CVE-2021-20595

EPSS 0.15%
Veröffentlicht 13.07.2021 11:15:09
Zuletzt bearbeitet 21.11.2024 05:46:50
Quelle Mitsubishielectric.Psirt@yd.Mi
CVE-Watchlists
Login
Unerledigt
Login

Improper Restriction of XML External Entity Reference vulnerability in Mitsubishi Electric Air Conditioning System/Centralized Controllers (G-50A Ver.3.35 and prior, GB-50A Ver.3.35 and prior, GB-24A Ver.9.11 and prior, AG-150A-A Ver.3.20 and prior, AG-150A-J Ver.3.20 and prior, GB-50ADA-A Ver.3.20 and prior, GB-50ADA-J Ver.3.20 and prior, EB-50GU-A Ver 7.09 and prior, EB-50GU-J Ver 7.09 and prior, AE-200A Ver 7.93 and prior, AE-200E Ver 7.93 and prior, AE-50A Ver 7.93 and prior, AE-50E Ver 7.93 and prior, EW-50A Ver 7.93 and prior, EW-50E Ver 7.93 and prior, TE-200A Ver 7.93 and prior, TE-50A Ver 7.93 and prior, TW-50A Ver 7.93 and prior, CMS-RMD-J Ver.1.30 and prior), Air Conditioning System/Expansion Controllers (PAC-YG50ECA Ver.2.20 and prior) and Air Conditioning System/BM adapter(BAC-HD150 Ver.2.21 and prior) allows a remote unauthenticated attacker to disclose some of data in the air conditioning system or cause a DoS condition by sending specially crafted packets.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Mitsubishi ≫ G-50a Firmware Version >= 2.50 <= 3.35

Mitsubishi ≫ G-50a Version-

Mitsubishi ≫ Gb-50a Firmware Version >= 2.50 <= 3.35

Mitsubishi ≫ Gb-50a Version-

Mitsubishi ≫ Ag-150a-a Firmware Version <= 3.20

Mitsubishi ≫ Ag-150a-a Version-

Mitsubishi ≫ Ag-150a-j Firmware Version <= 3.20

Mitsubishi ≫ Ag-150a-j Version-

Mitsubishi ≫ Gb-50ada-a Firmware Version <= 3.20

Mitsubishi ≫ Gb-50ada-a Version-

Mitsubishi ≫ Gb-50ada-j Firmware Version <= 3.20

Mitsubishi ≫ Gb-50ada-j Version-

Mitsubishi ≫ Eb-50gu-a Firmware Version <= 7.09

Mitsubishi ≫ Eb-50gu-a Version-

Mitsubishi ≫ Eb-50gu-j Firmware Version <= 7.09

Mitsubishi ≫ Eb-50gu-j Version-

Mitsubishi ≫ Ae-200a Firmware Version <= 7.93

Mitsubishi ≫ Ae-200a Version-

Mitsubishi ≫ Ae-200e Firmware Version <= 7.93

Mitsubishi ≫ Ae-200e Version-

Mitsubishi ≫ Ae-50a Firmware Version <= 7.93

Mitsubishi ≫ Ae-50a Version-

Mitsubishi ≫ Ae-50e Firmware Version <= 7.93

Mitsubishi ≫ Ae-50e Version-

Mitsubishi ≫ Ew-50a Firmware Version <= 7.93

Mitsubishi ≫ Ew-50a Version-

Mitsubishi ≫ Ew-50e Firmware Version <= 7.93

Mitsubishi ≫ Ew-50e Version-

Mitsubishi ≫ Te-200a Firmware Version <= 7.93

Mitsubishi ≫ Te-200a Version-

Mitsubishi ≫ Te-50a Firmware Version <= 7.93

Mitsubishi ≫ Te-50a Version-

Mitsubishi ≫ Tw-50a Firmware Version <= 7.93

Mitsubishi ≫ Tw-50a Version-

Mitsubishi ≫ Cms-rmd-j Firmware Version <= 1.30

Mitsubishi ≫ Cms-rmd-j Version-

Mitsubishi ≫ Pac-yg50eca Firmware Version <= 2.20

Mitsubishi ≫ Pac-yg50eca Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.15%	0.367

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.2	3.9	4.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
nvd@nist.gov	8.5	10	7.8	AV:N/AC:L/Au:N/C:P/I:N/A:C

CWE-611 Improper Restriction of XML External Entity Reference

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

https://jvn.jp/vu/JVNVU93086468/index.html

Third Party Advisory

https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-005_en.pdf

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-20595

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-20595

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-20595

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2021-20595