CVE-2022-25155
Published Apr 1, 2022
Last updated a year ago
Overview
- Description
- Use of Password Hash Instead of Password for Authentication vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions, Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU all versions, Mitsubishi Electric MELSEC iQ-R series RJ71GN11-T2 all versions, Mitsubishi Electric MELSEC iQ-R series RJ71GN11-EIP all versions, Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4) all versions, Mitsubishi Electric MELSEC iQ-R series RJ71EN71 all versions, Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2 all versions, Mitsubishi Electric MELSEC Q series Q03UDECPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/10/13/20/26/50/100UDEHCPU all versions, Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU all versions, Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4) all versions, Mitsubishi Electric MELSEC Q series QJ71E71-100 all versions, Mitsubishi Electric MELSEC Q series QJ72BR15 all versions, Mitsubishi Electric MELSEC Q series QJ72LP25(-25/G/GE) all versions, Mitsubishi Electric MELSEC L series L02/06/26CPU(-P) all versions, Mitsubishi Electric MELSEC L series L26CPU-(P)BT all versions, Mitsubishi Electric MELSEC L series LJ71C24(-R2) all versions, Mitsubishi Electric MELSEC L series LJ71E71-100 all versions and Mitsubishi Electric MELSEC L series LJ72GF15-T2 all versions allows a remote unauthenticated attacker to login to the product by replaying an eavesdropped password hash.
- Source
- Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
- NVD status
- Modified
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 8.1
- Impact score
- 5.9
- Exploitability score
- 2.2
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 6.8
- Impact score
- 6.4
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-287
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uc_firmware:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "66B8BB34-6DC1-459A-9C82-C54CC44F9D03"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uc:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "58019A30-5F53-4E6A-AADA-A002C8B73C24"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uc-32mr\\/ds-ts_firmware:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E10C7797-2505-4B69-94E9-78F931A72D0B"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uc-32mr\\/ds-ts:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "6319D639-CC7B-414E-9DCB-F9D427E8FEF2"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uc-32mt\\/d_firmware:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9E2293F8-1A3F-4880-BCF5-B3A7DFF01F35"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uc-32mt\\/d:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "EBBFA917-5DCF-4B0C-8C32-AC384FB880AC"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uc-32mt\\/dss_firmware:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C554660B-CDC7-4DAA-8741-CFC546A6D678"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uc-32mt\\/dss:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "2CFE160B-32CC-4529-AD35-7467A32B609E"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uj-24mr\\/es_firmware:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5192EC31-9128-4DCB-ABEA-2EDE141B251C"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uj-24mr\\/es:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "3F4BA009-4F0A-427C-9D4A-F8A128F5F8C9"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uj-24mt\\/es_firmware:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0C1BD07A-538D-44BC-A50E-0CD12303EE6E"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uj-24mt\\/es:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "2B284B91-7571-4614-A721-676D1972E2D0"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uj-24mt\\/ess_firmware:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EFC5E3AC-5403-46FE-8E8D-B2970BC18192"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uj-24mt\\/ess:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "7D8A69D9-DE42-4953-AD81-40EF7A003823"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uj-40mr\\/es_firmware:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E437415B-3072-438C-8054-FB4C8AD780D4"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uj-40mr\\/es:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "3B0AA6C3-68CC-454B-A959-707BB20F4E07"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uj-40mt\\/es_firmware:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "63BA3EA7-C2A4-4A58-914C-63DDB958548B"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uj-40mt\\/es:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "8ED5C2F9-C203-40FD-B15C-F91A68FA0DCC"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uj-40mt\\/ess_firmware:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DE6A1EF8-C44A-466A-BDD2-BED016A9BED2"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uj-40mt\\/ess:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "1A38E527-6290-49AE-885A-21C4FC77EE96"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uj-60mr\\/es_firmware:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B59ED412-6D2A-4B07-B665-6B8EB9FFF173"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uj-60mr\\/es:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "8CAF8ED8-B265-4FC5-91AE-CFA4C282E27F"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uj-60mt\\/es_firmware:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EF1D2D59-F506-45D4-BD4A-D69CFDDCD50F"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uj-60mt\\/es:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "8F5B2760-4E56-4FAA-A723-BB7CC28FAFD2"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uj-60mt\\/ess_firmware:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1AADFEEA-40C3-4F4B-ADFD-4B58DF06E6A3"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uj-60mt\\/ess:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "7625B11E-0A91-46D2-8952-AC0BA956D7A8"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uc-32mt\\/dss-ts_firmware:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "62AF044F-84FF-4EEB-A0ED-755B94BE8A3B"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uc-32mt\\/dss-ts:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "2122A970-5A7D-40A6-BB97-622B695713ED"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uc-32mt\\/ds-ts_firmware:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D9666151-FC68-471D-960F-9A85B2AE513B"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uc-32mt\\/ds-ts:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "C4B64FFA-59CE-46E9-B240-F083B332BFD1"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:fx5uj_firmware:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2526AE1D-EE80-4828-AD4B-DD1E985F238B"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:fx5uj:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "71622C45-9436-4AC0-8DFC-C05E4F92EA61"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]