CVE-2022-40269

EPSS 0.53%
Veröffentlicht 02.02.2023 08:15:07
Zuletzt bearbeitet 21.11.2024 07:21:10
Quelle Mitsubishielectric.Psirt@yd.Mi
CVE-Watchlists
Login
Unerledigt
Login

Authentication Bypass by Spoofing vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT27 model versions 01.14.000 to 01.47.000, Mitsubishi Electric Corporation GOT2000 Series GT25 model versions 01.14.000 to 01.47.000 and Mitsubishi Electric Corporation GT SoftGOT2000 versions 1.265B to 1.285X allows a remote unauthenticated attacker to disclose sensitive information from users' browsers or spoof legitimate users by abusing inappropriate HTML attributes.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Mitsubishielectric ≫ Gt Softgot2000 Version >= 1.265b < 1.290c

Mitsubishielectric ≫ Gt27 Firmware Version >= 01.14.000 < 01.48.000

Mitsubishielectric ≫ Gt27 Version-

Mitsubishielectric ≫ Gt25 Firmware Version >= 01.14.000 < 01.48.000

Mitsubishielectric ≫ Gt25 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.53%	0.668

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.1	2.8	5.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp	6.8	1.6	5.2	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

CWE-290 Authentication Bypass by Spoofing

This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.

https://jvn.jp/vu/JVNVU91222434/index.html

Third Party Advisory

https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-021_en.pdf

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-40269

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-40269

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-40269

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2022-40269