fkie_cve-2022-25160
Vulnerability from fkie_nvd
Published
2022-04-01 23:15
Modified
2024-11-21 06:51
Severity ?
Summary
Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions, Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU all versions, Mitsubishi Electric MELSEC iQ-R series R16/32/64MTCPU all versions, Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4) all versions, Mitsubishi Electric MELSEC iQ-R series RJ71EN71 all versions, Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2 all versions, Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU all versions, Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4) all versions and Mitsubishi Electric MELSEC Q series QJ71E71-100 all versions allows a remote unauthenticated attacker to disclose a file in a legitimate user's product by using previously eavesdropped cleartext information and to counterfeit a legitimate user’s system.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp | https://jvn.jp/vu/JVNVU96577897/index.html | Third Party Advisory | |
| Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp | https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-04 | Third Party Advisory, US Government Resource | |
| Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp | https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-031_en.pdf | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/vu/JVNVU96577897/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-04 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-031_en.pdf | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uc_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "66B8BB34-6DC1-459A-9C82-C54CC44F9D03",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "58019A30-5F53-4E6A-AADA-A002C8B73C24",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uc-32mr\\/ds-ts_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E10C7797-2505-4B69-94E9-78F931A72D0B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uc-32mr\\/ds-ts:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6319D639-CC7B-414E-9DCB-F9D427E8FEF2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uc-32mt\\/d_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9E2293F8-1A3F-4880-BCF5-B3A7DFF01F35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uc-32mt\\/d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EBBFA917-5DCF-4B0C-8C32-AC384FB880AC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uc-32mt\\/dss_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C554660B-CDC7-4DAA-8741-CFC546A6D678",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uc-32mt\\/dss:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2CFE160B-32CC-4529-AD35-7467A32B609E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uj-24mr\\/es_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5192EC31-9128-4DCB-ABEA-2EDE141B251C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uj-24mr\\/es:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3F4BA009-4F0A-427C-9D4A-F8A128F5F8C9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uj-24mt\\/es_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0C1BD07A-538D-44BC-A50E-0CD12303EE6E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uj-24mt\\/es:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B284B91-7571-4614-A721-676D1972E2D0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uj-24mt\\/ess_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EFC5E3AC-5403-46FE-8E8D-B2970BC18192",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uj-24mt\\/ess:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7D8A69D9-DE42-4953-AD81-40EF7A003823",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uj-40mr\\/es_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E437415B-3072-438C-8054-FB4C8AD780D4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uj-40mr\\/es:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B0AA6C3-68CC-454B-A959-707BB20F4E07",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uj-40mt\\/es_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "63BA3EA7-C2A4-4A58-914C-63DDB958548B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uj-40mt\\/es:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8ED5C2F9-C203-40FD-B15C-F91A68FA0DCC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uj-40mt\\/ess_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE6A1EF8-C44A-466A-BDD2-BED016A9BED2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uj-40mt\\/ess:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1A38E527-6290-49AE-885A-21C4FC77EE96",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uj-60mr\\/es_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B59ED412-6D2A-4B07-B665-6B8EB9FFF173",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uj-60mr\\/es:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8CAF8ED8-B265-4FC5-91AE-CFA4C282E27F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uj-60mt\\/es_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EF1D2D59-F506-45D4-BD4A-D69CFDDCD50F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uj-60mt\\/es:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8F5B2760-4E56-4FAA-A723-BB7CC28FAFD2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uj-60mt\\/ess_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1AADFEEA-40C3-4F4B-ADFD-4B58DF06E6A3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uj-60mt\\/ess:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7625B11E-0A91-46D2-8952-AC0BA956D7A8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uc-32mt\\/dss-ts_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "62AF044F-84FF-4EEB-A0ED-755B94BE8A3B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uc-32mt\\/dss-ts:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2122A970-5A7D-40A6-BB97-622B695713ED",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uc-32mt\\/ds-ts_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D9666151-FC68-471D-960F-9A85B2AE513B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uc-32mt\\/ds-ts:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C4B64FFA-59CE-46E9-B240-F083B332BFD1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uj_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2526AE1D-EE80-4828-AD4B-DD1E985F238B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uj:-:*:*:*:*:*:*:*",
"matchCriteriaId": "71622C45-9436-4AC0-8DFC-C05E4F92EA61",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions, Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU all versions, Mitsubishi Electric MELSEC iQ-R series R16/32/64MTCPU all versions, Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4) all versions, Mitsubishi Electric MELSEC iQ-R series RJ71EN71 all versions, Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2 all versions, Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU all versions, Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4) all versions and Mitsubishi Electric MELSEC Q series QJ71E71-100 all versions allows a remote unauthenticated attacker to disclose a file in a legitimate user\u0027s product by using previously eavesdropped cleartext information and to counterfeit a legitimate user\u2019s system."
},
{
"lang": "es",
"value": "Vulnerabilidad de almacenamiento de texto claro de informaci\u00f3n sensible en la CPU de la serie MELSEC iQ-F de Mitsubishi Electric FX5U(C) todas las versiones, la CPU de la serie MELSEC iQ-F de Mitsubishi Electric FX5UJ todas las versiones, la CPU de la serie MELSEC iQ-R de Mitsubishi Electric R00/01/02CPU todas las versiones, la CPU de la serie MELSEC iQ-R de Mitsubishi Electric R04/08/16/32/120(ES)todas las versiones, Mitsubishi Electric MELSEC iQ-R serie R08/16/32/120SFCPU todas las versiones, Mitsubishi Electric MELSEC iQ-R serie R08/16/32/120PCPU todas las versiones, Mitsubishi Electric MELSEC iQ-R serie R08/16/32/120PSFCPU todas las versiones, Mitsubishi Electric MELSEC iQ-R serie R16/32/64MTCPU todas las versiones, Mitsubishi Electric MELSEC iQ-R serie RJ71C24(-R2/R4) todas las versiones, Mitsubishi Electric MELSEC iQ-R serie RJ71EN71 todas las versiones, Mitsubishi Electric MELSEC iQ-R serie RJ72GF15-T2 todas las versiones, Mitsubishi Electric MELSEC Q serie Q03/04/06/13/26UDVCPU todas las versiones, Mitsubishi Electric MELSEC Q serie Q04/06/13/26UDPVCPU todas las versiones, Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4) todas las versiones y Mitsubishi Electric MELSEC Q series QJ71E71-100 todas las versiones permite a un atacante remoto no autenticado revelar un archivo en el producto de un usuario leg\u00edtimo utilizando informaci\u00f3n en texto claro previamente escuchada y falsificar el sistema de un usuario leg\u00edtimo"
}
],
"id": "CVE-2022-25160",
"lastModified": "2024-11-21T06:51:43.233",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-01T23:15:14.427",
"references": [
{
"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/vu/JVNVU96577897/index.html"
},
{
"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-04"
},
{
"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-031_en.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/vu/JVNVU96577897/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-04"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-031_en.pdf"
}
],
"sourceIdentifier": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-312"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.