Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2022-23128
Analyzed
More InfoOfficial Page
Source-Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
View Known Exploited Vulnerability (KEV) details
Published At-21 Jan, 2022 | 19:15
Updated At-27 Jan, 2022 | 20:20

Incomplete List of Disallowed Inputs vulnerability in Mitsubishi Electric MC Works64 versions 4.00A (10.95.201.23) to 4.04E (10.95.210.01), ICONICS GENESIS64 versions 10.95.3 to 10.97, ICONICS Hyper Historian versions 10.95.3 to 10.97, ICONICS AnalytiX versions 10.95.3 to 10.97 and ICONICS MobileHMI versions 10.95.3 to 10.97 allows a remote unauthenticated attacker to bypass the authentication of MC Works64, GENESIS64, Hyper Historian, AnalytiX and MobileHMI, and gain unauthorized access to the products, by sending specially crafted WebSocket packets to FrameWorX server, one of the functions of the products.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary2.07.5HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 7.5
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CPE Matches
iconics
iconics
>>analytix>>Versions from 10.95.3(inclusive) to 10.97(inclusive)
cpe:2.3:a:iconics:analytix:*:*:*:*:*:*:*:*
iconics
iconics
>>genesis64>>Versions from 10.95.3(inclusive) to 10.97(inclusive)
cpe:2.3:a:iconics:genesis64:*:*:*:*:*:*:*:*
iconics
iconics
>>hyper_historian>>Versions from 10.95.3(inclusive) to 10.97(inclusive)
cpe:2.3:a:iconics:hyper_historian:*:*:*:*:*:*:*:*
iconics
iconics
>>mobilehmi>>Versions from 10.95.3(inclusive) to 10.97(inclusive)
cpe:2.3:a:iconics:mobilehmi:*:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishielectric
>>mc_works64>>Versions from 10.95.201.23(inclusive) to 10.95.210.01(inclusive)
cpe:2.3:a:mitsubishielectric:mc_works64:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-OtherPrimarynvd@nist.gov
CWE ID: NVD-CWE-Other
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://jvn.jp/vu/JVNVU95403720/index.htmlMitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
Mitigation
Third Party Advisory
VDB Entry
https://www.cisa.gov/uscert/ics/advisories/icsa-22-020-01Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
Mitigation
Third Party Advisory
US Government Resource
VDB Entry
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-026_en.pdfMitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
Mitigation
Vendor Advisory
Hyperlink: https://jvn.jp/vu/JVNVU95403720/index.html
Source: Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
Resource:
Mitigation
Third Party Advisory
VDB Entry
Hyperlink: https://www.cisa.gov/uscert/ics/advisories/icsa-22-020-01
Source: Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
Resource:
Mitigation
Third Party Advisory
US Government Resource
VDB Entry
Hyperlink: https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-026_en.pdf
Source: Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
Resource:
Mitigation
Vendor Advisory
Change History
0Changes found
Details not found