Vulnerability-Lookup

ICSA-22-020-01

Vulnerability from csaf_cisa - Published: 2022-01-20 07:00 - Updated: 2026-03-05 07:00

Summary

Mitsubishi Electric Iconics Digital Solutions and Mitsubishi Electric HMI SCADA (Update B)

Notes

Legal Notice and Terms of Use

This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).

Risk evaluation

Successful exploitation of these vulnerabilities could result in unauthorized access to information or to GENESIS64 and MC Works64 functionality, or the disabling of SQL Server in GENESIS64, ICONICS Suite, MC Works64, or GENESIS32.

Critical infrastructure sectors

Critical Manufacturing

Countries/areas deployed

Worldwide

Company headquarters location

United States (Mitsubishi Electric Iconics Digital Solutions), Japan (Mitsubishi Electric)

Recommended Practices

CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

Recommended Practices

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Recommended Practices

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Recommended Practices

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.

Recommended Practices

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

Recommended Practices

No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "organization": "Mitsubishi Electric Iconics Digital Solutions",
        "summary": "reported these vulnerabilities to CISA"
      },
      {
        "organization": "Mitsubishi Electric",
        "summary": "reported these vulnerabilities to CISA"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.cisa.gov/news-events/news/traffic-light-protocol-tlp-definitions-and-usage"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy \u0026 Use policy (https://www.cisa.gov/privacy-policy).",
        "title": "Legal Notice and Terms of Use"
      },
      {
        "category": "summary",
        "text": "Successful exploitation of these vulnerabilities could result in unauthorized access to information or to GENESIS64 and MC Works64 functionality, or the disabling of SQL Server  in GENESIS64, ICONICS Suite, MC Works64, or GENESIS32.",
        "title": "Risk evaluation"
      },
      {
        "category": "other",
        "text": "Critical Manufacturing",
        "title": "Critical infrastructure sectors"
      },
      {
        "category": "other",
        "text": "Worldwide",
        "title": "Countries/areas deployed"
      },
      {
        "category": "other",
        "text": "United States (Mitsubishi Electric Iconics Digital Solutions), Japan (Mitsubishi Electric)",
        "title": "Company headquarters location"
      },
      {
        "category": "general",
        "text": "CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.",
        "title": "Recommended Practices"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "central@cisa.dhs.gov",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-22-020-01 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2022/icsa-22-020-01.json"
      },
      {
        "category": "self",
        "summary": "ICSA Advisory ICSA-22-020-01 - Web Version",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-020-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/topics/industrial-control-systems"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/news-events/ics-alerts/ics-alert-10-301-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/news-events/news/targeted-cyber-intrusion-detection-and-mitigation-strategies-update-b"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/secure-our-world/teach-employees-avoid-phishing"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/news-events/news/avoiding-social-engineering-and-phishing-attacks"
      }
    ],
    "title": "Mitsubishi Electric Iconics Digital Solutions and Mitsubishi Electric HMI SCADA (Update B)",
    "tracking": {
      "current_release_date": "2026-03-05T07:00:00.000000Z",
      "generator": {
        "date": "2026-03-05T00:05:34.123002Z",
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.0.0"
        }
      },
      "id": "ICSA-22-020-01",
      "initial_release_date": "2022-01-20T07:00:00.000000Z",
      "revision_history": [
        {
          "date": "2022-01-20T07:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "IInitial Publication"
        },
        {
          "date": "2026-01-08T00:00:00.000000Z",
          "legacy_version": "Update A",
          "number": "2",
          "summary": "Update A - Added GENESIS32."
        },
        {
          "date": "2026-03-05T00:00:00.000000Z",
          "legacy_version": "Update B",
          "number": "3",
          "summary": "Update B - Fixes for affected versions and typographical errors"
        }
      ],
      "status": "draft",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c=10.96.2",
                "product": {
                  "name": "Mitsubishi Electric Iconics Digital Solutions ICONICS Suite: \u003c=10.96.2",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "ICONICS Suite"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003e=10.95.3 | \u003c=10.97",
                "product": {
                  "name": "Mitsubishi Electric Iconics Digital Solutions ICONICS Suite: \u003e=10.95.3 | \u003c=10.97",
                  "product_id": "CSAFPID-0002"
                }
              }
            ],
            "category": "product_name",
            "name": "ICONICS Suite"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003e=10.90 | \u003c=10.97",
                "product": {
                  "name": "Mitsubishi Electric Iconics Digital Solutions ICONICS Suite: \u003e=10.90 | \u003c=10.97",
                  "product_id": "CSAFPID-0003"
                }
              }
            ],
            "category": "product_name",
            "name": "ICONICS Suite"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c=10.97",
                "product": {
                  "name": "Mitsubishi Electric Iconics Digital Solutions ICONICS Suite: \u003c=10.97",
                  "product_id": "CSAFPID-0004"
                }
              }
            ],
            "category": "product_name",
            "name": "ICONICS Suite"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c=10.96.2",
                "product": {
                  "name": "Mitsubishi Electric Iconics Digital Solutions GENESIS64: \u003c=10.96.2",
                  "product_id": "CSAFPID-0005"
                }
              }
            ],
            "category": "product_name",
            "name": "GENESIS64"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003e=10.95.3 | \u003c=10.97",
                "product": {
                  "name": "Mitsubishi Electric Iconics Digital Solutions GENESIS64: \u003e=10.95.3 | \u003c=10.97",
                  "product_id": "CSAFPID-0006"
                }
              }
            ],
            "category": "product_name",
            "name": "GENESIS64"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003e=10.90 | \u003c=10.97",
                "product": {
                  "name": "Mitsubishi Electric Iconics Digital Solutions GENESIS64: \u003e=10.90 | \u003c=10.97",
                  "product_id": "CSAFPID-0007"
                }
              }
            ],
            "category": "product_name",
            "name": "GENESIS64"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c=10.97",
                "product": {
                  "name": "Mitsubishi Electric Iconics Digital Solutions GENESIS64: \u003c=10.97",
                  "product_id": "CSAFPID-0008"
                }
              }
            ],
            "category": "product_name",
            "name": "GENESIS64"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c=10.96.2",
                "product": {
                  "name": "Mitsubishi Electric Iconics Digital Solutions Hyper Historian: \u003c=10.96.2",
                  "product_id": "CSAFPID-0009"
                }
              }
            ],
            "category": "product_name",
            "name": "Hyper Historian"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003e=10.95.3 | \u003c=10.97",
                "product": {
                  "name": "Mitsubishi Electric Iconics Digital Solutions Hyper Historian: \u003e=10.95.3 | \u003c=10.97",
                  "product_id": "CSAFPID-0010"
                }
              }
            ],
            "category": "product_name",
            "name": "Hyper Historian"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003e=10.90 | \u003c=10.97",
                "product": {
                  "name": "Mitsubishi Electric Iconics Digital Solutions Hyper Historian: \u003e=10.90 | \u003c=10.97",
                  "product_id": "CSAFPID-0011"
                }
              }
            ],
            "category": "product_name",
            "name": "Hyper Historian"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c=10.97",
                "product": {
                  "name": "Mitsubishi Electric Iconics Digital Solutions Hyper Historian: \u003c=10.97",
                  "product_id": "CSAFPID-0012"
                }
              }
            ],
            "category": "product_name",
            "name": "Hyper Historian"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c=10.96.2",
                "product": {
                  "name": "Mitsubishi Electric Iconics Digital Solutions AnalytiX: \u003c=10.96.2",
                  "product_id": "CSAFPID-0013"
                }
              }
            ],
            "category": "product_name",
            "name": "AnalytiX"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003e=10.95.3 | \u003c=10.97",
                "product": {
                  "name": "Mitsubishi Electric Iconics Digital Solutions AnalytiX: \u003e=10.95.3 | \u003c=10.97",
                  "product_id": "CSAFPID-0014"
                }
              }
            ],
            "category": "product_name",
            "name": "AnalytiX"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003e=10.90 | \u003c=10.97",
                "product": {
                  "name": "Mitsubishi Electric Iconics Digital Solutions AnalytiX: \u003e=10.90 | \u003c=10.97",
                  "product_id": "CSAFPID-0015"
                }
              }
            ],
            "category": "product_name",
            "name": "AnalytiX"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c=10.97",
                "product": {
                  "name": "Mitsubishi Electric Iconics Digital Solutions AnalytiX: \u003c=10.97",
                  "product_id": "CSAFPID-0016"
                }
              }
            ],
            "category": "product_name",
            "name": "AnalytiX"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c=10.96.2",
                "product": {
                  "name": "Mitsubishi Electric Iconics Digital Solutions MobileHMI: \u003c=10.96.2",
                  "product_id": "CSAFPID-0017"
                }
              }
            ],
            "category": "product_name",
            "name": "MobileHMI"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003e=10.95.3 | \u003c=10.97",
                "product": {
                  "name": "Mitsubishi Electric Iconics Digital Solutions MobileHMI: \u003e=10.95.3 | \u003c=10.97",
                  "product_id": "CSAFPID-0018"
                }
              }
            ],
            "category": "product_name",
            "name": "MobileHMI"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003e=10.90 | \u003c=10.97",
                "product": {
                  "name": "Mitsubishi Electric Iconics Digital Solutions MobileHMI: \u003e=10.90 | \u003c=10.97",
                  "product_id": "CSAFPID-0019"
                }
              }
            ],
            "category": "product_name",
            "name": "MobileHMI"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c=10.97",
                "product": {
                  "name": "Mitsubishi Electric Iconics Digital Solutions MobileHMI: \u003c=10.97",
                  "product_id": "CSAFPID-0020"
                }
              }
            ],
            "category": "product_name",
            "name": "MobileHMI"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c=9.7",
                "product": {
                  "name": "Mitsubishi Electric Iconics Digital Solutions GENESIS32: \u003c=9.7",
                  "product_id": "CSAFPID-0021"
                }
              }
            ],
            "category": "product_name",
            "name": "GENESIS32"
          }
        ],
        "category": "vendor",
        "name": "Mitsubishi Electric Iconics Digital Solutions"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "10.97",
                "product": {
                  "name": "Mitsubishi Electric ICONICS Suite: 10.97",
                  "product_id": "CSAFPID-0022"
                }
              }
            ],
            "category": "product_name",
            "name": "ICONICS Suite"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "10.97",
                "product": {
                  "name": "Mitsubishi Electric GENESIS64: 10.97",
                  "product_id": "CSAFPID-0023"
                }
              }
            ],
            "category": "product_name",
            "name": "GENESIS64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "10.97",
                "product": {
                  "name": "Mitsubishi Electric Hyper Historian: 10.97",
                  "product_id": "CSAFPID-0024"
                }
              }
            ],
            "category": "product_name",
            "name": "Hyper Historian"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "10.97",
                "product": {
                  "name": "Mitsubishi Electric AnalytiX: 10.97",
                  "product_id": "CSAFPID-0025"
                }
              }
            ],
            "category": "product_name",
            "name": "AnalytiX"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "10.97",
                "product": {
                  "name": "Mitsubishi Electric MobileHMI: 10.97",
                  "product_id": "CSAFPID-0026"
                }
              }
            ],
            "category": "product_name",
            "name": "MobileHMI"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c=9.7",
                "product": {
                  "name": "Mitsubishi Electric GENESIS32: \u003c=9.7",
                  "product_id": "CSAFPID-0027"
                }
              }
            ],
            "category": "product_name",
            "name": "GENESIS32"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c=4.04E",
                "product": {
                  "name": "Mitsubishi Electric MC Works64: \u003c=4.04E",
                  "product_id": "CSAFPID-0028"
                }
              }
            ],
            "category": "product_name",
            "name": "MC Works64"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003e=4.00A | \u003c=4.04E",
                "product": {
                  "name": "Mitsubishi Electric MC Works64: \u003e=4.00A | \u003c=4.04E",
                  "product_id": "CSAFPID-0029"
                }
              }
            ],
            "category": "product_name",
            "name": "MC Works64"
          }
        ],
        "category": "vendor",
        "name": "Mitsubishi Electric"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-23127",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Information disclosure vulnerability due to Improper Neutralization of Input During Web Page Generation (CWE-79) caused by the lack of proper input verification exists in Mitsubishi Electric Iconics Digital Solutions GENESIS64 and ICONICS Suite and Mitsubishi Electric MC Works64.",
          "title": "Vulnerability Summary"
        },
        {
          "category": "details",
          "text": "SSVCv2/E:N/A:N/T:P/2026-02-10T00:00:00.000Z",
          "title": "SSVC"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0005",
          "CSAFPID-0009",
          "CSAFPID-0013",
          "CSAFPID-0017",
          "CSAFPID-0028"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "www.cve.org",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-23127"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Mitsubishi Electric Iconics Digital Solutions is releasing security updates for the affected products as critical fixes/rollup releases. For more information on the security updates, refer to the Mitsubishi Electric Iconics Digital Solutions whitepaper on security vulnerabilities, the most recent version of which can be found here. https://iconics.com/About/Security/CERT",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0005",
            "CSAFPID-0009",
            "CSAFPID-0013",
            "CSAFPID-0017"
          ],
          "url": "https://iconics.com/About/Security/CERT"
        },
        {
          "category": "vendor_fix",
          "details": " Mitsubishi Electric is releasing security updates for the affected products as critical fixes/rollup releases. For more information on the security updates, refer to the Mitsubishi Electric security advisory, the most recent version of which can be found here. https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2021-025_en.pdf",
          "product_ids": [
            "CSAFPID-0028"
          ],
          "url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2021-025_en.pdf"
        },
        {
          "category": "mitigation",
          "details": "For customers who cannot immediately update the product, Mitsubishi Electric Iconics Digital Solutions and Mitsubishi Electric recommend locating control system networks and remote devices behind firewalls and isolating them from the business network, to minimize the risk of exploiting this vulnerability.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0005",
            "CSAFPID-0009",
            "CSAFPID-0013",
            "CSAFPID-0017",
            "CSAFPID-0028"
          ]
        },
        {
          "category": "mitigation",
          "details": "For customers who cannot immediately update the product, Mitsubishi Electric Iconics Digital Solutions and Mitsubishi Electric recommend restricting the connection of all control system devices and systems to the network so that they can only be accessed from trusted networks and hosts, to minimize the risk of exploiting this vulnerability.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0005",
            "CSAFPID-0009",
            "CSAFPID-0013",
            "CSAFPID-0017",
            "CSAFPID-0028"
          ]
        },
        {
          "category": "mitigation",
          "details": "For customers who cannot immediately update the product, Mitsubishi Electric Iconics Digital Solutions and Mitsubishi Electric recommend restricting the connection of all control system devices and systems to the network so that they can only be accessed from trusted networks and hosts, to minimize the risk of exploiting this vulnerability.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0005",
            "CSAFPID-0009",
            "CSAFPID-0013",
            "CSAFPID-0017",
            "CSAFPID-0028"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.2,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0005",
            "CSAFPID-0009",
            "CSAFPID-0013",
            "CSAFPID-0017",
            "CSAFPID-0028"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2022-23128",
      "cwe": {
        "id": "CWE-184",
        "name": "Incomplete List of Disallowed Inputs"
      },
      "notes": [
        {
          "category": "summary",
          "text": " Authentication bypass vulnerability due to Incomplete List of Disallowed Inputs (CWE-184) exists in Mitsubishi Electric Iconics Digital Solutions GENESIS64 and ICONICS Suite Mitsubishi Electric GENESIS64, ICONICS Suite, and MC Works64.",
          "title": "Vulnerability Summary"
        },
        {
          "category": "details",
          "text": "SSVCv2/E:N/A:Y/T:T/2026-02-10T00:00:00.000Z",
          "title": "SSVC"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0002",
          "CSAFPID-0006",
          "CSAFPID-0010",
          "CSAFPID-0014",
          "CSAFPID-0018",
          "CSAFPID-0022",
          "CSAFPID-0023",
          "CSAFPID-0024",
          "CSAFPID-0025",
          "CSAFPID-0026",
          "CSAFPID-0029"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "www.cve.org",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-23128"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Mitsubishi Electric Iconics Digital Solutions is releasing security updates for the affected products as critical fixes/rollup releases. For more information on the security updates, refer to the Mitsubishi Electric Iconics Digital Solutions whitepaper on security vulnerabilities, the most recent version of which can be found here. https://iconics.com/About/Security/CERT",
          "product_ids": [
            "CSAFPID-0002",
            "CSAFPID-0006",
            "CSAFPID-0010",
            "CSAFPID-0014",
            "CSAFPID-0018"
          ],
          "url": "https://iconics.com/About/Security/CERT"
        },
        {
          "category": "vendor_fix",
          "details": "Mitsubishi Electric is releasing security updates for the affected products as critical fixes/rollup releases. For more information on the security updates, refer to the Mitsubishi Electric security advisory, the most recent version of which can be found here. https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2021-026_en.pdf",
          "product_ids": [
            "CSAFPID-0022",
            "CSAFPID-0023",
            "CSAFPID-0024",
            "CSAFPID-0025",
            "CSAFPID-0026",
            "CSAFPID-0029"
          ],
          "url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2021-026_en.pdf"
        },
        {
          "category": "mitigation",
          "details": "For customers who cannot immediately update the product, Mitsubishi Electric Iconics Digital Solutions and Mitsubishi Electric recommend switching the communication method of FrameWorX server from WebSocket communication to WCF communication and setting \"WebSocketTransport\" element to \"false\" in \"FwxServer.Network.config\" file located in the installation folder of the products, to minimize the risk of exploiting this vulnerability.",
          "product_ids": [
            "CSAFPID-0002",
            "CSAFPID-0006",
            "CSAFPID-0010",
            "CSAFPID-0014",
            "CSAFPID-0018",
            "CSAFPID-0022",
            "CSAFPID-0023",
            "CSAFPID-0024",
            "CSAFPID-0025",
            "CSAFPID-0026",
            "CSAFPID-0029"
          ]
        },
        {
          "category": "mitigation",
          "details": "For customers who cannot immediately update the product, Mitsubishi Electric Iconics Digital Solutions and Mitsubishi Electric recommend locating control system networks and remote devices behind firewalls and isolating them from the business network, to minimize the risk of exploiting this vulnerability.",
          "product_ids": [
            "CSAFPID-0002",
            "CSAFPID-0006",
            "CSAFPID-0010",
            "CSAFPID-0014",
            "CSAFPID-0018",
            "CSAFPID-0022",
            "CSAFPID-0023",
            "CSAFPID-0024",
            "CSAFPID-0025",
            "CSAFPID-0026",
            "CSAFPID-0029"
          ]
        },
        {
          "category": "mitigation",
          "details": "For customers who cannot immediately update the product, Mitsubishi Electric Iconics Digital Solutions and Mitsubishi Electric recommend restricting the connection of all control system devices and systems to the network so that they can only be accessed from trusted networks and hosts, to minimize the risk of exploiting this vulnerability.",
          "product_ids": [
            "CSAFPID-0002",
            "CSAFPID-0006",
            "CSAFPID-0010",
            "CSAFPID-0014",
            "CSAFPID-0018",
            "CSAFPID-0022",
            "CSAFPID-0023",
            "CSAFPID-0024",
            "CSAFPID-0025",
            "CSAFPID-0026",
            "CSAFPID-0029"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0002",
            "CSAFPID-0006",
            "CSAFPID-0010",
            "CSAFPID-0014",
            "CSAFPID-0018",
            "CSAFPID-0022",
            "CSAFPID-0023",
            "CSAFPID-0024",
            "CSAFPID-0025",
            "CSAFPID-0026",
            "CSAFPID-0029"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2022-23129",
      "cwe": {
        "id": "CWE-256",
        "name": "Plaintext Storage of a Password"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Information disclosure vulnerability due to Plaintext Storage of a Password (CWE-256) exists in Mitsubishi Electric Iconics Digital Solutions GENESIS64 and ICONICS Suite and Mitsubishi Electric GENESIS64, ICONICS Suite, and MC Works64.",
          "title": "Vulnerability Summary"
        },
        {
          "category": "details",
          "text": "SSVCv2/E:N/A:N/T:T/2026-02-10T00:00:00.000Z",
          "title": "SSVC"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0003",
          "CSAFPID-0007",
          "CSAFPID-0011",
          "CSAFPID-0015",
          "CSAFPID-0019",
          "CSAFPID-0022",
          "CSAFPID-0023",
          "CSAFPID-0024",
          "CSAFPID-0025",
          "CSAFPID-0026",
          "CSAFPID-0028"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "www.cve.org",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-23129"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Mitsubishi Electric Iconics Digital Solutions is releasing security updates for the affected products as critical fixes/rollup releases. For more information on the security updates, refer to the Mitsubishi Electric Iconics Digital Solutions whitepaper on security vulnerabilities, the most recent version of which can be found here. https://iconics.com/About/Security/CERT",
          "product_ids": [
            "CSAFPID-0003",
            "CSAFPID-0007",
            "CSAFPID-0011",
            "CSAFPID-0015",
            "CSAFPID-0019"
          ],
          "url": "https://iconics.com/About/Security/CERT"
        },
        {
          "category": "vendor_fix",
          "details": "Mitsubishi Electric is releasing security updates for the affected products as critical fixes/rollup releases. For more information on the security updates, refer to the Mitsubishi Electric security advisory, the most recent version of which can be found here. https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2021-027_en.pdf",
          "product_ids": [
            "CSAFPID-0022",
            "CSAFPID-0023",
            "CSAFPID-0024",
            "CSAFPID-0025",
            "CSAFPID-0026",
            "CSAFPID-0028"
          ],
          "url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2021-027_en.pdf"
        },
        {
          "category": "mitigation",
          "details": "For customers who cannot immediately update the product, Mitsubishi Electric Iconics Digital Solutions and Mitsubishi Electric recommend deleting the authentication information (password) of the SQL database in the CSV file, after exporting the configuration information of GridWorX to the CSV file, to minimize the risk of exploiting this vulnerability.",
          "product_ids": [
            "CSAFPID-0003",
            "CSAFPID-0007",
            "CSAFPID-0011",
            "CSAFPID-0015",
            "CSAFPID-0019",
            "CSAFPID-0022",
            "CSAFPID-0023",
            "CSAFPID-0024",
            "CSAFPID-0025",
            "CSAFPID-0026",
            "CSAFPID-0028"
          ]
        },
        {
          "category": "mitigation",
          "details": "For customers who cannot immediately update the product, Mitsubishi Electric Iconics Digital Solutions and Mitsubishi Electric recommend deleting the authentication information (password) of the SQL database, before exporting the configuration information of GridWorX to the CSV file, to minimize the risk of exploiting this vulnerability.",
          "product_ids": [
            "CSAFPID-0003",
            "CSAFPID-0007",
            "CSAFPID-0011",
            "CSAFPID-0015",
            "CSAFPID-0019",
            "CSAFPID-0022",
            "CSAFPID-0023",
            "CSAFPID-0024",
            "CSAFPID-0025",
            "CSAFPID-0026",
            "CSAFPID-0028"
          ]
        },
        {
          "category": "mitigation",
          "details": "For customers who cannot immediately update the product, Mitsubishi Electric Iconics Digital Solutions and Mitsubishi Electric recommend changing the configuration of the security function so that users other than administrator is not authorized to export the configuration information of GridWorX to a CSV file, to minimize the risk of exploiting this vulnerability.",
          "product_ids": [
            "CSAFPID-0003",
            "CSAFPID-0007",
            "CSAFPID-0011",
            "CSAFPID-0015",
            "CSAFPID-0019",
            "CSAFPID-0022",
            "CSAFPID-0023",
            "CSAFPID-0024",
            "CSAFPID-0025",
            "CSAFPID-0026",
            "CSAFPID-0028"
          ]
        },
        {
          "category": "mitigation",
          "details": "For customers who cannot immediately update the product, Mitsubishi Electric Iconics Digital Solutions and Mitsubishi Electric recommend locating control system networks and remote devices behind firewalls and isolating them from the business network, to minimize the risk of exploiting this vulnerability.",
          "product_ids": [
            "CSAFPID-0003",
            "CSAFPID-0007",
            "CSAFPID-0011",
            "CSAFPID-0015",
            "CSAFPID-0019",
            "CSAFPID-0022",
            "CSAFPID-0023",
            "CSAFPID-0024",
            "CSAFPID-0025",
            "CSAFPID-0026",
            "CSAFPID-0028"
          ]
        },
        {
          "category": "mitigation",
          "details": "For customers who cannot immediately update the product, Mitsubishi Electric Iconics Digital Solutions and Mitsubishi Electric recommend restricting the connection of all control system devices and systems to the network so that they can only be accessed from trusted networks and hosts, to minimize the risk of exploiting this vulnerability.",
          "product_ids": [
            "CSAFPID-0003",
            "CSAFPID-0007",
            "CSAFPID-0011",
            "CSAFPID-0015",
            "CSAFPID-0019",
            "CSAFPID-0022",
            "CSAFPID-0023",
            "CSAFPID-0024",
            "CSAFPID-0025",
            "CSAFPID-0026",
            "CSAFPID-0028"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0003",
            "CSAFPID-0007",
            "CSAFPID-0011",
            "CSAFPID-0015",
            "CSAFPID-0019",
            "CSAFPID-0022",
            "CSAFPID-0023",
            "CSAFPID-0024",
            "CSAFPID-0025",
            "CSAFPID-0026",
            "CSAFPID-0028"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2022-23130",
      "cwe": {
        "id": "CWE-126",
        "name": "Buffer Over-read"
      },
      "notes": [
        {
          "category": "summary",
          "text": " Denial-of-Service (DoS) vulnerability due to Buffer Over-read (CWE-126) exists in database server of Mitsubishi Electric Iconics Digital Solutions GENESIS64, ICONICS, and GENESIS32 Suite and Mitsubishi Electric GENESIS64, ICONICS Suite, GENESIS32, and MC Works64.",
          "title": "Vulnerability Summary"
        },
        {
          "category": "details",
          "text": "SSVCv2/E:N/A:N/T:P/2026-02-10T00:00:00.000Z",
          "title": "SSVC"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0004",
          "CSAFPID-0008",
          "CSAFPID-0012",
          "CSAFPID-0016",
          "CSAFPID-0020",
          "CSAFPID-0021",
          "CSAFPID-0022",
          "CSAFPID-0023",
          "CSAFPID-0024",
          "CSAFPID-0025",
          "CSAFPID-0026",
          "CSAFPID-0027",
          "CSAFPID-0029"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "www.cve.org",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-23130"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:C/C:N/I:L/A:H"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Mitsubishi Electric Iconics Digital Solutions is releasing security updates for the affected products as critical fixes/rollup releases. For more information on the security updates, refer to the Mitsubishi Electric Iconics Digital Solutions whitepaper on security vulnerabilities, the most recent version of which can be found here. https://iconics.com/About/Security/CERT",
          "product_ids": [
            "CSAFPID-0004",
            "CSAFPID-0008",
            "CSAFPID-0012",
            "CSAFPID-0016",
            "CSAFPID-0020"
          ],
          "url": "https://iconics.com/About/Security/CERT"
        },
        {
          "category": "vendor_fix",
          "details": "Mitsubishi Electric is releasing security updates for the affected products as critical fixes/rollup releases. For more information on the security updates, refer to the Mitsubishi Electric security advisory, the most recent version of which can be found here. https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2021-028_en.pdf",
          "product_ids": [
            "CSAFPID-0022",
            "CSAFPID-0023",
            "CSAFPID-0024",
            "CSAFPID-0025",
            "CSAFPID-0026",
            "CSAFPID-0029"
          ],
          "url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2021-028_en.pdf"
        },
        {
          "category": "no_fix_planned",
          "details": "There are no plans to release a security update for GENESIS32. To minimize the risk of exploitation of this vulnerability, please consider replacing to GENESIS64 or ICONICS Suite.",
          "product_ids": [
            "CSAFPID-0021",
            "CSAFPID-0027"
          ]
        },
        {
          "category": "mitigation",
          "details": "For customers who cannot immediately update the product, Mitsubishi Electric Iconics Digital Solutions and Mitsubishi Electric recommend locating control system networks and remote devices behind firewalls and isolating them from the business network, to minimize the risk of exploiting this vulnerability.",
          "product_ids": [
            "CSAFPID-0004",
            "CSAFPID-0008",
            "CSAFPID-0012",
            "CSAFPID-0016",
            "CSAFPID-0020",
            "CSAFPID-0021",
            "CSAFPID-0022",
            "CSAFPID-0023",
            "CSAFPID-0024",
            "CSAFPID-0025",
            "CSAFPID-0026",
            "CSAFPID-0027",
            "CSAFPID-0029"
          ]
        },
        {
          "category": "mitigation",
          "details": "For customers who cannot immediately update the product, Mitsubishi Electric Iconics Digital Solutions and Mitsubishi Electric recommend restricting the connection of all control system devices and systems to the network so that they can only be accessed from trusted networks and hosts, to minimize the risk of exploiting this vulnerability.",
          "product_ids": [
            "CSAFPID-0004",
            "CSAFPID-0008",
            "CSAFPID-0012",
            "CSAFPID-0016",
            "CSAFPID-0020",
            "CSAFPID-0021",
            "CSAFPID-0022",
            "CSAFPID-0023",
            "CSAFPID-0024",
            "CSAFPID-0025",
            "CSAFPID-0026",
            "CSAFPID-0027",
            "CSAFPID-0029"
          ]
        },
        {
          "category": "mitigation",
          "details": "For customers who cannot immediately update the product, Mitsubishi Electric Iconics Digital Solutions and Mitsubishi Electric recommend avoiding clicking on web links in emails etc. from untrusted sources, and avoiding opening files attached to untrusted emails, to minimize the risk of exploiting this vulnerability.",
          "product_ids": [
            "CSAFPID-0004",
            "CSAFPID-0008",
            "CSAFPID-0012",
            "CSAFPID-0016",
            "CSAFPID-0020",
            "CSAFPID-0021",
            "CSAFPID-0022",
            "CSAFPID-0023",
            "CSAFPID-0024",
            "CSAFPID-0025",
            "CSAFPID-0026",
            "CSAFPID-0027",
            "CSAFPID-0029"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:C/C:N/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0004",
            "CSAFPID-0008",
            "CSAFPID-0012",
            "CSAFPID-0016",
            "CSAFPID-0020",
            "CSAFPID-0021",
            "CSAFPID-0022",
            "CSAFPID-0023",
            "CSAFPID-0024",
            "CSAFPID-0025",
            "CSAFPID-0026",
            "CSAFPID-0027",
            "CSAFPID-0029"
          ]
        }
      ]
    }
  ]
}

CVE-2022-23127 (GCVE-0-2022-23127)

Vulnerability from cvelistv5 – Published: 2022-01-21 18:17 – Updated: 2024-08-03 03:36

Summary

Cross-site Scripting vulnerability in Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior and ICONICS MobileHMI versions 10.96.2 and prior allows a remote unauthenticated attacker to gain authentication information of an MC Works64 or MobileHMI and perform any operation using the acquired authentication information, by injecting a malicious script in the URL of a monitoring screen delivered from the MC Works64 server or MobileHMI server to an application for mobile devices and leading a legitimate user to access this URL.

Severity ?

No CVSS data available.

CWE

Cross-site Scripting

Assigner

Mitsubishi

References

URL

Tags

	https://jvn.jp/vu/JVNVU95403720/index.html	x_refsource_MISC
	https://www.mitsubishielectric.com/en/psirt/vulne…	x_refsource_MISC
	https://www.cisa.gov/uscert/ics/advisories/icsa-2…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	Mitsubishi Electric MC Works64; ICONICS MobileHMI	Affected: Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior Affected: ICONICS MobileHMI versions 10.96.2 and prior

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T03:36:20.098Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jvn.jp/vu/JVNVU95403720/index.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-025_en.pdf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-020-01"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Mitsubishi Electric MC Works64; ICONICS MobileHMI",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior"
            },
            {
              "status": "affected",
              "version": "ICONICS MobileHMI versions 10.96.2 and prior"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site Scripting vulnerability in Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior and ICONICS MobileHMI versions 10.96.2 and prior allows a remote unauthenticated attacker to gain authentication information of an MC Works64 or MobileHMI and perform any operation using the acquired authentication information, by injecting a malicious script in the URL of a monitoring screen delivered from the MC Works64 server or MobileHMI server to an application for mobile devices and leading a legitimate user to access this URL."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-01-21T18:17:32.000Z",
        "orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
        "shortName": "Mitsubishi"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jvn.jp/vu/JVNVU95403720/index.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-025_en.pdf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-020-01"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
          "ID": "CVE-2022-23127",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Mitsubishi Electric MC Works64; ICONICS MobileHMI",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior"
                          },
                          {
                            "version_value": "ICONICS MobileHMI versions 10.96.2 and prior"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site Scripting vulnerability in Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior and ICONICS MobileHMI versions 10.96.2 and prior allows a remote unauthenticated attacker to gain authentication information of an MC Works64 or MobileHMI and perform any operation using the acquired authentication information, by injecting a malicious script in the URL of a monitoring screen delivered from the MC Works64 server or MobileHMI server to an application for mobile devices and leading a legitimate user to access this URL."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://jvn.jp/vu/JVNVU95403720/index.html",
              "refsource": "MISC",
              "url": "https://jvn.jp/vu/JVNVU95403720/index.html"
            },
            {
              "name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-025_en.pdf",
              "refsource": "MISC",
              "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-025_en.pdf"
            },
            {
              "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-020-01",
              "refsource": "MISC",
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-020-01"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
    "assignerShortName": "Mitsubishi",
    "cveId": "CVE-2022-23127",
    "datePublished": "2022-01-21T18:17:32.000Z",
    "dateReserved": "2022-01-11T00:00:00.000Z",
    "dateUpdated": "2024-08-03T03:36:20.098Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-23129 (GCVE-0-2022-23129)

Vulnerability from cvelistv5 – Published: 2022-01-21 18:17 – Updated: 2024-08-03 03:36

Summary

Plaintext Storage of a Password vulnerability in Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior and ICONICS GENESIS64 versions 10.90 to 10.97 allows a local authenticated attacker to gain authentication information and to access the database illegally. This is because when configuration information of GridWorX, a database linkage function of GENESIS64 and MC Works64, is exported to a CSV file, the authentication information is saved in plaintext, and an attacker who can access this CSV file can gain the authentication information.

Severity ?

No CVSS data available.

CWE

Plaintext Storage of a Password

Assigner

Mitsubishi

References

URL

Tags

	https://jvn.jp/vu/JVNVU95403720/index.html	x_refsource_MISC
	https://us-cert.cisa.gov/ics/advisories/icsa-22-020-01	x_refsource_MISC
	https://www.mitsubishielectric.com/en/psirt/vulne…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	Mitsubishi Electric MC Works64; ICONICS GENESIS64	Affected: Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior Affected: ICONICS GENESIS64 versions 10.90 to 10.97

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T03:36:19.744Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jvn.jp/vu/JVNVU95403720/index.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-020-01"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-027_en.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Mitsubishi Electric MC Works64; ICONICS GENESIS64",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior"
            },
            {
              "status": "affected",
              "version": "ICONICS GENESIS64 versions 10.90 to 10.97"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Plaintext Storage of a Password vulnerability in Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior and ICONICS GENESIS64 versions 10.90 to 10.97 allows a local authenticated attacker to gain authentication information and to access the database illegally. This is because when configuration information of GridWorX, a database linkage function of GENESIS64 and MC Works64, is exported to a CSV file, the authentication information is saved in plaintext, and an attacker who can access this CSV file can gain the authentication information."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Plaintext Storage of a Password",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-01-21T18:17:31.000Z",
        "orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
        "shortName": "Mitsubishi"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jvn.jp/vu/JVNVU95403720/index.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-020-01"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-027_en.pdf"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
          "ID": "CVE-2022-23129",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Mitsubishi Electric MC Works64; ICONICS GENESIS64",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior"
                          },
                          {
                            "version_value": "ICONICS GENESIS64 versions 10.90 to 10.97"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Plaintext Storage of a Password vulnerability in Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior and ICONICS GENESIS64 versions 10.90 to 10.97 allows a local authenticated attacker to gain authentication information and to access the database illegally. This is because when configuration information of GridWorX, a database linkage function of GENESIS64 and MC Works64, is exported to a CSV file, the authentication information is saved in plaintext, and an attacker who can access this CSV file can gain the authentication information."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Plaintext Storage of a Password"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://jvn.jp/vu/JVNVU95403720/index.html",
              "refsource": "MISC",
              "url": "https://jvn.jp/vu/JVNVU95403720/index.html"
            },
            {
              "name": "https://us-cert.cisa.gov/ics/advisories/icsa-22-020-01",
              "refsource": "MISC",
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-020-01"
            },
            {
              "name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-027_en.pdf",
              "refsource": "MISC",
              "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-027_en.pdf"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
    "assignerShortName": "Mitsubishi",
    "cveId": "CVE-2022-23129",
    "datePublished": "2022-01-21T18:17:31.000Z",
    "dateReserved": "2022-01-11T00:00:00.000Z",
    "dateUpdated": "2024-08-03T03:36:19.744Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-23128 (GCVE-0-2022-23128)

Vulnerability from cvelistv5 – Published: 2022-01-21 18:17 – Updated: 2024-08-03 03:36

Summary

Incomplete List of Disallowed Inputs vulnerability in Mitsubishi Electric MC Works64 versions 4.00A (10.95.201.23) to 4.04E (10.95.210.01), ICONICS GENESIS64 versions 10.95.3 to 10.97, ICONICS Hyper Historian versions 10.95.3 to 10.97, ICONICS AnalytiX versions 10.95.3 to 10.97 and ICONICS MobileHMI versions 10.95.3 to 10.97 allows a remote unauthenticated attacker to bypass the authentication of MC Works64, GENESIS64, Hyper Historian, AnalytiX and MobileHMI, and gain unauthorized access to the products, by sending specially crafted WebSocket packets to FrameWorX server, one of the functions of the products.

Severity ?

No CVSS data available.

CWE

Incomplete List of Disallowed Inputs

Assigner

Mitsubishi

References

URL

Tags

	https://jvn.jp/vu/JVNVU95403720/index.html	x_refsource_MISC
	https://www.cisa.gov/uscert/ics/advisories/icsa-2…	x_refsource_MISC
	https://www.mitsubishielectric.com/en/psirt/vulne…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	Mitsubishi Electric MC Works64; ICONICS GENESIS64; ICONICS Hyper Historian; ICONICS AnalytiX; ICONICS MobileHMI	Affected: Mitsubishi Electric MC Works64 versions 4.00A (10.95.201.23) to 4.04E (10.95.210.01) Affected: ICONICS GENESIS64 versions 10.95.3 to 10.97 Affected: ICONICS Hyper Historian versions 10.95.3 to 10.97 Affected: ICONICS AnalytiX versions 10.95.3 to 10.97 Affected: ICONICS MobileHMI versions 10.95.3 to 10.97

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T03:36:19.863Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jvn.jp/vu/JVNVU95403720/index.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-020-01"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-026_en.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Mitsubishi Electric MC Works64; ICONICS GENESIS64; ICONICS Hyper Historian; ICONICS AnalytiX; ICONICS MobileHMI",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Mitsubishi Electric MC Works64 versions 4.00A (10.95.201.23) to 4.04E (10.95.210.01)"
            },
            {
              "status": "affected",
              "version": "ICONICS GENESIS64 versions 10.95.3 to 10.97"
            },
            {
              "status": "affected",
              "version": "ICONICS Hyper Historian versions 10.95.3 to 10.97"
            },
            {
              "status": "affected",
              "version": "ICONICS AnalytiX versions 10.95.3 to 10.97"
            },
            {
              "status": "affected",
              "version": "ICONICS MobileHMI versions 10.95.3 to 10.97"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Incomplete List of Disallowed Inputs vulnerability in Mitsubishi Electric MC Works64 versions 4.00A (10.95.201.23) to 4.04E (10.95.210.01), ICONICS GENESIS64 versions 10.95.3 to 10.97, ICONICS Hyper Historian versions 10.95.3 to 10.97, ICONICS AnalytiX versions 10.95.3 to 10.97 and ICONICS MobileHMI versions 10.95.3 to 10.97 allows a remote unauthenticated attacker to bypass the authentication of MC Works64, GENESIS64, Hyper Historian, AnalytiX and MobileHMI, and gain unauthorized access to the products, by sending specially crafted WebSocket packets to FrameWorX server, one of the functions of the products."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Incomplete List of Disallowed Inputs",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-01-21T18:17:33.000Z",
        "orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
        "shortName": "Mitsubishi"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jvn.jp/vu/JVNVU95403720/index.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-020-01"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-026_en.pdf"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
          "ID": "CVE-2022-23128",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Mitsubishi Electric MC Works64; ICONICS GENESIS64; ICONICS Hyper Historian; ICONICS AnalytiX; ICONICS MobileHMI",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Mitsubishi Electric MC Works64 versions 4.00A (10.95.201.23) to 4.04E (10.95.210.01)"
                          },
                          {
                            "version_value": "ICONICS GENESIS64 versions 10.95.3 to 10.97"
                          },
                          {
                            "version_value": "ICONICS Hyper Historian versions 10.95.3 to 10.97"
                          },
                          {
                            "version_value": "ICONICS AnalytiX versions 10.95.3 to 10.97"
                          },
                          {
                            "version_value": "ICONICS MobileHMI versions 10.95.3 to 10.97"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Incomplete List of Disallowed Inputs vulnerability in Mitsubishi Electric MC Works64 versions 4.00A (10.95.201.23) to 4.04E (10.95.210.01), ICONICS GENESIS64 versions 10.95.3 to 10.97, ICONICS Hyper Historian versions 10.95.3 to 10.97, ICONICS AnalytiX versions 10.95.3 to 10.97 and ICONICS MobileHMI versions 10.95.3 to 10.97 allows a remote unauthenticated attacker to bypass the authentication of MC Works64, GENESIS64, Hyper Historian, AnalytiX and MobileHMI, and gain unauthorized access to the products, by sending specially crafted WebSocket packets to FrameWorX server, one of the functions of the products."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Incomplete List of Disallowed Inputs"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://jvn.jp/vu/JVNVU95403720/index.html",
              "refsource": "MISC",
              "url": "https://jvn.jp/vu/JVNVU95403720/index.html"
            },
            {
              "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-020-01",
              "refsource": "MISC",
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-020-01"
            },
            {
              "name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-026_en.pdf",
              "refsource": "MISC",
              "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-026_en.pdf"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
    "assignerShortName": "Mitsubishi",
    "cveId": "CVE-2022-23128",
    "datePublished": "2022-01-21T18:17:33.000Z",
    "dateReserved": "2022-01-11T00:00:00.000Z",
    "dateUpdated": "2024-08-03T03:36:19.863Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-23130 (GCVE-0-2022-23130)

Vulnerability from cvelistv5 – Published: 2022-01-21 18:17 – Updated: 2026-01-08 11:45

Summary

Buffer Over-read vulnerability in Mitsubishi Electric MC Works64 versions 4.00A to 4.04E, Mitsubishi Electric GENESIS64 versions 10.97 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97 and prior, Mitsubishi Electric ICONICS Suite versions 10.97 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97 and prior, Mitsubishi Electric GENESIS32 versions 9.7 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS32 versions 9.7 and prior allows an attacker to cause a DoS condition in the database server by getting a legitimate user to import a configuration file containing specially crafted stored procedures into GENESIS64, ICONICS Suite, MC Works64, or GENESIS32 and execute commands against the database from GENESIS64, ICONICS Suite, MC Works64, or GENESIS32.

Severity ?

5.9 (Medium)


                        
                          CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:C/C:N/I:L/A:H

CWE

CWE-126 - Buffer Over-read

Assigner

Mitsubishi

References

URL

Tags

	https://www.mitsubishielectric.com/en/psirt/vulne…	vendor-advisory
	https://jvn.jp/vu/JVNVU95403720/index.html	government-resource
	https://us-cert.cisa.gov/ics/advisories/icsa-22-020-01	government-resource

Impacted products

Vendor

Product

Version

Mitsubishi Electric Corporation

GENESIS64

Affected: Versions 10.97 and prior

Mitsubishi Electric Iconics Digital Solutions	GENESIS64	Affected: Versions 10.97 and prior
Mitsubishi Electric Corporation	ICONICS Suite	Affected: Versions 10.97 and prior
Mitsubishi Electric Iconics Digital Solutions	ICONICS Suite	Affected: Versions 10.97 and prior
Mitsubishi Electric Corporation	MC Works64	Affected: Versions 4.00A to 4.04E
Mitsubishi Electric Corporation	GENESIS32	Affected: Versions 9.7 or prior
Mitsubishi Electric Iconics Digital Solutions	GENESIS32	Affected: Versions 9.7 or prior

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T03:36:19.772Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-028_en.pdf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jvn.jp/vu/JVNVU95403720/index.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-020-01"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "GENESIS64",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Versions 10.97 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "GENESIS64",
          "vendor": "Mitsubishi Electric Iconics Digital Solutions",
          "versions": [
            {
              "status": "affected",
              "version": "Versions 10.97 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "ICONICS Suite",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Versions 10.97 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "ICONICS Suite",
          "vendor": "Mitsubishi Electric Iconics Digital Solutions",
          "versions": [
            {
              "status": "affected",
              "version": "Versions 10.97 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MC Works64",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Versions 4.00A to 4.04E"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "GENESIS32",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Versions 9.7 or prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "GENESIS32",
          "vendor": "Mitsubishi Electric Iconics Digital Solutions",
          "versions": [
            {
              "status": "affected",
              "version": "Versions 9.7 or prior"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Buffer Over-read vulnerability in Mitsubishi Electric MC Works64 versions 4.00A to 4.04E, Mitsubishi Electric GENESIS64 versions 10.97 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97 and prior, Mitsubishi Electric ICONICS Suite versions 10.97 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97 and prior, Mitsubishi Electric GENESIS32 versions 9.7 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS32 versions 9.7 and prior allows an attacker to cause a DoS condition in the database server by getting a legitimate user to import a configuration file containing specially crafted stored procedures into GENESIS64, ICONICS Suite, MC Works64, or GENESIS32 and execute commands against the database from GENESIS64, ICONICS Suite, MC Works64, or GENESIS32."
            }
          ],
          "value": "Buffer Over-read vulnerability in Mitsubishi Electric MC Works64 versions 4.00A to 4.04E, Mitsubishi Electric GENESIS64 versions 10.97 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97 and prior, Mitsubishi Electric ICONICS Suite versions 10.97 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97 and prior, Mitsubishi Electric GENESIS32 versions 9.7 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS32 versions 9.7 and prior allows an attacker to cause a DoS condition in the database server by getting a legitimate user to import a configuration file containing specially crafted stored procedures into GENESIS64, ICONICS Suite, MC Works64, or GENESIS32 and execute commands against the database from GENESIS64, ICONICS Suite, MC Works64, or GENESIS32."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:C/C:N/I:L/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-126",
              "description": "CWE-126 Buffer Over-read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-08T11:45:13.985Z",
        "orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
        "shortName": "Mitsubishi"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-028_en.pdf"
        },
        {
          "tags": [
            "government-resource"
          ],
          "url": "https://jvn.jp/vu/JVNVU95403720/index.html"
        },
        {
          "tags": [
            "government-resource"
          ],
          "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-020-01"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
          "ID": "CVE-2022-23130",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Mitsubishi Electric MC Works64; ICONICS GENESIS64; ICONICS Hyper Historian",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Mitsubishi Electric MC Works64 versions 4.00A (10.95.201.23) to 4.04E (10.95.210.01)"
                          },
                          {
                            "version_value": "ICONICS GENESIS64 versions 10.97 and prior"
                          },
                          {
                            "version_value": "ICONICS Hyper Historian versions 10.97 and prior"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer Over-read vulnerability in Mitsubishi Electric MC Works64 versions 4.00A (10.95.201.23) to 4.04E (10.95.210.01), ICONICS GENESIS64 versions 10.97 and prior and ICONICS Hyper Historian versions 10.97 and prior allows an attacker to cause a DoS condition in the database server by getting a legitimate user to import a configuration file containing specially crafted stored procedures into GENESIS64 or MC Works64 and execute commands against the database from GENESIS64 or MC Works64."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Buffer Over-read"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-028_en.pdf",
              "refsource": "MISC",
              "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-028_en.pdf"
            },
            {
              "name": "https://jvn.jp/vu/JVNVU95403720/index.html",
              "refsource": "MISC",
              "url": "https://jvn.jp/vu/JVNVU95403720/index.html"
            },
            {
              "name": "https://us-cert.cisa.gov/ics/advisories/icsa-22-020-01",
              "refsource": "MISC",
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-020-01"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
    "assignerShortName": "Mitsubishi",
    "cveId": "CVE-2022-23130",
    "datePublished": "2022-01-21T18:17:30.000Z",
    "dateReserved": "2022-01-11T00:00:00.000Z",
    "dateUpdated": "2026-01-08T11:45:13.985Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

ICSA-22-020-01

CVE-2022-23127 (GCVE-0-2022-23127)

CVE-2022-23129 (GCVE-0-2022-23129)

CVE-2022-23128 (GCVE-0-2022-23128)

CVE-2022-23130 (GCVE-0-2022-23130)

Tags

Sightings

Nomenclature