of Ovanova"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\n\n\n\n\u003c/p\u003e\u003cp\u003eTigo Energy\u0027s CCA device is vulnerable to insecure session ID generation in their remote API. The session IDs are generated using a predictable method based on the current timestamp, allowing attackers to recreate valid session IDs. When combined with the ability to circumvent session ID requirements for certain commands, this enables unauthorized access to sensitive device functions on connected solar optimization systems.\u003c/p\u003e\n\n\n\n\u003cp\u003e\u003c/p\u003e"
}
],
"value": "Tigo Energy\u0027s CCA device is vulnerable to insecure session ID generation in their remote API. The session IDs are generated using a predictable method based on the current timestamp, allowing attackers to recreate valid session IDs. When combined with the ability to circumvent session ID requirements for certain commands, this enables unauthorized access to sensitive device functions on connected solar optimization systems."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-337",
"description": "CWE-337 Predictable Seed in Pseudo-Random Number Generator (PRNG)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-06T20:45:06.780Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-217-02"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Predictable Seed in Pseudo-Random Number Generator (PRNG) in Tigo Energy Cloud Connect Advanced",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Tigo Energy is aware of these vulnerabilities and is actively working on a fix to address them.\u003cbr\u003e\u003cbr\u003eVisit Tigo Energy\u0027s Help Center for more specific security recommendations.\u003cbr\u003e"
}
],
"value": "Tigo Energy is aware of these vulnerabilities and is actively working on a fix to address them.\n\nVisit Tigo Energy\u0027s Help Center for more specific security recommendations."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-7770",
"datePublished": "2025-08-06T20:45:06.780Z",
"dateReserved": "2025-07-17T15:44:01.345Z",
"dateUpdated": "2025-08-07T14:49:00.875Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-22194 (GCVE-0-2024-22194)
Vulnerability from cvelistv5 – Published: 2024-01-11 02:21 – Updated: 2025-06-03 14:25
VLAI
EPSS
VEX
Title
cdo-local-uuid vulnerable to insertion of artifact derived from developer's Present Working Directory into demonstration code
Summary
cdo-local-uuid project provides a specialized UUID-generating function that can, on user request, cause a program to generate deterministic UUIDs. An information leakage vulnerability is present in `cdo-local-uuid` at version `0.4.0`, and in `case-utils` in unpatched versions (matching the pattern `0.x.0`) at and since `0.5.0`, before `0.15.0`. The vulnerability stems from a Python function, `cdo_local_uuid.local_uuid()`, and its original implementation `case_utils.local_uuid()`.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
14 references
| URL | Tags |
|---|---|
| https://github.com/Cyber-Domain-Ontology/CDO-Util… | x_refsource_CONFIRM |
| https://github.com/Cyber-Domain-Ontology/CDO-Util… | x_refsource_MISC |
| https://github.com/Cyber-Domain-Ontology/CDO-Util… | x_refsource_MISC |
| https://github.com/Cyber-Domain-Ontology/CDO-Util… | x_refsource_MISC |
| https://github.com/casework/CASE-Utilities-Python… | x_refsource_MISC |
| https://github.com/casework/CASE-Utilities-Python… | x_refsource_MISC |
| https://github.com/casework/CASE-Utilities-Python… | x_refsource_MISC |
| https://github.com/casework/CASE-Utilities-Python… | x_refsource_MISC |
| https://github.com/casework/CASE-Utilities-Python… | x_refsource_MISC |
| https://github.com/casework/CASE-Utilities-Python… | x_refsource_MISC |
| https://github.com/casework/CASE-Utilities-Python… | x_refsource_MISC |
| https://github.com/casework/CASE-Utilities-Python… | x_refsource_MISC |
| https://github.com/casework/CASE-Utilities-Python… | x_refsource_MISC |
| https://github.com/casework/CASE-Utilities-Python… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Cyber-Domain-Ontology | CDO-Utility-Local-UUID |
Affected:
= 0.4.0
Affected: = 0.5.0 Affected: = 0.6.0 Affected: = 0.7.0 Affected: = 0.8.0 Affected: = 0.9.0 Affected: = 0.10.0 Affected: = 0.11.0 Affected: = 0.12.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:35:34.933Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID/security/advisories/GHSA-rgrf-6mf5-m882",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID/security/advisories/GHSA-rgrf-6mf5-m882"
},
{
"name": "https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID/pull/3",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID/pull/3"
},
{
"name": "https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID/pull/4",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID/pull/4"
},
{
"name": "https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID/commit/9e78f7cb1075728d0aafc918514f32a1392cd235",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID/commit/9e78f7cb1075728d0aafc918514f32a1392cd235"
},
{
"name": "https://github.com/casework/CASE-Utilities-Python/commit/00864cd12de7c50d882dd1a74915d32e939c25f9",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/casework/CASE-Utilities-Python/commit/00864cd12de7c50d882dd1a74915d32e939c25f9"
},
{
"name": "https://github.com/casework/CASE-Utilities-Python/commit/1cccae8eb3cf94b3a28f6490efa0fbf5c82ebd6b",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/casework/CASE-Utilities-Python/commit/1cccae8eb3cf94b3a28f6490efa0fbf5c82ebd6b"
},
{
"name": "https://github.com/casework/CASE-Utilities-Python/commit/5acb929dfb599709d1c8c90d1824dd79e0fd9e10",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/casework/CASE-Utilities-Python/commit/5acb929dfb599709d1c8c90d1824dd79e0fd9e10"
},
{
"name": "https://github.com/casework/CASE-Utilities-Python/commit/7e02d18383eabbeb9fb4ec97d81438c9980a4790",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/casework/CASE-Utilities-Python/commit/7e02d18383eabbeb9fb4ec97d81438c9980a4790"
},
{
"name": "https://github.com/casework/CASE-Utilities-Python/commit/80551f49241c874c7c50e14abe05c5017630dad2",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/casework/CASE-Utilities-Python/commit/80551f49241c874c7c50e14abe05c5017630dad2"
},
{
"name": "https://github.com/casework/CASE-Utilities-Python/commit/939775f956796d0432ecabbf62782ed7ad1007b5",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/casework/CASE-Utilities-Python/commit/939775f956796d0432ecabbf62782ed7ad1007b5"
},
{
"name": "https://github.com/casework/CASE-Utilities-Python/commit/db428a0745dac4fdd888ced9c52f617695519f9d",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/casework/CASE-Utilities-Python/commit/db428a0745dac4fdd888ced9c52f617695519f9d"
},
{
"name": "https://github.com/casework/CASE-Utilities-Python/commit/e4ffadc3d56fd303b8f465d727c4a58213d311a1",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/casework/CASE-Utilities-Python/commit/e4ffadc3d56fd303b8f465d727c4a58213d311a1"
},
{
"name": "https://github.com/casework/CASE-Utilities-Python/commit/fca7388f09feccd3b9ea88e6df9c7a43a5349452",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/casework/CASE-Utilities-Python/commit/fca7388f09feccd3b9ea88e6df9c7a43a5349452"
},
{
"name": "https://github.com/casework/CASE-Utilities-Python/commit/fdc32414eccfcbde6be0fd91b7f491cc0779b02d#diff-e60b9cb8fb480ed27283a030a0898be3475992d78228f4045b12ce5cbb2f0509",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/casework/CASE-Utilities-Python/commit/fdc32414eccfcbde6be0fd91b7f491cc0779b02d#diff-e60b9cb8fb480ed27283a030a0898be3475992d78228f4045b12ce5cbb2f0509"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-22194",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T20:11:54.538835Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-03T14:25:30.740Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CDO-Utility-Local-UUID",
"vendor": "Cyber-Domain-Ontology",
"versions": [
{
"status": "affected",
"version": "= 0.4.0"
},
{
"status": "affected",
"version": "= 0.5.0"
},
{
"status": "affected",
"version": "= 0.6.0"
},
{
"status": "affected",
"version": "= 0.7.0"
},
{
"status": "affected",
"version": "= 0.8.0"
},
{
"status": "affected",
"version": "= 0.9.0"
},
{
"status": "affected",
"version": "= 0.10.0"
},
{
"status": "affected",
"version": "= 0.11.0"
},
{
"status": "affected",
"version": "= 0.12.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cdo-local-uuid project provides a specialized UUID-generating function that can, on user request, cause a program to generate deterministic UUIDs. An information leakage vulnerability is present in `cdo-local-uuid` at version `0.4.0`, and in `case-utils` in unpatched versions (matching the pattern `0.x.0`) at and since `0.5.0`, before `0.15.0`. The vulnerability stems from a Python function, `cdo_local_uuid.local_uuid()`, and its original implementation `case_utils.local_uuid()`. "
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.2,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-215",
"description": "CWE-215: Insertion of Sensitive Information Into Debugging Code",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-337",
"description": "CWE-337: Predictable Seed in Pseudo-Random Number Generator (PRNG)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-11T02:21:53.758Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID/security/advisories/GHSA-rgrf-6mf5-m882",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID/security/advisories/GHSA-rgrf-6mf5-m882"
},
{
"name": "https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID/pull/3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID/pull/3"
},
{
"name": "https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID/pull/4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID/pull/4"
},
{
"name": "https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID/commit/9e78f7cb1075728d0aafc918514f32a1392cd235",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID/commit/9e78f7cb1075728d0aafc918514f32a1392cd235"
},
{
"name": "https://github.com/casework/CASE-Utilities-Python/commit/00864cd12de7c50d882dd1a74915d32e939c25f9",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/casework/CASE-Utilities-Python/commit/00864cd12de7c50d882dd1a74915d32e939c25f9"
},
{
"name": "https://github.com/casework/CASE-Utilities-Python/commit/1cccae8eb3cf94b3a28f6490efa0fbf5c82ebd6b",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/casework/CASE-Utilities-Python/commit/1cccae8eb3cf94b3a28f6490efa0fbf5c82ebd6b"
},
{
"name": "https://github.com/casework/CASE-Utilities-Python/commit/5acb929dfb599709d1c8c90d1824dd79e0fd9e10",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/casework/CASE-Utilities-Python/commit/5acb929dfb599709d1c8c90d1824dd79e0fd9e10"
},
{
"name": "https://github.com/casework/CASE-Utilities-Python/commit/7e02d18383eabbeb9fb4ec97d81438c9980a4790",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/casework/CASE-Utilities-Python/commit/7e02d18383eabbeb9fb4ec97d81438c9980a4790"
},
{
"name": "https://github.com/casework/CASE-Utilities-Python/commit/80551f49241c874c7c50e14abe05c5017630dad2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/casework/CASE-Utilities-Python/commit/80551f49241c874c7c50e14abe05c5017630dad2"
},
{
"name": "https://github.com/casework/CASE-Utilities-Python/commit/939775f956796d0432ecabbf62782ed7ad1007b5",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/casework/CASE-Utilities-Python/commit/939775f956796d0432ecabbf62782ed7ad1007b5"
},
{
"name": "https://github.com/casework/CASE-Utilities-Python/commit/db428a0745dac4fdd888ced9c52f617695519f9d",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/casework/CASE-Utilities-Python/commit/db428a0745dac4fdd888ced9c52f617695519f9d"
},
{
"name": "https://github.com/casework/CASE-Utilities-Python/commit/e4ffadc3d56fd303b8f465d727c4a58213d311a1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/casework/CASE-Utilities-Python/commit/e4ffadc3d56fd303b8f465d727c4a58213d311a1"
},
{
"name": "https://github.com/casework/CASE-Utilities-Python/commit/fca7388f09feccd3b9ea88e6df9c7a43a5349452",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/casework/CASE-Utilities-Python/commit/fca7388f09feccd3b9ea88e6df9c7a43a5349452"
},
{
"name": "https://github.com/casework/CASE-Utilities-Python/commit/fdc32414eccfcbde6be0fd91b7f491cc0779b02d#diff-e60b9cb8fb480ed27283a030a0898be3475992d78228f4045b12ce5cbb2f0509",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/casework/CASE-Utilities-Python/commit/fdc32414eccfcbde6be0fd91b7f491cc0779b02d#diff-e60b9cb8fb480ed27283a030a0898be3475992d78228f4045b12ce5cbb2f0509"
}
],
"source": {
"advisory": "GHSA-rgrf-6mf5-m882",
"discovery": "UNKNOWN"
},
"title": "cdo-local-uuid vulnerable to insertion of artifact derived from developer\u0027s Present Working Directory into demonstration code"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-22194",
"datePublished": "2024-01-11T02:21:53.758Z",
"dateReserved": "2024-01-08T04:59:27.371Z",
"dateUpdated": "2025-06-03T14:25:30.740Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-7558 (GCVE-0-2024-7558)
Vulnerability from cvelistv5 – Published: 2024-10-02 10:06 – Updated: 2024-10-02 13:59
VLAI
EPSS
VEX
Summary
JUJU_CONTEXT_ID is a predictable authentication secret. On a Juju machine (non-Kubernetes) or Juju charm container (on Kubernetes), an unprivileged user in the same network namespace can connect to an abstract domain socket and guess the JUJU_CONTEXT_ID value. This gives the unprivileged user access to the same information and tools as the Juju charm.
Severity
8.7 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/juju/juju/security/advisories/… | issue-tracking |
| https://www.cve.org/CVERecord?id=CVE-2024-7558 | issue-tracking |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Canonical Ltd. | Juju |
Affected:
3.5 , < 3.5.4
(semver)
Affected: 3.4 , < 3.4.6 (semver) Affected: 3.3 , < 3.3.7 (semver) Affected: 3.1 , < 3.1.10 (semver) Affected: 2.9 , < 2.9.51 (semver) |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7558",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-02T13:58:28.823188Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T13:59:04.171Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"packageName": "juju",
"platforms": [
"Linux"
],
"product": "Juju",
"repo": "https://github.com/juju/juju",
"vendor": "Canonical Ltd.",
"versions": [
{
"lessThan": "3.5.4",
"status": "affected",
"version": "3.5",
"versionType": "semver"
},
{
"lessThan": "3.4.6",
"status": "affected",
"version": "3.4",
"versionType": "semver"
},
{
"lessThan": "3.3.7",
"status": "affected",
"version": "3.3",
"versionType": "semver"
},
{
"lessThan": "3.1.10",
"status": "affected",
"version": "3.1",
"versionType": "semver"
},
{
"lessThan": "2.9.51",
"status": "affected",
"version": "2.9",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Harry Pidcock"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Harry Pidcock"
},
{
"lang": "en",
"type": "coordinator",
"value": "Mark Esler"
}
],
"descriptions": [
{
"lang": "en",
"value": "JUJU_CONTEXT_ID is a predictable authentication secret. On a Juju machine (non-Kubernetes) or Juju charm container (on Kubernetes), an unprivileged user in the same network namespace can connect to an abstract domain socket and guess the JUJU_CONTEXT_ID value. This gives the unprivileged user access to the same information and tools as the Juju charm."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-337",
"description": "CWE-337: Predictable Seed in Pseudo-Random Number Generator (PRNG)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-340",
"description": "CWE-340: Generation of Predictable Numbers or Identifiers",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-1391",
"description": "CWE-1391: Use of Weak Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T10:06:31.098Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/juju/juju/security/advisories/GHSA-mh98-763h-m9v4"
},
{
"tags": [
"issue-tracking"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7558"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2024-7558",
"datePublished": "2024-10-02T10:06:31.098Z",
"dateReserved": "2024-08-06T13:45:13.579Z",
"dateUpdated": "2024-10-02T13:59:04.171Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-49343 (GCVE-0-2023-49343)
Vulnerability from cvelistv5 – Published: 2023-12-14 21:31 – Updated: 2024-08-02 21:53
VLAI
EPSS
VEX
Summary
Temporary data passed between application components by Budgie Extras Dropby applet could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may pre-create and control this file to present false information to users or deny access to the application and panel.
Severity
6 (Medium)
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/UbuntuBudgie/budgie-extras/sec… | issue-tracking |
| https://ubuntu.com/security/notices/USN-6556-1 | third-party-advisory |
| https://cve.mitre.org/cgi-bin/cvename.cgi?name=CV… | issue-tracking |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Ubuntu Budgie | Budgie Extras |
Affected:
v1.4.0 , < v1.7.1
(semver)
|
Date Public
2023-12-14 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:53:44.977Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://github.com/UbuntuBudgie/budgie-extras/security/advisories/GHSA-27g2-7x65-3cc5"
},
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://ubuntu.com/security/notices/USN-6556-1"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49343"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"packageName": "budgie-extras",
"platforms": [
"Linux"
],
"product": "Budgie Extras",
"vendor": "Ubuntu Budgie",
"versions": [
{
"lessThan": "v1.7.1",
"status": "affected",
"version": "v1.4.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "analyst",
"value": "Sam Lane"
},
{
"lang": "en",
"type": "remediation verifier",
"value": "David Mohammed"
}
],
"datePublic": "2023-12-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Temporary data passed between application components by Budgie Extras Dropby applet could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may pre-create and control this file to present false information to users or deny access to the application and panel."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-337",
"description": "CWE-337",
"lang": "en",
"type": "CWE"
},
{
"cweId": "CWE-668",
"description": "CWE-668",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-14T21:31:00.844Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/UbuntuBudgie/budgie-extras/security/advisories/GHSA-27g2-7x65-3cc5"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://ubuntu.com/security/notices/USN-6556-1"
},
{
"tags": [
"issue-tracking"
],
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49343"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2023-49343",
"datePublished": "2023-12-14T21:31:00.844Z",
"dateReserved": "2023-11-27T03:17:52.865Z",
"dateUpdated": "2024-08-02T21:53:44.977Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-40267 (GCVE-0-2022-40267)
Vulnerability from cvelistv5 – Published: 2023-01-20 07:52 – Updated: 2024-08-03 12:14
VLAI
EPSS
VEX
Title
Authentication Bypass Vulnerability in Web Server Function on MELSEC Series
Summary
Predictable Seed in Pseudo-Random Number Generator (PRNG) vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-xMy/z (x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) with serial number 17X**** or later, and versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-xMy/z (x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) with serial number 179**** and prior, and versions 1.074 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-xMy/z (x=32,64,96, y=T, z=D,DSS)) with serial number 17X**** or later, and versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-xMy/z (x=32,64,96, y=T, z=D,DSS)) with serial number 179**** and prior, and versions 1.074 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-32MT/DS-TS versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-32MT/DSS-TS versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-xMy/z (x=24,40,60, y=T,R, z=ES,ESS) versions 1.042 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-xMy/ES-A (x=24,40,60, y=T,R) versions 1.043 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5S-xMy/z (x=30,40,60,80, y=T,R, z=ES,ESS) versions 1.003 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-32MR/DS-TS versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R00/01/02CPU versions 33 and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120(EN)CPU versions 66 and prior allows a remote unauthenticated attacker to access the Web server function by guessing the random numbers used for authentication from several used random numbers.
Severity
5.9 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-337 - Predictable Seed in Pseudo-Random Number Generator (PRNG)
Assigner
References
Impacted products
120 products
| Vendor | Product | Version | |
|---|---|---|---|
| Mitsubishi Electric Corporation | MELSEC iQ-F Series FX5U-32MT/ES |
Affected:
serial number 17X**** or later, and versions 1.280 and prior
Affected: serial number 179**** and prior, and versions 1.074 and prior |
|
| Mitsubishi Electric Corporation | MELSEC iQ-F Series FX5U-64MT/ES |
Affected:
serial number 17X**** or later, and versions 1.280 and prior
Affected: serial number 179**** and prior, and versions 1.074 and prior |
|
| Mitsubishi Electric Corporation | MELSEC iQ-F Seres FX5U-80MT/ES |
Affected:
serial number 17X**** or later, and versions 1.280 and prior
Affected: serial number 179**** and prior, and versions 1.074 and prior |
|
| Mitsubishi Electric Corporation | MELSEC iQ-F Series FX5U-32MR/ES |
Affected:
serial number 17X**** or later, and versions 1.280 and prior
Affected: serial number 179**** and prior, and versions 1.074 and prior |
|
| Mitsubishi Electric Corporation | MELSEC iQ-F Series FX5U-64MR/ES |
Affected:
serial number 17X**** or later, and versions 1.280 and prior
Affected: serial number 179**** and prior, and versions 1.074 and prior |
|
| Mitsubishi Electric Corporation | MELSEC iQ-F Series FX5U-80MR/ES |
Affected:
serial number 17X**** or later, and versions 1.280 and prior
Affected: serial number 179**** and prior, and versions 1.074 and prior |
|
| Mitsubishi Electric Corporation | MELSEC iQ-F Series FX5U-32MT/DS |
Affected:
serial number 17X**** or later, and versions 1.280 and prior
Affected: serial number 179**** and prior, and versions 1.074 and prior |
|
| Mitsubishi Electric Corporation | MELSEC iQ-F Series FX5U-64MT/DS |
Affected:
serial number 17X**** or later, and versions 1.280 and prior
Affected: serial number 179**** and prior, and versions 1.074 and prior |
|
| Mitsubishi Electric Corporation | MELSEC iQ-F Series FX5U-80MT/DS |
Affected:
serial number 17X**** or later, and versions 1.280 and prior
Affected: serial number 179**** and prior, and versions 1.074 and prior |
|
| Mitsubishi Electric Corporation | MELSEC iQ-F Series FX5U-32MR/DS |
Affected:
serial number 17X**** or later, and versions 1.280 and prior
Affected: serial number 179**** and prior, and versions 1.074 and prior |
|
| Mitsubishi Electric Corporation | MELSEC iQ-F Series FX5U-64MR/DS |
Affected:
serial number 17X**** or later, and versions 1.280 and prior
Affected: serial number 179**** and prior, and versions 1.074 and prior |
|
| Mitsubishi Electric Corporation | MELSEC iQ-F Series FX5U-80MR/DS |
Affected:
serial number 17X**** or later, and versions 1.280 and prior
Affected: serial number 179**** and prior, and versions 1.074 and prior |
|
| Mitsubishi Electric Corporation | MELSEC iQ-F Series FX5U-32MT/ESS |
Affected:
serial number 17X**** or later, and versions 1.280 and prior
Affected: serial number 179**** and prior, and versions 1.074 and prior |
|
| Mitsubishi Electric Corporation | MELSEC iQ-F Series FX5U-64MT/ESS |
Affected:
serial number 17X**** or later, and versions 1.280 and prior
Affected: serial number 179**** and prior, and versions 1.074 and prior |
|
| Mitsubishi Electric Corporation | MELSEC iQ-F Series FX5U-80MT/ESS |
Affected:
serial number 17X**** or later, and versions 1.280 and prior
Affected: serial number 179**** and prior, and versions 1.074 and prior |
|
| Mitsubishi Electric Corporation | MELSEC iQ-F Series FX5U-32MT/DSS |
Affected:
serial number 17X**** or later, and versions 1.280 and prior
Affected: serial number 179**** and prior, and versions 1.074 and prior |
|
| Mitsubishi Electric Corporation | MELSEC iQ-F Series FX5U-64MT/DSS |
Affected:
serial number 17X**** or later, and versions 1.280 and prior
Affected: serial number 179**** and prior, and versions 1.074 and prior |
|
| Mitsubishi Electric Corporation | MELSEC iQ-F Series FX5U-80MT/DSS |
Affected:
serial number 17X**** or later, and versions 1.280 and prior
Affected: serial number 179**** and prior, and versions 1.074 and prior |
|
| Mitsubishi Electric Corporation | MELSEC iQ-F Series FX5UC-32MT/D |
Affected:
serial number 17X**** or later, and versions 1.280 and prior
Affected: serial number 179**** and prior, and versions 1.074 and prior |
|
| Mitsubishi Electric Corporation | MELSEC iQ-F Series FX5UC-64MT/D |
Affected:
serial number 17X**** or later, and versions 1.280 and prior
Affected: serial number 179**** and prior, and versions 1.074 and prior |
|
| Mitsubishi Electric Corporation | MELSEC iQ-F Series FX5UC-96MT/D |
Affected:
serial number 17X**** or later, and versions 1.280 and prior
Affected: serial number 179**** and prior, and versions 1.074 and prior |
|
| Mitsubishi Electric Corporation | MELSEC iQ-F Series FX5UC-32MT/DSS |
Affected:
serial number 17X**** or later, and versions 1.280 and prior
Affected: serial number 179**** and prior, and versions 1.074 and prior |
|
| Mitsubishi Electric Corporation | MELSEC iQ-F Series FX5UC-64MT/DSS |
Affected:
serial number 17X**** or later, and versions 1.280 and prior
Affected: serial number 179**** and prior, and versions 1.074 and prior |
|
| Mitsubishi Electric Corporation | MELSEC iQ-F Series FX5UC-96MT/DSS |
Affected:
serial number 17X**** or later, and versions 1.280 and prior
Affected: serial number 179**** and prior, and versions 1.074 and prior |
|
| Mitsubishi Electric Corporation | MELSEC iQ-F Series FX5UC-32MT/DS-TS |
Affected:
versions 1.280 and prior
|
|
| Mitsubishi Electric Corporation | MELSEC iQ-F Series FX5UC-32MT/DSS-TS |
Affected:
versions 1.280 and prior
|
|
| Mitsubishi Electric Corporation | MELSEC iQ-F Series FX5UC-32MR/DS-TS |
Affected:
versions 1.280 and prior
|
|
| Mitsubishi Electric Corporation | MELSEC iQ-R Series R00CPU |
Affected:
versions 33 and prior
|
|
| Mitsubishi Electric Corporation | MELSEC iQ-R Series R01CPU |
Affected:
versions 33 and prior
|
|
| Mitsubishi Electric Corporation | MELSEC iQ-R Series R02CPU |
Affected:
versions 33 and prior
|
|
| Mitsubishi Electric Corporation | MELSEC iQ-R Series R04CPU |
Affected:
versions 66 and prior
|
|
| Mitsubishi Electric Corporation | MELSEC iQ-R Series R08CPU |
Affected:
versions 66 and prior
|
|
| Mitsubishi Electric Corporation | MELSEC iQ-R Series R16CPU |
Affected:
versions 66 and prior
|
|
| Mitsubishi Electric Corporation | MELSEC iQ-R Series R32CPU |
Affected:
versions 66 and prior
|
|
| Mitsubishi Electric Corporation | MELSEC iQ-R Series R120CPU |
Affected:
versions 66 and prior
|
|
| Mitsubishi Electric Corporation | MELSEC iQ-R Series R04ENCPU |
Affected:
versions 66 and prior
|
|
| Mitsubishi Electric Corporation | MELSEC iQ-R Series R08ENCPU |
Affected:
versions 66 and prior
|
|
| Mitsubishi Electric Corporation | MELSEC iQ-R Series R16ENCPU |
Affected:
versions 66 and prior
|
|
| Mitsubishi Electric Corporation | MELSEC iQ-R Series R32ENCPU |
Affected:
versions 66 and prior
|
|
| Mitsubishi Electric Corporation | MELSEC iQ-R Series R120ENCPU |
Affected:
versions 66 and prior
|
|
| Mitsubishi Electric Corporation | MELSEC iQ-F Series FX5UJ-24MT/ES |
Affected:
1.042 and prior
|
|
| Mitsubishi Electric Corporation | MELSEC iQ-F Series FX5UJ-40MT/ES |
Affected:
1.042 and prior
|
|
| Mitsubishi Electric Corporation | MELSEC iQ-F Series FX5UJ-60MT/ES |
Affected:
1.042 and prior
|
|
| Mitsubishi Electric Corporation | MELSEC iQ-F Series FX5UJ-24MR/ES |
Affected:
1.042 and prior
|
|
| Mitsubishi Electric Corporation | MELSEC iQ-F Series FX5UJ-40MR/ES |
Affected:
1.042 and prior
|
|
| Mitsubishi Electric Corporation | MELSEC iQ-F Series FX5UJ-60MR/ES |
Affected:
1.042 and prior
|
|
| Mitsubishi Electric Corporation | MELSEC iQ-F Series FX5UJ-24MT/ESS |
Affected:
1.042 and prior
|
|
| Mitsubishi Electric Corporation | MELSEC iQ-F Series FX5UJ-40MT/ESS |
Affected:
1.042 and prior
|
|
| Mitsubishi Electric Corporation | MELSEC iQ-F Series FX5UJ-60MT/ESS |
Affected:
1.042 and prior
|
|
| Mitsubishi Electric Corporation | MELSEC iQ-F Series FX5UJ-24MT/ES-A |
Affected:
1.043 and prior
|
|
| Mitsubishi Electric Corporation | MELSEC iQ-F Series FX5UJ-40MT/ES-A |
Affected:
1.043 and prior
|
|
| Mitsubishi Electric Corporation | MELSEC iQ-F Series FX5UJ-60MT/ES-A |
Affected:
1.043 and prior
|
|
| Mitsubishi Electric Corporation | MELSEC iQ-F Series FX5UJ-24MR/ES-A |
Affected:
1.043 and prior
|
|
| Mitsubishi Electric Corporation | MELSEC iQ-F Series FX5UJ-40MR/ES-A |
Affected:
1.043 and prior
|
|
| Mitsubishi Electric Corporation | MELSEC iQ-F Series FX5UJ-60MR/ES-A |
Affected:
1.043 and prior
|
|
| Mitsubishi Electric Corporation | MELSEC iQ-F Series FX5S-30MT/ES |
Affected:
1.003 and prior
|
|
| Mitsubishi Electric Corporation | MELSEC iQ-F Series FX5S-40MT/ES |
Affected:
1.003 and prior
|
|
| Mitsubishi Electric Corporation | MELSEC iQ-F Series FX5S-60MT/ES |
Affected:
1.003 and prior
|
|
| Mitsubishi Electric Corporation | MELSEC iQ-F Series FX5S-80MT/ES |
Affected:
1.003 and prior
|
|
| Mitsubishi Electric Corporation | MELSEC iQ-F Series FX5S-30MR/ES |
Affected:
1.003 and prior
|
|
| Mitsubishi Electric Corporation | MELSEC iQ-F Series FX5S-40MR/ES |
Affected:
1.003 and prior
|
|
| Mitsubishi Electric Corporation | MELSEC iQ-F Series FX5S-60MR/ES |
Affected:
1.003 and prior
|
|
| Mitsubishi Electric Corporation | MELSEC iQ-F Series FX5S-80MR/ES |
Affected:
1.003 and prior
|
|
| Mitsubishi Electric Corporation | MELSEC iQ-F Series FX5S-30MT/ESS |
Affected:
1.003 and prior
|
|
| Mitsubishi Electric Corporation | MELSEC iQ-F Series FX5S-40MT/ESS |
Affected:
1.003 and prior
|
|
| Mitsubishi Electric Corporation | MELSEC iQ-F Series FX5S-60MT/ESS |
Affected:
1.003 and prior
|
|
| Mitsubishi Electric Corporation | MELSEC iQ-F Series FX5S-80MT/ESS |
Affected:
1.003 and prior
|
|
| mitsubishielectric | fx5u-80mt\/ess_firmware |
Affected:
0 , ≤ 1.042
(custom)
cpe:2.3:o:mitsubishielectric:fx5u-80mt\/ess_firmware:-:*:*:*:*:*:*:* |
|
| mitsubishielectric | fx5u-32mt\/dss_firmware |
Affected:
0 , ≤ 1.042
(custom)
cpe:2.3:o:mitsubishielectric:fx5u-32mt\/dss_firmware:-:*:*:*:*:*:*:* |
|
| mitsubishielectric | fx5u-64mt\/dss_firmware |
Affected:
0 , ≤ 1.042
(custom)
cpe:2.3:o:mitsubishielectric:fx5u-64mt\/dss_firmware:-:*:*:*:*:*:*:* |
|
| mitsubishielectric | fx5u-80mt\/dss_firmware |
Affected:
0 , ≤ 1.042
(custom)
cpe:2.3:o:mitsubishielectric:fx5u-80mt\/dss_firmware:-:*:*:*:*:*:*:* |
|
| mitsubishielectric | fx5uc-32mt\/d_firmware |
Affected:
0 , ≤ 1.042
(custom)
cpe:2.3:o:mitsubishielectric:fx5uc-32mt\/d_firmware:-:*:*:*:*:*:*:* |
|
| mitsubishielectric | fx5uc-64mt\/d_firmware |
Affected:
0 , ≤ 1.042
(custom)
cpe:2.3:o:mitsubishielectric:fx5uc-64mt\/d_firmware:-:*:*:*:*:*:*:* |
|
| mitsubishielectric | fx5uc-96mt\/d_firmware |
Affected:
0 , ≤ 1.042
(custom)
cpe:2.3:o:mitsubishielectric:fx5uc-96mt\/d_firmware:-:*:*:*:*:*:*:* |
|
| mitsubishielectric | fx5uc-32mt\/dss_firmware |
Affected:
0 , ≤ 1.042
(custom)
cpe:2.3:o:mitsubishielectric:fx5uc-32mt\/dss_firmware:-:*:*:*:*:*:*:* |
|
| mitsubishielectric | fx5uc-64mt\/dss_firmware |
Affected:
0 , ≤ 1.042
(custom)
cpe:2.3:o:mitsubishielectric:fx5uc-64mt\/dss_firmware:-:*:*:*:*:*:*:* |
|
| mitsubishielectric | fx5uc-96mt\/dss_firmware |
Affected:
0 , ≤ 1.042
(custom)
cpe:2.3:o:mitsubishielectric:fx5uc-96mt\/dss_firmware:-:*:*:*:*:*:*:* |
|
| mitsubishielectric | fx5uc-32mt\/ds-ts_firmware |
Affected:
0 , ≤ 1.042
(custom)
cpe:2.3:o:mitsubishielectric:fx5uc-32mt\/ds-ts_firmware:-:*:*:*:*:*:*:* |
|
| mitsubishielectric | fx5uc-32mt\/dss-ts_firmware |
Affected:
0 , ≤ 1.042
(custom)
cpe:2.3:o:mitsubishielectric:fx5uc-32mt\/dss-ts_firmware:-:*:*:*:*:*:*:* |
|
| mitsubishielectric | fx5uc-32mr\/ds-ts_firmware |
Affected:
0 , ≤ 1.042
(custom)
cpe:2.3:o:mitsubishielectric:fx5uc-32mr\/ds-ts_firmware:-:*:*:*:*:*:*:* |
|
| mitsubishielectric | r00cpu_firmware |
Affected:
0 , ≤ 1.042
(custom)
cpe:2.3:o:mitsubishielectric:r00cpu_firmware:-:*:*:*:*:*:*:* |
|
| mitsubishielectric | r01cpu_firmware |
Affected:
0 , ≤ 1.042
(custom)
cpe:2.3:o:mitsubishielectric:r01cpu_firmware:-:*:*:*:*:*:*:* |
|
| mitsubishielectric | r02cpu_firmware |
Affected:
0 , ≤ 1.042
(custom)
cpe:2.3:o:mitsubishielectric:r02cpu_firmware:-:*:*:*:*:*:*:* |
|
| mitsubishielectric | r04cpu_firmware |
Affected:
0 , ≤ 1.042
(custom)
cpe:2.3:o:mitsubishielectric:r04cpu_firmware:-:*:*:*:*:*:*:* |
|
| mitsubishielectric | r08cpu_firmware |
Affected:
0 , ≤ 1.042
(custom)
cpe:2.3:o:mitsubishielectric:r08cpu_firmware:-:*:*:*:*:*:*:* |
|
| mitsubishielectric | r16cpu_firmware |
Affected:
0 , ≤ 1.042
(custom)
cpe:2.3:o:mitsubishielectric:r16cpu_firmware:-:*:*:*:*:*:*:* |
|
| mitsubishielectric | r32cpu_firmware |
Affected:
0 , ≤ 1.042
(custom)
cpe:2.3:o:mitsubishielectric:r32cpu_firmware:-:*:*:*:*:*:*:* |
|
| mitsubishielectric | r120cpu_firmware |
Affected:
0 , ≤ 1.042
(custom)
cpe:2.3:o:mitsubishielectric:r120cpu_firmware:-:*:*:*:*:*:*:* |
|
| mitsubishielectric | r04encpu_firmware |
Affected:
0 , ≤ 1.042
(custom)
cpe:2.3:o:mitsubishielectric:r04encpu_firmware:-:*:*:*:*:*:*:* |
|
| mitsubishielectric | r08encpu_firmware |
Affected:
0 , ≤ 1.042
(custom)
cpe:2.3:o:mitsubishielectric:r08encpu_firmware:-:*:*:*:*:*:*:* |
|
| mitsubishielectric | r16encpu_firmware |
Affected:
0 , ≤ 1.042
(custom)
cpe:2.3:o:mitsubishielectric:r16encpu_firmware:-:*:*:*:*:*:*:* |
|
| mitsubishielectric | r32encpu_firmware |
Affected:
0 , ≤ 1.042
(custom)
cpe:2.3:o:mitsubishielectric:r32encpu_firmware:-:*:*:*:*:*:*:* |
|
| mitsubishielectric | r120encpu_firmware |
Affected:
0 , ≤ 1.042
(custom)
cpe:2.3:o:mitsubishielectric:r120encpu_firmware:-:*:*:*:*:*:*:* |
|
| mitsubishielectric | fx5uj-24mt\/es_firmware |
Affected:
0 , ≤ 1.042
(custom)
cpe:2.3:o:mitsubishielectric:fx5uj-24mt\/es_firmware:-:*:*:*:*:*:*:* |
|
| mitsubishielectric | fx5uj-40mt\/es_firmware |
Affected:
0 , ≤ 1.042
(custom)
cpe:2.3:o:mitsubishielectric:fx5uj-40mt\/es_firmware:-:*:*:*:*:*:*:* |
|
| mitsubishielectric | fx5uj-60mt\/es_firmware |
Affected:
0 , ≤ 1.042
(custom)
cpe:2.3:o:mitsubishielectric:fx5uj-60mt\/es_firmware:-:*:*:*:*:*:*:* |
|
| mitsubishielectric | fx5uj-24mr\/es_firmware |
Affected:
0 , ≤ 1.042
(custom)
cpe:2.3:o:mitsubishielectric:fx5uj-24mr\/es_firmware:-:*:*:*:*:*:*:* |
|
| mitsubishielectric | fx5uj-40mr\/es_firmware |
Affected:
0 , ≤ 1.042
(custom)
cpe:2.3:o:mitsubishielectric:fx5uj-40mr\/es_firmware:-:*:*:*:*:*:*:* |
|
| mitsubishielectric | fx5uj-60mr\/es_firmware |
Affected:
0 , ≤ 1.042
(custom)
cpe:2.3:o:mitsubishielectric:fx5uj-60mr\/es_firmware:-:*:*:*:*:*:*:* |
|
| mitsubishielectric | fx5uj-24mt\/ess_firmware |
Affected:
0 , ≤ 1.042
(custom)
cpe:2.3:o:mitsubishielectric:fx5uj-24mt\/ess_firmware:-:*:*:*:*:*:*:* |
|
| mitsubishielectric | fx5uj-40mt\/ess_firmware |
Affected:
0 , ≤ 1.042
(custom)
cpe:2.3:o:mitsubishielectric:fx5uj-40mt\/ess_firmware:-:*:*:*:*:*:*:* |
|
| mitsubishielectric | fx5uj-60mt\/ess_firmware |
Affected:
0 , ≤ 1.042
(custom)
cpe:2.3:o:mitsubishielectric:fx5uj-60mt\/ess_firmware:-:*:*:*:*:*:*:* |
|
| mitsubishielectric | fx5uj-24mt\/es-a_firmware |
Affected:
0 , ≤ 1.042
(custom)
cpe:2.3:o:mitsubishielectric:fx5uj-24mt\/es-a_firmware:-:*:*:*:*:*:*:* |
|
| mitsubishielectric | fx5uj-40mt\/es-a_firmware |
Affected:
0 , ≤ 1.042
(custom)
cpe:2.3:o:mitsubishielectric:fx5uj-40mt\/es-a_firmware:-:*:*:*:*:*:*:* |
|
| mitsubishielectric | fx5uj-60mt\/es-a_firmware |
Affected:
0 , ≤ 1.042
(custom)
cpe:2.3:o:mitsubishielectric:fx5uj-60mt\/es-a_firmware:-:*:*:*:*:*:*:* |
|
| mitsubishielectric | fx5uj-24mr\/es-a_firmware |
Affected:
0 , ≤ 1.042
(custom)
cpe:2.3:o:mitsubishielectric:fx5uj-24mr\/es-a_firmware:-:*:*:*:*:*:*:* |
|
| mitsubishielectric | fx5uj-40mr\/es-a_firmware |
Affected:
0 , ≤ 1.042
(custom)
cpe:2.3:o:mitsubishielectric:fx5uj-40mr\/es-a_firmware:-:*:*:*:*:*:*:* |
|
| mitsubishielectric | fx5uj-60mr\/es-a_firmware |
Affected:
0 , ≤ 1.042
(custom)
cpe:2.3:o:mitsubishielectric:fx5uj-60mr\/es-a_firmware:-:*:*:*:*:*:*:* |
|
| mitsubishielectric | fx5s-30mt\/es_firmware |
Affected:
0 , ≤ 1.042
(custom)
cpe:2.3:o:mitsubishielectric:fx5s-30mt\/es_firmware:-:*:*:*:*:*:*:* |
|
| mitsubishielectric | fx5s-40mt\/es_firmware |
Affected:
0 , ≤ 1.042
(custom)
cpe:2.3:o:mitsubishielectric:fx5s-40mt\/es_firmware:-:*:*:*:*:*:*:* |
|
| mitsubishielectric | fx5s-60mt\/es_firmware |
Affected:
0 , ≤ 1.042
(custom)
cpe:2.3:o:mitsubishielectric:fx5s-60mt\/es_firmware:-:*:*:*:*:*:*:* |
|
| mitsubishielectric | fx5s-80mt\/es_firmware |
Affected:
0 , ≤ 1.042
(custom)
cpe:2.3:o:mitsubishielectric:fx5s-80mt\/es_firmware:-:*:*:*:*:*:*:* |
|
| mitsubishielectric | fx5s-30mr\/es_firmware |
Affected:
0 , ≤ 1.042
(custom)
cpe:2.3:o:mitsubishielectric:fx5s-30mr\/es_firmware:-:*:*:*:*:*:*:* |
|
| mitsubishielectric | fx5s-40mr\/es_firmware |
Affected:
0 , ≤ 1.042
(custom)
cpe:2.3:o:mitsubishielectric:fx5s-40mr\/es_firmware:-:*:*:*:*:*:*:* |
|
| mitsubishielectric | fx5s-60mr\/es_firmware |
Affected:
0 , ≤ 1.042
(custom)
cpe:2.3:o:mitsubishielectric:fx5s-60mr\/es_firmware:-:*:*:*:*:*:*:* |
|
| mitsubishielectric | fx5s-80mr\/es_firmware |
Affected:
0 , ≤ 1.042
(custom)
cpe:2.3:o:mitsubishielectric:fx5s-80mr\/es_firmware:-:*:*:*:*:*:*:* |
|
| mitsubishielectric | fx5s-30mt\/ess_firmware |
Affected:
0 , ≤ 1.042
(custom)
cpe:2.3:o:mitsubishielectric:fx5s-30mt\/ess_firmware:-:*:*:*:*:*:*:* |
|
| mitsubishielectric | fx5s-40mt\/ess_firmware |
Affected:
0 , ≤ 1.042
(custom)
cpe:2.3:o:mitsubishielectric:fx5s-40mt\/ess_firmware:-:*:*:*:*:*:*:* |
|
| mitsubishielectric | fx5s-60mt\/ess_firmware |
Affected:
0 , ≤ 1.042
(custom)
cpe:2.3:o:mitsubishielectric:fx5s-60mt\/ess_firmware:-:*:*:*:*:*:*:* |
|
| mitsubishielectric | fx5s-80mt\/ess_firmware |
Affected:
0 , ≤ 1.042
(custom)
cpe:2.3:o:mitsubishielectric:fx5s-80mt\/ess_firmware:-:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:14:39.972Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1646"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-019_en.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/vu/JVNVU99673580/index.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-017-02"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:mitsubishielectric:fx5u-80mt\\/ess_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fx5u-80mt\\/ess_firmware",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThanOrEqual": "1.042",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:mitsubishielectric:fx5u-32mt\\/dss_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fx5u-32mt\\/dss_firmware",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThanOrEqual": "1.042",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:mitsubishielectric:fx5u-64mt\\/dss_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fx5u-64mt\\/dss_firmware",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThanOrEqual": "1.042",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:mitsubishielectric:fx5u-80mt\\/dss_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fx5u-80mt\\/dss_firmware",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThanOrEqual": "1.042",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:mitsubishielectric:fx5uc-32mt\\/d_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fx5uc-32mt\\/d_firmware",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThanOrEqual": "1.042",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:mitsubishielectric:fx5uc-64mt\\/d_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fx5uc-64mt\\/d_firmware",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThanOrEqual": "1.042",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:mitsubishielectric:fx5uc-96mt\\/d_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fx5uc-96mt\\/d_firmware",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThanOrEqual": "1.042",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:mitsubishielectric:fx5uc-32mt\\/dss_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fx5uc-32mt\\/dss_firmware",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThanOrEqual": "1.042",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:mitsubishielectric:fx5uc-64mt\\/dss_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fx5uc-64mt\\/dss_firmware",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThanOrEqual": "1.042",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:mitsubishielectric:fx5uc-96mt\\/dss_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fx5uc-96mt\\/dss_firmware",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThanOrEqual": "1.042",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:mitsubishielectric:fx5uc-32mt\\/ds-ts_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fx5uc-32mt\\/ds-ts_firmware",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThanOrEqual": "1.042",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:mitsubishielectric:fx5uc-32mt\\/dss-ts_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fx5uc-32mt\\/dss-ts_firmware",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThanOrEqual": "1.042",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:mitsubishielectric:fx5uc-32mr\\/ds-ts_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fx5uc-32mr\\/ds-ts_firmware",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThanOrEqual": "1.042",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:mitsubishielectric:r00cpu_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "r00cpu_firmware",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThanOrEqual": "1.042",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:mitsubishielectric:r01cpu_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "r01cpu_firmware",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThanOrEqual": "1.042",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:mitsubishielectric:r02cpu_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "r02cpu_firmware",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThanOrEqual": "1.042",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:mitsubishielectric:r04cpu_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "r04cpu_firmware",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThanOrEqual": "1.042",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:mitsubishielectric:r08cpu_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "r08cpu_firmware",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThanOrEqual": "1.042",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:mitsubishielectric:r16cpu_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "r16cpu_firmware",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThanOrEqual": "1.042",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:mitsubishielectric:r32cpu_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "r32cpu_firmware",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThanOrEqual": "1.042",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:mitsubishielectric:r120cpu_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "r120cpu_firmware",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThanOrEqual": "1.042",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:mitsubishielectric:r04encpu_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "r04encpu_firmware",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThanOrEqual": "1.042",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:mitsubishielectric:r08encpu_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "r08encpu_firmware",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThanOrEqual": "1.042",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:mitsubishielectric:r16encpu_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "r16encpu_firmware",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThanOrEqual": "1.042",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:mitsubishielectric:r32encpu_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "r32encpu_firmware",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThanOrEqual": "1.042",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:mitsubishielectric:r120encpu_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "r120encpu_firmware",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThanOrEqual": "1.042",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:mitsubishielectric:fx5uj-24mt\\/es_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fx5uj-24mt\\/es_firmware",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThanOrEqual": "1.042",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:mitsubishielectric:fx5uj-40mt\\/es_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fx5uj-40mt\\/es_firmware",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThanOrEqual": "1.042",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:mitsubishielectric:fx5uj-60mt\\/es_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fx5uj-60mt\\/es_firmware",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThanOrEqual": "1.042",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:mitsubishielectric:fx5uj-24mr\\/es_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fx5uj-24mr\\/es_firmware",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThanOrEqual": "1.042",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:mitsubishielectric:fx5uj-40mr\\/es_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fx5uj-40mr\\/es_firmware",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThanOrEqual": "1.042",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:mitsubishielectric:fx5uj-60mr\\/es_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fx5uj-60mr\\/es_firmware",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThanOrEqual": "1.042",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:mitsubishielectric:fx5uj-24mt\\/ess_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fx5uj-24mt\\/ess_firmware",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThanOrEqual": "1.042",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:mitsubishielectric:fx5uj-40mt\\/ess_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fx5uj-40mt\\/ess_firmware",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThanOrEqual": "1.042",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:mitsubishielectric:fx5uj-60mt\\/ess_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fx5uj-60mt\\/ess_firmware",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThanOrEqual": "1.042",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:mitsubishielectric:fx5uj-24mt\\/es-a_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fx5uj-24mt\\/es-a_firmware",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThanOrEqual": "1.042",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:mitsubishielectric:fx5uj-40mt\\/es-a_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fx5uj-40mt\\/es-a_firmware",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThanOrEqual": "1.042",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:mitsubishielectric:fx5uj-60mt\\/es-a_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fx5uj-60mt\\/es-a_firmware",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThanOrEqual": "1.042",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:mitsubishielectric:fx5uj-24mr\\/es-a_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fx5uj-24mr\\/es-a_firmware",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThanOrEqual": "1.042",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:mitsubishielectric:fx5uj-40mr\\/es-a_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fx5uj-40mr\\/es-a_firmware",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThanOrEqual": "1.042",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:mitsubishielectric:fx5uj-60mr\\/es-a_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fx5uj-60mr\\/es-a_firmware",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThanOrEqual": "1.042",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:mitsubishielectric:fx5s-30mt\\/es_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fx5s-30mt\\/es_firmware",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThanOrEqual": "1.042",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:mitsubishielectric:fx5s-40mt\\/es_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fx5s-40mt\\/es_firmware",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThanOrEqual": "1.042",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:mitsubishielectric:fx5s-60mt\\/es_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fx5s-60mt\\/es_firmware",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThanOrEqual": "1.042",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:mitsubishielectric:fx5s-80mt\\/es_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fx5s-80mt\\/es_firmware",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThanOrEqual": "1.042",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:mitsubishielectric:fx5s-30mr\\/es_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fx5s-30mr\\/es_firmware",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThanOrEqual": "1.042",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:mitsubishielectric:fx5s-40mr\\/es_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fx5s-40mr\\/es_firmware",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThanOrEqual": "1.042",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:mitsubishielectric:fx5s-60mr\\/es_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fx5s-60mr\\/es_firmware",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThanOrEqual": "1.042",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:mitsubishielectric:fx5s-80mr\\/es_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fx5s-80mr\\/es_firmware",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThanOrEqual": "1.042",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:mitsubishielectric:fx5s-30mt\\/ess_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fx5s-30mt\\/ess_firmware",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThanOrEqual": "1.042",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:mitsubishielectric:fx5s-40mt\\/ess_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fx5s-40mt\\/ess_firmware",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThanOrEqual": "1.042",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:mitsubishielectric:fx5s-60mt\\/ess_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fx5s-60mt\\/ess_firmware",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThanOrEqual": "1.042",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:mitsubishielectric:fx5s-80mt\\/ess_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fx5s-80mt\\/ess_firmware",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThanOrEqual": "1.042",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-40267",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-01T16:29:24.302691Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-01T17:23:35.219Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5U-32MT/ES",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "serial number 17X**** or later, and versions 1.280 and prior"
},
{
"status": "affected",
"version": "serial number 179**** and prior, and versions 1.074 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5U-64MT/ES",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "serial number 17X**** or later, and versions 1.280 and prior"
},
{
"status": "affected",
"version": "serial number 179**** and prior, and versions 1.074 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Seres FX5U-80MT/ES",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "serial number 17X**** or later, and versions 1.280 and prior"
},
{
"status": "affected",
"version": "serial number 179**** and prior, and versions 1.074 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5U-32MR/ES",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "serial number 17X**** or later, and versions 1.280 and prior"
},
{
"status": "affected",
"version": "serial number 179**** and prior, and versions 1.074 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5U-64MR/ES",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "serial number 17X**** or later, and versions 1.280 and prior"
},
{
"status": "affected",
"version": "serial number 179**** and prior, and versions 1.074 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5U-80MR/ES",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "serial number 17X**** or later, and versions 1.280 and prior"
},
{
"status": "affected",
"version": "serial number 179**** and prior, and versions 1.074 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5U-32MT/DS",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "serial number 17X**** or later, and versions 1.280 and prior"
},
{
"status": "affected",
"version": "serial number 179**** and prior, and versions 1.074 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5U-64MT/DS",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "serial number 17X**** or later, and versions 1.280 and prior"
},
{
"status": "affected",
"version": "serial number 179**** and prior, and versions 1.074 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5U-80MT/DS",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "serial number 17X**** or later, and versions 1.280 and prior"
},
{
"status": "affected",
"version": "serial number 179**** and prior, and versions 1.074 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5U-32MR/DS",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "serial number 17X**** or later, and versions 1.280 and prior"
},
{
"status": "affected",
"version": "serial number 179**** and prior, and versions 1.074 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5U-64MR/DS",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "serial number 17X**** or later, and versions 1.280 and prior"
},
{
"status": "affected",
"version": "serial number 179**** and prior, and versions 1.074 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5U-80MR/DS",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "serial number 17X**** or later, and versions 1.280 and prior"
},
{
"status": "affected",
"version": "serial number 179**** and prior, and versions 1.074 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5U-32MT/ESS",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "serial number 17X**** or later, and versions 1.280 and prior"
},
{
"status": "affected",
"version": "serial number 179**** and prior, and versions 1.074 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5U-64MT/ESS",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "serial number 17X**** or later, and versions 1.280 and prior"
},
{
"status": "affected",
"version": "serial number 179**** and prior, and versions 1.074 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5U-80MT/ESS",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "serial number 17X**** or later, and versions 1.280 and prior"
},
{
"status": "affected",
"version": "serial number 179**** and prior, and versions 1.074 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5U-32MT/DSS",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "serial number 17X**** or later, and versions 1.280 and prior"
},
{
"status": "affected",
"version": "serial number 179**** and prior, and versions 1.074 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5U-64MT/DSS",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "serial number 17X**** or later, and versions 1.280 and prior"
},
{
"status": "affected",
"version": "serial number 179**** and prior, and versions 1.074 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5U-80MT/DSS",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "serial number 17X**** or later, and versions 1.280 and prior"
},
{
"status": "affected",
"version": "serial number 179**** and prior, and versions 1.074 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5UC-32MT/D",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "serial number 17X**** or later, and versions 1.280 and prior"
},
{
"status": "affected",
"version": "serial number 179**** and prior, and versions 1.074 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5UC-64MT/D",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "serial number 17X**** or later, and versions 1.280 and prior"
},
{
"status": "affected",
"version": "serial number 179**** and prior, and versions 1.074 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5UC-96MT/D",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "serial number 17X**** or later, and versions 1.280 and prior"
},
{
"status": "affected",
"version": "serial number 179**** and prior, and versions 1.074 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5UC-32MT/DSS",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "serial number 17X**** or later, and versions 1.280 and prior"
},
{
"status": "affected",
"version": "serial number 179**** and prior, and versions 1.074 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5UC-64MT/DSS",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "serial number 17X**** or later, and versions 1.280 and prior"
},
{
"status": "affected",
"version": "serial number 179**** and prior, and versions 1.074 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5UC-96MT/DSS",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "serial number 17X**** or later, and versions 1.280 and prior"
},
{
"status": "affected",
"version": "serial number 179**** and prior, and versions 1.074 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5UC-32MT/DS-TS",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions 1.280 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5UC-32MT/DSS-TS",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions 1.280 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5UC-32MR/DS-TS",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions 1.280 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-R Series R00CPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions 33 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-R Series R01CPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions 33 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-R Series R02CPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions 33 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-R Series R04CPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions 66 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-R Series R08CPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions 66 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-R Series R16CPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions 66 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-R Series R32CPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions 66 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-R Series R120CPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions 66 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-R Series R04ENCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions 66 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-R Series R08ENCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions 66 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-R Series R16ENCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions 66 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-R Series R32ENCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions 66 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-R Series R120ENCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions 66 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5UJ-24MT/ES",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "1.042 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5UJ-40MT/ES",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "1.042 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5UJ-60MT/ES",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "1.042 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5UJ-24MR/ES",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "1.042 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5UJ-40MR/ES",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "1.042 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5UJ-60MR/ES",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "1.042 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5UJ-24MT/ESS",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "1.042 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5UJ-40MT/ESS",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "1.042 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5UJ-60MT/ESS",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "1.042 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5UJ-24MT/ES-A",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "1.043 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5UJ-40MT/ES-A",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "1.043 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5UJ-60MT/ES-A",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "1.043 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5UJ-24MR/ES-A",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "1.043 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5UJ-40MR/ES-A",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "1.043 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5UJ-60MR/ES-A",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "1.043 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5S-30MT/ES",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "1.003 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5S-40MT/ES",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "1.003 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5S-60MT/ES",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "1.003 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5S-80MT/ES",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "1.003 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5S-30MR/ES",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "1.003 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5S-40MR/ES",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "1.003 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5S-60MR/ES",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "1.003 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5S-80MR/ES",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "1.003 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5S-30MT/ESS",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "1.003 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5S-40MT/ESS",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "1.003 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5S-60MT/ESS",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "1.003 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5S-80MT/ESS",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "1.003 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Predictable Seed in Pseudo-Random Number Generator (PRNG) vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-xMy/z (x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) with serial number 17X**** or later, and versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-xMy/z (x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) with serial number 179**** and prior, and versions 1.074 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-xMy/z (x=32,64,96, y=T, z=D,DSS)) with serial number 17X**** or later, and versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-xMy/z (x=32,64,96, y=T, z=D,DSS)) with serial number 179**** and prior, and versions 1.074 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-32MT/DS-TS versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-32MT/DSS-TS versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-xMy/z (x=24,40,60, y=T,R, z=ES,ESS) versions 1.042 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-xMy/ES-A (x=24,40,60, y=T,R) versions 1.043 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5S-xMy/z (x=30,40,60,80, y=T,R, z=ES,ESS) versions 1.003 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-32MR/DS-TS versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R00/01/02CPU versions 33 and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120(EN)CPU versions 66 and prior allows a remote unauthenticated attacker to access the Web server function by guessing the random numbers used for authentication from several used random numbers."
}
],
"value": "Predictable Seed in Pseudo-Random Number Generator (PRNG) vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-xMy/z (x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) with serial number 17X**** or later, and versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-xMy/z (x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) with serial number 179**** and prior, and versions 1.074 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-xMy/z (x=32,64,96, y=T, z=D,DSS)) with serial number 17X**** or later, and versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-xMy/z (x=32,64,96, y=T, z=D,DSS)) with serial number 179**** and prior, and versions 1.074 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-32MT/DS-TS versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-32MT/DSS-TS versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-xMy/z (x=24,40,60, y=T,R, z=ES,ESS) versions 1.042 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-xMy/ES-A (x=24,40,60, y=T,R) versions 1.043 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5S-xMy/z (x=30,40,60,80, y=T,R, z=ES,ESS) versions 1.003 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-32MR/DS-TS versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R00/01/02CPU versions 33 and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120(EN)CPU versions 66 and prior allows a remote unauthenticated attacker to access the Web server function by guessing the random numbers used for authentication from several used random numbers."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-337",
"description": "CWE-337 Predictable Seed in Pseudo-Random Number Generator (PRNG) ",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-18T03:55:27.038Z",
"orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
"shortName": "Mitsubishi"
},
"references": [
{
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-019_en.pdf"
},
{
"url": "https://jvn.jp/vu/JVNVU99673580/index.html"
},
{
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-017-02"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authentication Bypass Vulnerability in Web Server Function on MELSEC Series",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
"assignerShortName": "Mitsubishi",
"cveId": "CVE-2022-40267",
"datePublished": "2023-01-20T07:52:56.784Z",
"dateReserved": "2022-09-08T19:40:16.931Z",
"dateUpdated": "2024-08-03T12:14:39.972Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Use non-predictable inputs for seed generation.
Mitigation MIT-2
Architecture and Design
Requirements
Strategy: Libraries or Frameworks
Use products or modules that conform to FIPS 140-2 [REF-267] to avoid obvious entropy problems, or use the more recent FIPS 140-3 [REF-1192] if possible.
Mitigation MIT-50
Implementation
Use a PRNG that periodically re-seeds itself using input from high-quality sources, such as hardware devices with high entropy. However, do not re-seed too frequently, or else the entropy source might block.
No CAPEC attack patterns related to this CWE.