9.1
CVE-2022-40267
- EPSS 2.18%
- Veröffentlicht 20.01.2023 08:15:11
- Zuletzt bearbeitet 21.11.2024 07:21:09
- Quelle Mitsubishielectric.Psirt@yd.Mi
- CVE-Watchlists
- Unerledigt
LoginPredictable Seed in Pseudo-Random Number Generator (PRNG) vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-xMy/z (x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) with serial number 17X**** or later, and versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-xMy/z (x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) with serial number 179**** and prior, and versions 1.074 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-xMy/z (x=32,64,96, y=T, z=D,DSS)) with serial number 17X**** or later, and versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-xMy/z (x=32,64,96, y=T, z=D,DSS)) with serial number 179**** and prior, and versions 1.074 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-32MT/DS-TS versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-32MT/DSS-TS versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-xMy/z (x=24,40,60, y=T,R, z=ES,ESS) versions 1.042 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-xMy/ES-A (x=24,40,60, y=T,R) versions 1.043 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5S-xMy/z (x=30,40,60,80, y=T,R, z=ES,ESS) versions 1.003 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-32MR/DS-TS versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R00/01/02CPU versions 33 and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120(EN)CPU versions 66 and prior allows a remote unauthenticated attacker to access the Web server function by guessing the random numbers used for authentication from several used random numbers.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Mitsubishielectric ≫ Fx5u-80mt/ess Firmware Version-
Mitsubishielectric ≫ Fx5u-32mt/dss Firmware Version-
Mitsubishielectric ≫ Fx5u-64mt/dss Firmware Version-
Mitsubishielectric ≫ Fx5u-80mt/dss Firmware Version-
Mitsubishielectric ≫ Fx5uc-32mt/d Firmware Version-
Mitsubishielectric ≫ Fx5uc-64mt/d Firmware Version-
Mitsubishielectric ≫ Fx5uc-96mt/d Firmware Version-
Mitsubishielectric ≫ Fx5uc-32mt/dss Firmware Version-
Mitsubishielectric ≫ Fx5uc-64mt/dss Firmware Version-
Mitsubishielectric ≫ Fx5uc-96mt/dss Firmware Version-
Mitsubishielectric ≫ Fx5uc-32mt/ds-ts Firmware Version < 1.280
Mitsubishielectric ≫ Fx5uc-32mt/dss-ts Firmware Version < 1.280
Mitsubishielectric ≫ Fx5uc-32mr/ds-ts Firmware Version < 1.280
Mitsubishielectric ≫ R00cpu Firmware Version-
Mitsubishielectric ≫ R01cpu Firmware Version-
Mitsubishielectric ≫ R02cpu Firmware Version-
Mitsubishielectric ≫ R04cpu Firmware Version-
Mitsubishielectric ≫ R08cpu Firmware Version-
Mitsubishielectric ≫ R16cpu Firmware Version-
Mitsubishielectric ≫ R32cpu Firmware Version-
Mitsubishielectric ≫ R120cpu Firmware Version-
Mitsubishielectric ≫ R04encpu Firmware Version-
Mitsubishielectric ≫ R08encpu Firmware Version-
Mitsubishielectric ≫ R16encpu Firmware Version-
Mitsubishielectric ≫ R32encpu Firmware Version-
Mitsubishielectric ≫ R120encpu Firmware Version-
Mitsubishielectric ≫ Fx5uj-24mt/es Firmware Version < 1.042
Mitsubishielectric ≫ Fx5uj-40mt/es Firmware Version < 1.042
Mitsubishielectric ≫ Fx5uj-60mt/es Firmware Version < 1.042
Mitsubishielectric ≫ Fx5uj-24mr/es Firmware Version < 1.042
Mitsubishielectric ≫ Fx5uj-40mr/es Firmware Version < 1.042
Mitsubishielectric ≫ Fx5uj-60mr/es Firmware Version < 1.042
Mitsubishielectric ≫ Fx5uj-24mt/ess Firmware Version < 1.042
Mitsubishielectric ≫ Fx5uj-40mt/ess Firmware Version < 1.042
Mitsubishielectric ≫ Fx5uj-60mt/ess Firmware Version < 1.042
Mitsubishielectric ≫ Fx5uj-24mt/es-a Firmware Version < 1.043
Mitsubishielectric ≫ Fx5uj-40mt/es-a Firmware Version < 1.043
Mitsubishielectric ≫ Fx5uj-60mt/es-a Firmware Version < 1.043
Mitsubishielectric ≫ Fx5uj-24mr/es-a Firmware Version < 1.043
Mitsubishielectric ≫ Fx5uj-40mr/es-a Firmware Version < 1.043
Mitsubishielectric ≫ Fx5uj-60mr/es-a Firmware Version < 1.043
Mitsubishielectric ≫ Fx5s-30mt/es Firmware Version < 1.003
Mitsubishielectric ≫ Fx5s-40mt/es Firmware Version < 1.003
Mitsubishielectric ≫ Fx5s-60mt/es Firmware Version < 1.003
Mitsubishielectric ≫ Fx5s-80mt/es Firmware Version < 1.003
Mitsubishielectric ≫ Fx5s-30mr/es Firmware Version < 1.003
Mitsubishielectric ≫ Fx5s-40mr/es Firmware Version < 1.003
Mitsubishielectric ≫ Fx5s-60mr/es Firmware Version < 1.003
Mitsubishielectric ≫ Fx5s-80mr/es Firmware Version < 1.003
Mitsubishielectric ≫ Fx5s-30mt/ess Firmware Version < 1.003
Mitsubishielectric ≫ Fx5s-40mt/ess Firmware Version < 1.003
Mitsubishielectric ≫ Fx5s-60mt/ess Firmware Version < 1.003
Mitsubishielectric ≫ Fx5s-80mt/ess Firmware Version < 1.003
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.18% | 0.841 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.1 | 3.9 | 5.2 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
|
| Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp | 5.9 | 2.2 | 3.6 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
|
CWE-335 Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)
The product uses a Pseudo-Random Number Generator (PRNG) but does not correctly manage seeds.
CWE-337 Predictable Seed in Pseudo-Random Number Generator (PRNG)
A Pseudo-Random Number Generator (PRNG) is initialized from a predictable seed, such as the process ID or system time.