9.8

CVE-2022-23128

Incomplete List of Disallowed Inputs vulnerability in Mitsubishi Electric MC Works64 versions 4.00A (10.95.201.23) to 4.04E (10.95.210.01), ICONICS GENESIS64 versions 10.95.3 to 10.97, ICONICS Hyper Historian versions 10.95.3 to 10.97, ICONICS AnalytiX versions 10.95.3 to 10.97 and ICONICS MobileHMI versions 10.95.3 to 10.97 allows a remote unauthenticated attacker to bypass the authentication of MC Works64, GENESIS64, Hyper Historian, AnalytiX and MobileHMI, and gain unauthorized access to the products, by sending specially crafted WebSocket packets to FrameWorX server, one of the functions of the products.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
IconicsAnalytix Version >= 10.95.3 <= 10.97
IconicsGenesis64 Version >= 10.95.3 <= 10.97
IconicsHyper Historian Version >= 10.95.3 <= 10.97
IconicsMobilehmi Version >= 10.95.3 <= 10.97
MitsubishielectricMc Works64 Version >= 10.95.201.23 <= 10.95.210.01
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.88% 0.85
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://jvn.jp/vu/JVNVU95403720/index.html
Third Party Advisory
VDB Entry
Mitigation
https://www.cisa.gov/uscert/ics/advisories/icsa-22-020-01
Third Party Advisory
US Government Resource
VDB Entry
Mitigation
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-026_en.pdf
Vendor Advisory
Mitigation