Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2022-25160

Summary
Assigner-Mitsubishi
Assigner Org ID-e0f77b61-78fd-4786-b3fb-1ee347a748ad
Published At-01 Apr, 2022 | 22:18
Updated At-03 Aug, 2024 | 04:29
Rejected At-
Credits

Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions, Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU all versions, Mitsubishi Electric MELSEC iQ-R series R16/32/64MTCPU all versions, Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4) all versions, Mitsubishi Electric MELSEC iQ-R series RJ71EN71 all versions, Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2 all versions, Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU all versions, Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4) all versions and Mitsubishi Electric MELSEC Q series QJ71E71-100 all versions allows a remote unauthenticated attacker to disclose a file in a legitimate user's product by using previously eavesdropped cleartext information and to counterfeit a legitimate user’s system.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Mitsubishi
Assigner Org ID:e0f77b61-78fd-4786-b3fb-1ee347a748ad
Published At:01 Apr, 2022 | 22:18
Updated At:03 Aug, 2024 | 04:29
Rejected At:
▼CVE Numbering Authority (CNA)

Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions, Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU all versions, Mitsubishi Electric MELSEC iQ-R series R16/32/64MTCPU all versions, Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4) all versions, Mitsubishi Electric MELSEC iQ-R series RJ71EN71 all versions, Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2 all versions, Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU all versions, Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4) all versions and Mitsubishi Electric MELSEC Q series QJ71E71-100 all versions allows a remote unauthenticated attacker to disclose a file in a legitimate user's product by using previously eavesdropped cleartext information and to counterfeit a legitimate user’s system.

Affected Products
Vendor
n/a
Product
Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU; Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU; Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU; Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU; Mitsubishi Electric MELSEC iQ-R series R16/32/64MTCPU; Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4); Mitsubishi Electric MELSEC iQ-R series RJ71EN71; Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2; Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU; Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU; Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4); Mitsubishi Electric MELSEC Q series QJ71E71-100
Versions
Affected
  • Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions
  • Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions
  • Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions
  • Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU all versions
  • Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU all versions
  • Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU all versions
  • Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU all versions
  • Mitsubishi Electric MELSEC iQ-R series R16/32/64MTCPU all versions
  • Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4) all versions
  • Mitsubishi Electric MELSEC iQ-R series RJ71EN71 all versions
  • Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2 all versions
  • Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU all versions
  • Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU all versions
  • Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4) all versions
  • Mitsubishi Electric MELSEC Q series QJ71E71-100 all versions
Problem Types
TypeCWE IDDescription
textN/ACleartext Storage of Sensitive Information
Type: text
CWE ID: N/A
Description: Cleartext Storage of Sensitive Information
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-031_en.pdf
x_refsource_MISC
https://jvn.jp/vu/JVNVU96577897/index.html
x_refsource_MISC
https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-04
x_refsource_MISC
Hyperlink: https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-031_en.pdf
Resource:
x_refsource_MISC
Hyperlink: https://jvn.jp/vu/JVNVU96577897/index.html
Resource:
x_refsource_MISC
Hyperlink: https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-04
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-031_en.pdf
x_refsource_MISC
x_transferred
https://jvn.jp/vu/JVNVU96577897/index.html
x_refsource_MISC
x_transferred
https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-04
x_refsource_MISC
x_transferred
Hyperlink: https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-031_en.pdf
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://jvn.jp/vu/JVNVU96577897/index.html
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-04
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
Published At:01 Apr, 2022 | 23:15
Updated At:02 Jun, 2022 | 18:15

Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions, Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU all versions, Mitsubishi Electric MELSEC iQ-R series R16/32/64MTCPU all versions, Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4) all versions, Mitsubishi Electric MELSEC iQ-R series RJ71EN71 all versions, Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2 all versions, Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU all versions, Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4) all versions and Mitsubishi Electric MELSEC Q series QJ71E71-100 all versions allows a remote unauthenticated attacker to disclose a file in a legitimate user's product by using previously eavesdropped cleartext information and to counterfeit a legitimate user’s system.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.15.9MEDIUM
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary2.04.3MEDIUM
AV:N/AC:M/Au:N/C:P/I:N/A:N
Type: Primary
Version: 3.1
Base score: 5.9
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Type: Primary
Version: 2.0
Base score: 4.3
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:P/I:N/A:N
CPE Matches
Mitsubishi Electric Corporation
mitsubishielectric
>>fx5uc_firmware>>-
cpe:2.3:o:mitsubishielectric:fx5uc_firmware:-:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishielectric
>>fx5uc>>-
cpe:2.3:h:mitsubishielectric:fx5uc:-:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishielectric
>>fx5uc-32mr\/ds-ts_firmware>>-
cpe:2.3:o:mitsubishielectric:fx5uc-32mr\/ds-ts_firmware:-:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishielectric
>>fx5uc-32mr\/ds-ts>>-
cpe:2.3:h:mitsubishielectric:fx5uc-32mr\/ds-ts:-:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishielectric
>>fx5uc-32mt\/d_firmware>>-
cpe:2.3:o:mitsubishielectric:fx5uc-32mt\/d_firmware:-:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishielectric
>>fx5uc-32mt\/d>>-
cpe:2.3:h:mitsubishielectric:fx5uc-32mt\/d:-:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishielectric
>>fx5uc-32mt\/dss_firmware>>-
cpe:2.3:o:mitsubishielectric:fx5uc-32mt\/dss_firmware:-:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishielectric
>>fx5uc-32mt\/dss>>-
cpe:2.3:h:mitsubishielectric:fx5uc-32mt\/dss:-:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishielectric
>>fx5uj-24mr\/es_firmware>>-
cpe:2.3:o:mitsubishielectric:fx5uj-24mr\/es_firmware:-:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishielectric
>>fx5uj-24mr\/es>>-
cpe:2.3:h:mitsubishielectric:fx5uj-24mr\/es:-:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishielectric
>>fx5uj-24mt\/es_firmware>>-
cpe:2.3:o:mitsubishielectric:fx5uj-24mt\/es_firmware:-:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishielectric
>>fx5uj-24mt\/es>>-
cpe:2.3:h:mitsubishielectric:fx5uj-24mt\/es:-:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishielectric
>>fx5uj-24mt\/ess_firmware>>-
cpe:2.3:o:mitsubishielectric:fx5uj-24mt\/ess_firmware:-:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishielectric
>>fx5uj-24mt\/ess>>-
cpe:2.3:h:mitsubishielectric:fx5uj-24mt\/ess:-:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishielectric
>>fx5uj-40mr\/es_firmware>>-
cpe:2.3:o:mitsubishielectric:fx5uj-40mr\/es_firmware:-:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishielectric
>>fx5uj-40mr\/es>>-
cpe:2.3:h:mitsubishielectric:fx5uj-40mr\/es:-:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishielectric
>>fx5uj-40mt\/es_firmware>>-
cpe:2.3:o:mitsubishielectric:fx5uj-40mt\/es_firmware:-:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishielectric
>>fx5uj-40mt\/es>>-
cpe:2.3:h:mitsubishielectric:fx5uj-40mt\/es:-:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishielectric
>>fx5uj-40mt\/ess_firmware>>-
cpe:2.3:o:mitsubishielectric:fx5uj-40mt\/ess_firmware:-:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishielectric
>>fx5uj-40mt\/ess>>-
cpe:2.3:h:mitsubishielectric:fx5uj-40mt\/ess:-:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishielectric
>>fx5uj-60mr\/es_firmware>>-
cpe:2.3:o:mitsubishielectric:fx5uj-60mr\/es_firmware:-:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishielectric
>>fx5uj-60mr\/es>>-
cpe:2.3:h:mitsubishielectric:fx5uj-60mr\/es:-:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishielectric
>>fx5uj-60mt\/es_firmware>>-
cpe:2.3:o:mitsubishielectric:fx5uj-60mt\/es_firmware:-:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishielectric
>>fx5uj-60mt\/es>>-
cpe:2.3:h:mitsubishielectric:fx5uj-60mt\/es:-:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishielectric
>>fx5uj-60mt\/ess_firmware>>-
cpe:2.3:o:mitsubishielectric:fx5uj-60mt\/ess_firmware:-:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishielectric
>>fx5uj-60mt\/ess>>-
cpe:2.3:h:mitsubishielectric:fx5uj-60mt\/ess:-:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishielectric
>>fx5uc-32mt\/dss-ts_firmware>>-
cpe:2.3:o:mitsubishielectric:fx5uc-32mt\/dss-ts_firmware:-:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishielectric
>>fx5uc-32mt\/dss-ts>>-
cpe:2.3:h:mitsubishielectric:fx5uc-32mt\/dss-ts:-:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishielectric
>>fx5uc-32mt\/ds-ts_firmware>>-
cpe:2.3:o:mitsubishielectric:fx5uc-32mt\/ds-ts_firmware:-:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishielectric
>>fx5uc-32mt\/ds-ts>>-
cpe:2.3:h:mitsubishielectric:fx5uc-32mt\/ds-ts:-:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishielectric
>>fx5uj_firmware>>-
cpe:2.3:o:mitsubishielectric:fx5uj_firmware:-:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishielectric
>>fx5uj>>-
cpe:2.3:h:mitsubishielectric:fx5uj:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-312Primarynvd@nist.gov
CWE ID: CWE-312
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://jvn.jp/vu/JVNVU96577897/index.htmlMitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
Third Party Advisory
https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-04Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
Third Party Advisory
US Government Resource
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-031_en.pdfMitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
Vendor Advisory
Hyperlink: https://jvn.jp/vu/JVNVU96577897/index.html
Source: Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
Resource:
Third Party Advisory
Hyperlink: https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-04
Source: Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
Resource:
Third Party Advisory
US Government Resource
Hyperlink: https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-031_en.pdf
Source: Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

0Records found
Details not found