7.5
CVE-2022-33323
- EPSS 1.14%
- Veröffentlicht 02.02.2023 06:15:08
- Zuletzt bearbeitet 21.11.2024 07:08:11
- Quelle Mitsubishielectric.Psirt@yd.Mi
- CVE-Watchlists
- Unerledigt
LoginAuthentication Bypass Vulnerability in Robot Controller of MELFA SD/SQ series and F-series
Active Debug Code vulnerability in robot controller of Mitsubishi Electric Corporation industrial robot MELFA SD/SQ Series and MELFA F-Series allows a remote unauthenticated attacker to gain unauthorized access by authentication bypass through an unauthorized telnet login. As for the affected model names, controller types and firmware versions, see the Mitsubishi Electric's advisory which is listed in [References] section.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Mitsubishielectric ≫ Rh-12sdh55 Firmware Version-
Mitsubishielectric ≫ Rh-12sdh70 Firmware Version-
Mitsubishielectric ≫ Rh-12sdh85 Firmware Version-
Mitsubishielectric ≫ Rh-12sqh55 Firmware Version-
Mitsubishielectric ≫ Rh-12sqh70 Firmware Version-
Mitsubishielectric ≫ Rh-12sqh85 Firmware Version-
Mitsubishielectric ≫ Rh-20sdh100 Firmware Version-
Mitsubishielectric ≫ Rh-20sdh85 Firmware Version-
Mitsubishielectric ≫ Rh-20sqh85 Firmware Version-
Mitsubishielectric ≫ Rh-3sdhr Firmware Version-
Mitsubishielectric ≫ Rh-3sqhr Firmware Version-
Mitsubishielectric ≫ Rh-6sdh35 Firmware Version-
Mitsubishielectric ≫ Rh-6sdh45 Firmware Version-
Mitsubishielectric ≫ Rh-6sdh55 Firmware Version-
Mitsubishielectric ≫ Rh-6sqh35 Firmware Version-
Mitsubishielectric ≫ Rh-6sqh45 Firmware Version-
Mitsubishielectric ≫ Rh-6sqh55 Firmware Version-
Mitsubishielectric ≫ Rv-12sd Firmware Version-
Mitsubishielectric ≫ Rv-12sdl Firmware Version-
Mitsubishielectric ≫ Rv-12sq Firmware Version-
Mitsubishielectric ≫ Rv-12sql Firmware Version-
Mitsubishielectric ≫ Rv-2sdb Firmware Version-
Mitsubishielectric ≫ Rv-2sqb Firmware Version-
Mitsubishielectric ≫ Rv-3sd Firmware Version-
Mitsubishielectric ≫ Rv-3sdj Firmware Version-
Mitsubishielectric ≫ Rv-3sq Firmware Version-
Mitsubishielectric ≫ Rv-3sqj Firmware Version-
Mitsubishielectric ≫ Rv-6sd Firmware Version-
Mitsubishielectric ≫ Rv-6sdl Firmware Version-
Mitsubishielectric ≫ Rv-6sq Firmware Version-
Mitsubishielectric ≫ Rv-6sql Firmware Version-
Mitsubishielectric ≫ Rh-12fh55 Firmware Version-
Mitsubishielectric ≫ Rh-12fh70 Firmware Version-
Mitsubishielectric ≫ Rh-12fh85 Firmware Version-
Mitsubishielectric ≫ Rh-20fh100 Firmware Version-
Mitsubishielectric ≫ Rh-20fh85 Firmware Version-
Mitsubishielectric ≫ Rh-3fh35 Firmware Version-
Mitsubishielectric ≫ Rh-3fh45 Firmware Version-
Mitsubishielectric ≫ Rh-3fh55 Firmware Version-
Mitsubishielectric ≫ Rh-6fh35 Firmware Version-
Mitsubishielectric ≫ Rh-6fh45 Firmware Version-
Mitsubishielectric ≫ Rh-6fh55 Firmware Version-
Mitsubishielectric ≫ Rv-13f Firmware Version-
Mitsubishielectric ≫ Rv-13fl Firmware Version-
Mitsubishielectric ≫ Rv-20f Firmware Version-
Mitsubishielectric ≫ Rv-2f Firmware Version-
Mitsubishielectric ≫ Rv-4f Firmware Version-
Mitsubishielectric ≫ Rv-4fl Firmware Version-
Mitsubishielectric ≫ Rv-7f Firmware Version-
Mitsubishielectric ≫ Rv-7fl Firmware Version-
Mitsubishielectric ≫ Rv-7fll Firmware Version-
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.14% | 0.625 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
|
| Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
|
CWE-489 Active Debug Code
The product is deployed to unauthorized actors with debugging code still enabled or active, which can create unintended entry points or expose sensitive information.
https://jvn.jp/vu/JVNVU94588481/index.html
https://www.cisa.gov/uscert/ics/advisories/icsa-23-026-05
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-020_en.pdf