Vulnerabilites related to mitsubishi - ae-50a_firmware
CVE-2021-20595 (GCVE-0-2021-20595)
Vulnerability from cvelistv5
Published
2021-07-13 10:54
Modified
2024-08-03 17:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Improper Restriction of XML External Entity Reference
Summary
Improper Restriction of XML External Entity Reference vulnerability in Mitsubishi Electric Air Conditioning System/Centralized Controllers (G-50A Ver.3.35 and prior, GB-50A Ver.3.35 and prior, GB-24A Ver.9.11 and prior, AG-150A-A Ver.3.20 and prior, AG-150A-J Ver.3.20 and prior, GB-50ADA-A Ver.3.20 and prior, GB-50ADA-J Ver.3.20 and prior, EB-50GU-A Ver 7.09 and prior, EB-50GU-J Ver 7.09 and prior, AE-200A Ver 7.93 and prior, AE-200E Ver 7.93 and prior, AE-50A Ver 7.93 and prior, AE-50E Ver 7.93 and prior, EW-50A Ver 7.93 and prior, EW-50E Ver 7.93 and prior, TE-200A Ver 7.93 and prior, TE-50A Ver 7.93 and prior, TW-50A Ver 7.93 and prior, CMS-RMD-J Ver.1.30 and prior), Air Conditioning System/Expansion Controllers (PAC-YG50ECA Ver.2.20 and prior) and Air Conditioning System/BM adapter(BAC-HD150 Ver.2.21 and prior) allows a remote unauthenticated attacker to disclose some of data in the air conditioning system or cause a DoS condition by sending specially crafted packets.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-005_en.pdf | x_refsource_MISC | |
| https://jvn.jp/vu/JVNVU93086468/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Air Conditioning System/Centralized Controllers G-50A; GB-50A; GB-24A; AG-150A-A; AG-150A-J; GB-50ADA-A; GB-50ADA-J; EB-50GU-A; EB-50GU-J; AE-200A; AE-200E; AE-50A; AE-50E; EW-50A; EW-50E; TE-200A; TE-50A; TW-50A; CMS-RMD-J; Air Conditioning System/Expansion Controllers PAC-YG50ECA; Air Conditioning System/BM adapter BAC-HD150 |
Version: Ver.3.35 and prior Version: Ver.9.11 and prior Version: Ver.3.20 and prior Version: Ver 7.09 and prior Version: Ver 7.93 and prior Version: Ver.1.30 and prior Version: Ver.2.20 and prior Version: Ver.2.21 and prior |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:45:44.715Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-005_en.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/vu/JVNVU93086468/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Air Conditioning System/Centralized Controllers G-50A; GB-50A; GB-24A; AG-150A-A; AG-150A-J; GB-50ADA-A; GB-50ADA-J; EB-50GU-A; EB-50GU-J; AE-200A; AE-200E; AE-50A; AE-50E; EW-50A; EW-50E; TE-200A; TE-50A; TW-50A; CMS-RMD-J; Air Conditioning System/Expansion Controllers PAC-YG50ECA; Air Conditioning System/BM adapter BAC-HD150",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Ver.3.35 and prior"
},
{
"status": "affected",
"version": "Ver.9.11 and prior"
},
{
"status": "affected",
"version": "Ver.3.20 and prior"
},
{
"status": "affected",
"version": "Ver 7.09 and prior"
},
{
"status": "affected",
"version": "Ver 7.93 and prior"
},
{
"status": "affected",
"version": "Ver.1.30 and prior"
},
{
"status": "affected",
"version": "Ver.2.20 and prior"
},
{
"status": "affected",
"version": "Ver.2.21 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Restriction of XML External Entity Reference vulnerability in Mitsubishi Electric Air Conditioning System/Centralized Controllers (G-50A Ver.3.35 and prior, GB-50A Ver.3.35 and prior, GB-24A Ver.9.11 and prior, AG-150A-A Ver.3.20 and prior, AG-150A-J Ver.3.20 and prior, GB-50ADA-A Ver.3.20 and prior, GB-50ADA-J Ver.3.20 and prior, EB-50GU-A Ver 7.09 and prior, EB-50GU-J Ver 7.09 and prior, AE-200A Ver 7.93 and prior, AE-200E Ver 7.93 and prior, AE-50A Ver 7.93 and prior, AE-50E Ver 7.93 and prior, EW-50A Ver 7.93 and prior, EW-50E Ver 7.93 and prior, TE-200A Ver 7.93 and prior, TE-50A Ver 7.93 and prior, TW-50A Ver 7.93 and prior, CMS-RMD-J Ver.1.30 and prior), Air Conditioning System/Expansion Controllers (PAC-YG50ECA Ver.2.20 and prior) and Air Conditioning System/BM adapter(BAC-HD150 Ver.2.21 and prior) allows a remote unauthenticated attacker to disclose some of data in the air conditioning system or cause a DoS condition by sending specially crafted packets."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Restriction of XML External Entity Reference",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-13T10:54:01",
"orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
"shortName": "Mitsubishi"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-005_en.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/vu/JVNVU93086468/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"ID": "CVE-2021-20595",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Air Conditioning System/Centralized Controllers G-50A; GB-50A; GB-24A; AG-150A-A; AG-150A-J; GB-50ADA-A; GB-50ADA-J; EB-50GU-A; EB-50GU-J; AE-200A; AE-200E; AE-50A; AE-50E; EW-50A; EW-50E; TE-200A; TE-50A; TW-50A; CMS-RMD-J; Air Conditioning System/Expansion Controllers PAC-YG50ECA; Air Conditioning System/BM adapter BAC-HD150",
"version": {
"version_data": [
{
"version_value": "Ver.3.35 and prior"
},
{
"version_value": "Ver.3.35 and prior"
},
{
"version_value": "Ver.9.11 and prior"
},
{
"version_value": "Ver.3.20 and prior"
},
{
"version_value": "Ver.3.20 and prior"
},
{
"version_value": "Ver.3.20 and prior"
},
{
"version_value": "Ver.3.20 and prior"
},
{
"version_value": "Ver 7.09 and prior"
},
{
"version_value": "Ver 7.09 and prior"
},
{
"version_value": "Ver 7.93 and prior"
},
{
"version_value": "Ver 7.93 and prior"
},
{
"version_value": "Ver 7.93 and prior"
},
{
"version_value": "Ver 7.93 and prior"
},
{
"version_value": "Ver 7.93 and prior"
},
{
"version_value": "Ver 7.93 and prior"
},
{
"version_value": "Ver 7.93 and prior"
},
{
"version_value": "Ver 7.93 and prior"
},
{
"version_value": "Ver 7.93 and prior"
},
{
"version_value": "Ver.1.30 and prior"
},
{
"version_value": "Ver.2.20 and prior"
},
{
"version_value": "Ver.2.21 and prior"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Restriction of XML External Entity Reference vulnerability in Mitsubishi Electric Air Conditioning System/Centralized Controllers (G-50A Ver.3.35 and prior, GB-50A Ver.3.35 and prior, GB-24A Ver.9.11 and prior, AG-150A-A Ver.3.20 and prior, AG-150A-J Ver.3.20 and prior, GB-50ADA-A Ver.3.20 and prior, GB-50ADA-J Ver.3.20 and prior, EB-50GU-A Ver 7.09 and prior, EB-50GU-J Ver 7.09 and prior, AE-200A Ver 7.93 and prior, AE-200E Ver 7.93 and prior, AE-50A Ver 7.93 and prior, AE-50E Ver 7.93 and prior, EW-50A Ver 7.93 and prior, EW-50E Ver 7.93 and prior, TE-200A Ver 7.93 and prior, TE-50A Ver 7.93 and prior, TW-50A Ver 7.93 and prior, CMS-RMD-J Ver.1.30 and prior), Air Conditioning System/Expansion Controllers (PAC-YG50ECA Ver.2.20 and prior) and Air Conditioning System/BM adapter(BAC-HD150 Ver.2.21 and prior) allows a remote unauthenticated attacker to disclose some of data in the air conditioning system or cause a DoS condition by sending specially crafted packets."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Restriction of XML External Entity Reference"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-005_en.pdf",
"refsource": "MISC",
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-005_en.pdf"
},
{
"name": "https://jvn.jp/vu/JVNVU93086468/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/vu/JVNVU93086468/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
"assignerShortName": "Mitsubishi",
"cveId": "CVE-2021-20595",
"datePublished": "2021-07-13T10:54:01",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:45:44.715Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20593 (GCVE-0-2021-20593)
Vulnerability from cvelistv5
Published
2021-07-13 13:30
Modified
2024-08-03 17:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Incorrect Implementation of Authentication Algorithm
Summary
Incorrect Implementation of Authentication Algorithm in Mitsubishi Electric Air Conditioning System/Centralized Controllers (G-50A Ver.2.50 to Ver. 3.35, GB-50A Ver.2.50 to Ver. 3.35, AG-150A-A Ver.3.20 and prior, AG-150A-J Ver.3.20 and prior, GB-50ADA-A Ver.3.20 and prior, GB-50ADA-J Ver.3.20 and prior, EB-50GU-A Ver 7.09 and prior, EB-50GU-J Ver 7.09 and prior, AE-200A Ver 7.93 and prior, AE-200E Ver 7.93 and prior, AE-50A Ver 7.93 and prior, AE-50E Ver 7.93 and prior, EW-50A Ver 7.93 and prior, EW-50E Ver 7.93 and prior, TE-200A Ver 7.93 and prior, TE-50A Ver 7.93 and prior, TW-50A Ver 7.93 and prior, CMS-RMD-J Ver.1.30 and prior) and Air Conditioning System/Expansion Controllers (PAC-YG50ECA Ver.2.20 and prior) allows a remote authenticated attacker to impersonate administrators to disclose configuration information of the air conditioning system and tamper information (e.g. operation information and configuration of air conditioning system) by exploiting this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-004_en.pdf | x_refsource_MISC | |
| https://jvn.jp/vu/JVNVU96046575/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Air Conditioning System/Centralized Controllers G-50A; GB-50A; AG-150A-A; AG-150A-J; GB-50ADA-A; GB-50ADA-J; EB-50GU-A; EB-50GU-J; AE-200A; AE-200E; AE-50A; AE-50E; EW-50A; EW-50E; TE-200A; TE-50A; TW-50A; CMS-RMD-J; Air Conditioning System/Expansion Controllers PAC-YG50ECA |
Version: Ver.2.50 to Ver.3.35 Version: Ver.3.20 and prior Version: Ver 7.09 and prior Version: Ver 7.93 and prior Version: Ver.1.30 and prior Version: Ver.2.20 and prior |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:45:44.715Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-004_en.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/vu/JVNVU96046575/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Air Conditioning System/Centralized Controllers G-50A; GB-50A; AG-150A-A; AG-150A-J; GB-50ADA-A; GB-50ADA-J; EB-50GU-A; EB-50GU-J; AE-200A; AE-200E; AE-50A; AE-50E; EW-50A; EW-50E; TE-200A; TE-50A; TW-50A; CMS-RMD-J; Air Conditioning System/Expansion Controllers PAC-YG50ECA",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Ver.2.50 to Ver.3.35"
},
{
"status": "affected",
"version": "Ver.3.20 and prior"
},
{
"status": "affected",
"version": "Ver 7.09 and prior"
},
{
"status": "affected",
"version": "Ver 7.93 and prior"
},
{
"status": "affected",
"version": "Ver.1.30 and prior"
},
{
"status": "affected",
"version": "Ver.2.20 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Incorrect Implementation of Authentication Algorithm in Mitsubishi Electric Air Conditioning System/Centralized Controllers (G-50A Ver.2.50 to Ver. 3.35, GB-50A Ver.2.50 to Ver. 3.35, AG-150A-A Ver.3.20 and prior, AG-150A-J Ver.3.20 and prior, GB-50ADA-A Ver.3.20 and prior, GB-50ADA-J Ver.3.20 and prior, EB-50GU-A Ver 7.09 and prior, EB-50GU-J Ver 7.09 and prior, AE-200A Ver 7.93 and prior, AE-200E Ver 7.93 and prior, AE-50A Ver 7.93 and prior, AE-50E Ver 7.93 and prior, EW-50A Ver 7.93 and prior, EW-50E Ver 7.93 and prior, TE-200A Ver 7.93 and prior, TE-50A Ver 7.93 and prior, TW-50A Ver 7.93 and prior, CMS-RMD-J Ver.1.30 and prior) and Air Conditioning System/Expansion Controllers (PAC-YG50ECA Ver.2.20 and prior) allows a remote authenticated attacker to impersonate administrators to disclose configuration information of the air conditioning system and tamper information (e.g. operation information and configuration of air conditioning system) by exploiting this vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Incorrect Implementation of Authentication Algorithm",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-13T13:30:59",
"orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
"shortName": "Mitsubishi"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-004_en.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/vu/JVNVU96046575/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"ID": "CVE-2021-20593",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Air Conditioning System/Centralized Controllers G-50A; GB-50A; AG-150A-A; AG-150A-J; GB-50ADA-A; GB-50ADA-J; EB-50GU-A; EB-50GU-J; AE-200A; AE-200E; AE-50A; AE-50E; EW-50A; EW-50E; TE-200A; TE-50A; TW-50A; CMS-RMD-J; Air Conditioning System/Expansion Controllers PAC-YG50ECA",
"version": {
"version_data": [
{
"version_value": "Ver.2.50 to Ver.3.35"
},
{
"version_value": "Ver.2.50 to Ver.3.35"
},
{
"version_value": "Ver.3.20 and prior"
},
{
"version_value": "Ver.3.20 and prior"
},
{
"version_value": "Ver.3.20 and prior"
},
{
"version_value": "Ver.3.20 and prior"
},
{
"version_value": "Ver 7.09 and prior"
},
{
"version_value": "Ver 7.09 and prior"
},
{
"version_value": "Ver 7.93 and prior"
},
{
"version_value": "Ver 7.93 and prior"
},
{
"version_value": "Ver 7.93 and prior"
},
{
"version_value": "Ver 7.93 and prior"
},
{
"version_value": "Ver 7.93 and prior"
},
{
"version_value": "Ver 7.93 and prior"
},
{
"version_value": "Ver 7.93 and prior"
},
{
"version_value": "Ver 7.93 and prior"
},
{
"version_value": "Ver 7.93 and prior"
},
{
"version_value": "Ver.1.30 and prior"
},
{
"version_value": "Ver.2.20 and prior"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incorrect Implementation of Authentication Algorithm in Mitsubishi Electric Air Conditioning System/Centralized Controllers (G-50A Ver.2.50 to Ver. 3.35, GB-50A Ver.2.50 to Ver. 3.35, AG-150A-A Ver.3.20 and prior, AG-150A-J Ver.3.20 and prior, GB-50ADA-A Ver.3.20 and prior, GB-50ADA-J Ver.3.20 and prior, EB-50GU-A Ver 7.09 and prior, EB-50GU-J Ver 7.09 and prior, AE-200A Ver 7.93 and prior, AE-200E Ver 7.93 and prior, AE-50A Ver 7.93 and prior, AE-50E Ver 7.93 and prior, EW-50A Ver 7.93 and prior, EW-50E Ver 7.93 and prior, TE-200A Ver 7.93 and prior, TE-50A Ver 7.93 and prior, TW-50A Ver 7.93 and prior, CMS-RMD-J Ver.1.30 and prior) and Air Conditioning System/Expansion Controllers (PAC-YG50ECA Ver.2.20 and prior) allows a remote authenticated attacker to impersonate administrators to disclose configuration information of the air conditioning system and tamper information (e.g. operation information and configuration of air conditioning system) by exploiting this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Incorrect Implementation of Authentication Algorithm"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-004_en.pdf",
"refsource": "MISC",
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-004_en.pdf"
},
{
"name": "https://jvn.jp/vu/JVNVU96046575/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/vu/JVNVU96046575/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
"assignerShortName": "Mitsubishi",
"cveId": "CVE-2021-20593",
"datePublished": "2021-07-13T13:30:59",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:45:44.715Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-24296 (GCVE-0-2022-24296)
Vulnerability from cvelistv5
Published
2022-06-08 14:11
Modified
2024-08-03 04:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Use of a Broken or Risky Cryptographic Algorithm
Summary
Use of a Broken or Risky Cryptographic Algorithm vulnerability in Air Conditioning System G-150AD Ver. 3.21 and prior, Air Conditioning System AG-150A-A Ver. 3.21 and prior, Air Conditioning System AG-150A-J Ver. 3.21 and prior, Air Conditioning System GB-50AD Ver. 3.21 and prior, Air Conditioning System GB-50ADA-A Ver. 3.21 and prior, Air Conditioning System GB-50ADA-J Ver. 3.21 and prior, Air Conditioning System EB-50GU-A Ver. 7.10 and prior, Air Conditioning System EB-50GU-J Ver. 7.10 and prior, Air Conditioning System AE-200J Ver. 7.97 and prior, Air Conditioning System AE-200A Ver. 7.97 and prior, Air Conditioning System AE-200E Ver. 7.97 and prior, Air Conditioning System AE-50J Ver. 7.97 and prior, Air Conditioning System AE-50A Ver. 7.97 and prior, Air Conditioning System AE-50E Ver. 7.97 and prior, Air Conditioning System EW-50J Ver. 7.97 and prior, Air Conditioning System EW-50A Ver. 7.97 and prior, Air Conditioning System EW-50E Ver. 7.97 and prior, Air Conditioning System TE-200A Ver. 7.97 and prior, Air Conditioning System TE-50A Ver. 7.97 and prior and Air Conditioning System TW-50A Ver. 7.97 and prior allows a remote unauthenticated attacker to cause a disclosure of encrypted message of the air conditioning systems by sniffing encrypted communications.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-005_en.pdf | x_refsource_MISC | |
| https://www.mee.co.jp/psirt/vulnerability/pdf/2022-001.pdf | x_refsource_MISC | |
| https://jvn.jp/vu/JVNVU95298925/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Air Conditioning System G-150AD; Air Conditioning System AG-150A-A; Air Conditioning System AG-150A-J; Air Conditioning System GB-50AD; Air Conditioning System GB-50ADA-A; Air Conditioning System GB-50ADA-J; Air Conditioning System EB-50GU-A; Air Conditioning System EB-50GU-J; Air Conditioning System AE-200J; Air Conditioning System AE-200A; Air Conditioning System AE-200E; Air Conditioning System AE-50J; Air Conditioning System AE-50A; Air Conditioning System AE-50E; Air Conditioning System EW-50J; Air Conditioning System EW-50A; Air Conditioning System EW-50E; Air Conditioning System TE-200A; Air Conditioning System TE-50A; Air Conditioning System TW-50A |
Version: Air Conditioning System G-150AD Ver. 3.21 and prior Version: Air Conditioning System AG-150A-A Ver. 3.21 and prior Version: Air Conditioning System AG-150A-J Ver. 3.21 and prior Version: Air Conditioning System GB-50AD Ver. 3.21 and prior Version: Air Conditioning System GB-50ADA-A Ver. 3.21 and prior Version: Air Conditioning System GB-50ADA-J Ver. 3.21 and prior Version: Air Conditioning System EB-50GU-A Ver. 7.10 and prior Version: Air Conditioning System EB-50GU-J Ver. 7.10 and prior Version: Air Conditioning System AE-200J Ver. 7.97 and prior Version: Air Conditioning System AE-200A Ver. 7.97 and prior Version: Air Conditioning System AE-200E Ver. 7.97 and prior Version: Air Conditioning System AE-50J Ver. 7.97 and prior Version: Air Conditioning System AE-50A Ver. 7.97 and prior Version: Air Conditioning System AE-50E Ver. 7.97 and prior Version: Air Conditioning System EW-50J Ver. 7.97 and prior Version: Air Conditioning System EW-50A Ver. 7.97 and prior Version: Air Conditioning System EW-50E Ver. 7.97 and prior Version: Air Conditioning System TE-200A Ver. 7.97 and prior Version: Air Conditioning System TE-50A Ver. 7.97 and prior Version: Air Conditioning System TW-50A Ver. 7.97 and prior |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:07:02.409Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-005_en.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mee.co.jp/psirt/vulnerability/pdf/2022-001.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/vu/JVNVU95298925/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Air Conditioning System G-150AD; Air Conditioning System AG-150A-A; Air Conditioning System AG-150A-J; Air Conditioning System GB-50AD; Air Conditioning System GB-50ADA-A; Air Conditioning System GB-50ADA-J; Air Conditioning System EB-50GU-A; Air Conditioning System EB-50GU-J; Air Conditioning System AE-200J; Air Conditioning System AE-200A; Air Conditioning System AE-200E; Air Conditioning System AE-50J; Air Conditioning System AE-50A; Air Conditioning System AE-50E; Air Conditioning System EW-50J; Air Conditioning System EW-50A; Air Conditioning System EW-50E; Air Conditioning System TE-200A; Air Conditioning System TE-50A; Air Conditioning System TW-50A",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Air Conditioning System G-150AD Ver. 3.21 and prior"
},
{
"status": "affected",
"version": "Air Conditioning System AG-150A-A Ver. 3.21 and prior"
},
{
"status": "affected",
"version": "Air Conditioning System AG-150A-J Ver. 3.21 and prior"
},
{
"status": "affected",
"version": "Air Conditioning System GB-50AD Ver. 3.21 and prior"
},
{
"status": "affected",
"version": "Air Conditioning System GB-50ADA-A Ver. 3.21 and prior"
},
{
"status": "affected",
"version": "Air Conditioning System GB-50ADA-J Ver. 3.21 and prior"
},
{
"status": "affected",
"version": "Air Conditioning System EB-50GU-A Ver. 7.10 and prior"
},
{
"status": "affected",
"version": "Air Conditioning System EB-50GU-J Ver. 7.10 and prior"
},
{
"status": "affected",
"version": "Air Conditioning System AE-200J Ver. 7.97 and prior"
},
{
"status": "affected",
"version": "Air Conditioning System AE-200A Ver. 7.97 and prior"
},
{
"status": "affected",
"version": "Air Conditioning System AE-200E Ver. 7.97 and prior"
},
{
"status": "affected",
"version": "Air Conditioning System AE-50J Ver. 7.97 and prior"
},
{
"status": "affected",
"version": "Air Conditioning System AE-50A Ver. 7.97 and prior"
},
{
"status": "affected",
"version": "Air Conditioning System AE-50E Ver. 7.97 and prior"
},
{
"status": "affected",
"version": "Air Conditioning System EW-50J Ver. 7.97 and prior"
},
{
"status": "affected",
"version": "Air Conditioning System EW-50A Ver. 7.97 and prior"
},
{
"status": "affected",
"version": "Air Conditioning System EW-50E Ver. 7.97 and prior"
},
{
"status": "affected",
"version": "Air Conditioning System TE-200A Ver. 7.97 and prior"
},
{
"status": "affected",
"version": "Air Conditioning System TE-50A Ver. 7.97 and prior"
},
{
"status": "affected",
"version": "Air Conditioning System TW-50A Ver. 7.97 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use of a Broken or Risky Cryptographic Algorithm vulnerability in Air Conditioning System G-150AD Ver. 3.21 and prior, Air Conditioning System AG-150A-A Ver. 3.21 and prior, Air Conditioning System AG-150A-J Ver. 3.21 and prior, Air Conditioning System GB-50AD Ver. 3.21 and prior, Air Conditioning System GB-50ADA-A Ver. 3.21 and prior, Air Conditioning System GB-50ADA-J Ver. 3.21 and prior, Air Conditioning System EB-50GU-A Ver. 7.10 and prior, Air Conditioning System EB-50GU-J Ver. 7.10 and prior, Air Conditioning System AE-200J Ver. 7.97 and prior, Air Conditioning System AE-200A Ver. 7.97 and prior, Air Conditioning System AE-200E Ver. 7.97 and prior, Air Conditioning System AE-50J Ver. 7.97 and prior, Air Conditioning System AE-50A Ver. 7.97 and prior, Air Conditioning System AE-50E Ver. 7.97 and prior, Air Conditioning System EW-50J Ver. 7.97 and prior, Air Conditioning System EW-50A Ver. 7.97 and prior, Air Conditioning System EW-50E Ver. 7.97 and prior, Air Conditioning System TE-200A Ver. 7.97 and prior, Air Conditioning System TE-50A Ver. 7.97 and prior and Air Conditioning System TW-50A Ver. 7.97 and prior allows a remote unauthenticated attacker to cause a disclosure of encrypted message of the air conditioning systems by sniffing encrypted communications."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use of a Broken or Risky Cryptographic Algorithm",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-08T14:11:50",
"orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
"shortName": "Mitsubishi"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-005_en.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mee.co.jp/psirt/vulnerability/pdf/2022-001.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/vu/JVNVU95298925/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"ID": "CVE-2022-24296",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Air Conditioning System G-150AD; Air Conditioning System AG-150A-A; Air Conditioning System AG-150A-J; Air Conditioning System GB-50AD; Air Conditioning System GB-50ADA-A; Air Conditioning System GB-50ADA-J; Air Conditioning System EB-50GU-A; Air Conditioning System EB-50GU-J; Air Conditioning System AE-200J; Air Conditioning System AE-200A; Air Conditioning System AE-200E; Air Conditioning System AE-50J; Air Conditioning System AE-50A; Air Conditioning System AE-50E; Air Conditioning System EW-50J; Air Conditioning System EW-50A; Air Conditioning System EW-50E; Air Conditioning System TE-200A; Air Conditioning System TE-50A; Air Conditioning System TW-50A",
"version": {
"version_data": [
{
"version_value": "Air Conditioning System G-150AD Ver. 3.21 and prior"
},
{
"version_value": "Air Conditioning System AG-150A-A Ver. 3.21 and prior"
},
{
"version_value": "Air Conditioning System AG-150A-J Ver. 3.21 and prior"
},
{
"version_value": "Air Conditioning System GB-50AD Ver. 3.21 and prior"
},
{
"version_value": "Air Conditioning System GB-50ADA-A Ver. 3.21 and prior"
},
{
"version_value": "Air Conditioning System GB-50ADA-J Ver. 3.21 and prior"
},
{
"version_value": "Air Conditioning System EB-50GU-A Ver. 7.10 and prior"
},
{
"version_value": "Air Conditioning System EB-50GU-J Ver. 7.10 and prior"
},
{
"version_value": "Air Conditioning System AE-200J Ver. 7.97 and prior"
},
{
"version_value": "Air Conditioning System AE-200A Ver. 7.97 and prior"
},
{
"version_value": "Air Conditioning System AE-200E Ver. 7.97 and prior"
},
{
"version_value": "Air Conditioning System AE-50J Ver. 7.97 and prior"
},
{
"version_value": "Air Conditioning System AE-50A Ver. 7.97 and prior"
},
{
"version_value": "Air Conditioning System AE-50E Ver. 7.97 and prior"
},
{
"version_value": "Air Conditioning System EW-50J Ver. 7.97 and prior"
},
{
"version_value": "Air Conditioning System EW-50A Ver. 7.97 and prior"
},
{
"version_value": "Air Conditioning System EW-50E Ver. 7.97 and prior"
},
{
"version_value": "Air Conditioning System TE-200A Ver. 7.97 and prior"
},
{
"version_value": "Air Conditioning System TE-50A Ver. 7.97 and prior"
},
{
"version_value": "Air Conditioning System TW-50A Ver. 7.97 and prior"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use of a Broken or Risky Cryptographic Algorithm vulnerability in Air Conditioning System G-150AD Ver. 3.21 and prior, Air Conditioning System AG-150A-A Ver. 3.21 and prior, Air Conditioning System AG-150A-J Ver. 3.21 and prior, Air Conditioning System GB-50AD Ver. 3.21 and prior, Air Conditioning System GB-50ADA-A Ver. 3.21 and prior, Air Conditioning System GB-50ADA-J Ver. 3.21 and prior, Air Conditioning System EB-50GU-A Ver. 7.10 and prior, Air Conditioning System EB-50GU-J Ver. 7.10 and prior, Air Conditioning System AE-200J Ver. 7.97 and prior, Air Conditioning System AE-200A Ver. 7.97 and prior, Air Conditioning System AE-200E Ver. 7.97 and prior, Air Conditioning System AE-50J Ver. 7.97 and prior, Air Conditioning System AE-50A Ver. 7.97 and prior, Air Conditioning System AE-50E Ver. 7.97 and prior, Air Conditioning System EW-50J Ver. 7.97 and prior, Air Conditioning System EW-50A Ver. 7.97 and prior, Air Conditioning System EW-50E Ver. 7.97 and prior, Air Conditioning System TE-200A Ver. 7.97 and prior, Air Conditioning System TE-50A Ver. 7.97 and prior and Air Conditioning System TW-50A Ver. 7.97 and prior allows a remote unauthenticated attacker to cause a disclosure of encrypted message of the air conditioning systems by sniffing encrypted communications."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use of a Broken or Risky Cryptographic Algorithm"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-005_en.pdf",
"refsource": "MISC",
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-005_en.pdf"
},
{
"name": "https://www.mee.co.jp/psirt/vulnerability/pdf/2022-001.pdf",
"refsource": "MISC",
"url": "https://www.mee.co.jp/psirt/vulnerability/pdf/2022-001.pdf"
},
{
"name": "https://jvn.jp/vu/JVNVU95298925/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/vu/JVNVU95298925/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
"assignerShortName": "Mitsubishi",
"cveId": "CVE-2022-24296",
"datePublished": "2022-06-08T14:11:50",
"dateReserved": "2022-02-01T00:00:00",
"dateUpdated": "2024-08-03T04:07:02.409Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2021-07-13 11:15
Modified
2024-11-21 05:46
Severity ?
Summary
Improper Restriction of XML External Entity Reference vulnerability in Mitsubishi Electric Air Conditioning System/Centralized Controllers (G-50A Ver.3.35 and prior, GB-50A Ver.3.35 and prior, GB-24A Ver.9.11 and prior, AG-150A-A Ver.3.20 and prior, AG-150A-J Ver.3.20 and prior, GB-50ADA-A Ver.3.20 and prior, GB-50ADA-J Ver.3.20 and prior, EB-50GU-A Ver 7.09 and prior, EB-50GU-J Ver 7.09 and prior, AE-200A Ver 7.93 and prior, AE-200E Ver 7.93 and prior, AE-50A Ver 7.93 and prior, AE-50E Ver 7.93 and prior, EW-50A Ver 7.93 and prior, EW-50E Ver 7.93 and prior, TE-200A Ver 7.93 and prior, TE-50A Ver 7.93 and prior, TW-50A Ver 7.93 and prior, CMS-RMD-J Ver.1.30 and prior), Air Conditioning System/Expansion Controllers (PAC-YG50ECA Ver.2.20 and prior) and Air Conditioning System/BM adapter(BAC-HD150 Ver.2.21 and prior) allows a remote unauthenticated attacker to disclose some of data in the air conditioning system or cause a DoS condition by sending specially crafted packets.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishi:g-50a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "590E5BE8-3A41-4AAE-831E-8D01C2E4296F",
"versionEndIncluding": "3.35",
"versionStartIncluding": "2.50",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishi:g-50a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD839297-7BB1-4447-B781-86A501682648",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishi:gb-50a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C24DC7AC-ACF3-4B4F-8605-60ABBC91F723",
"versionEndIncluding": "3.35",
"versionStartIncluding": "2.50",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishi:gb-50a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CF1DA319-3B4E-4255-8B09-D4CA82F4CEDD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishi:ag-150a-a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A59BEA50-00EF-4958-97D3-D13599FDB02E",
"versionEndIncluding": "3.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishi:ag-150a-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2E37278D-F466-4D02-A3D2-C784D579156B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishi:ag-150a-j_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "66F1FEF1-1896-4ABD-A69B-789AF83B5D17",
"versionEndIncluding": "3.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishi:ag-150a-j:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A95212E0-241E-4AD9-97A4-1F75DF382115",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishi:gb-50ada-a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2714AD39-85DB-4A82-91F4-AF1E1AD7732B",
"versionEndIncluding": "3.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishi:gb-50ada-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4F3A0876-AAC8-48B2-9081-F0989CBCF3C0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishi:gb-50ada-j_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2175EE52-FE97-490D-A52F-2775C84E2577",
"versionEndIncluding": "3.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishi:gb-50ada-j:-:*:*:*:*:*:*:*",
"matchCriteriaId": "006B9E46-F48B-483B-A909-35A7E5A5A76B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishi:eb-50gu-a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0750A08B-856A-456E-926F-1EBDB90A6608",
"versionEndIncluding": "7.09",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishi:eb-50gu-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4BC98F5E-1FE9-4C5D-80B5-E90852A9BE0C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishi:eb-50gu-j_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "84227253-E377-41F7-B515-C890F28F271B",
"versionEndIncluding": "7.09",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishi:eb-50gu-j:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4575CA5F-5B1F-46AF-BD08-7A6C37E7D2F9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishi:ae-200a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "70AC9C1D-4AE3-430F-98F0-6A4944725B58",
"versionEndIncluding": "7.93",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishi:ae-200a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "208B2720-7090-41FB-99EF-20D4BBF07685",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishi:ae-200e_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "125ED867-F47D-4532-98F5-FDC99819D37C",
"versionEndIncluding": "7.93",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishi:ae-200e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "222E1D60-FB10-477A-A21E-EAC902CCC1EF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishi:ae-50a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8AEC0B91-9928-404E-9991-6FE8560E4A94",
"versionEndIncluding": "7.93",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishi:ae-50a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3BC7EF0E-9DC4-4126-BA84-990FDE5EC5EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishi:ae-50e_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A13BC506-5437-4FB5-9FA6-666B9785D774",
"versionEndIncluding": "7.93",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishi:ae-50e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5E2F0B95-8905-4CBD-A50D-DD11C3B1639E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishi:ew-50a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7BA4C2EB-96FD-416E-BB0F-6390516904E5",
"versionEndIncluding": "7.93",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishi:ew-50a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1A55E519-0E2B-4809-9453-3D240949AF25",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishi:ew-50e_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BA6DCE61-57D2-4011-AF5B-6A5A8D180491",
"versionEndIncluding": "7.93",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishi:ew-50e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "36D3BD0B-F2C0-4DD7-9EC7-A0ADD2001833",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishi:te-200a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2454711C-B053-4071-996A-CF2F90FCC27D",
"versionEndIncluding": "7.93",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishi:te-200a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "15CCCC0A-AFBE-4C9B-A92C-8E0C5CF2A055",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishi:te-50a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E5CD0C0A-7EFE-4435-A6DE-A0AEF6F1CA09",
"versionEndIncluding": "7.93",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishi:te-50a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C556A4B8-4351-43AD-9E85-D8736D3799E7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishi:tw-50a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D9B2E089-A079-448D-A0AB-B92828747504",
"versionEndIncluding": "7.93",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishi:tw-50a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2625668C-2AB6-4610-A609-D2B299EA9B53",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishi:cms-rmd-j_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E55ABCF2-4170-40F6-8D75-C6EFA7EA4802",
"versionEndIncluding": "1.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishi:cms-rmd-j:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F93ABCC-1DD4-4202-831C-AD1E5D04FD31",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishi:pac-yg50eca_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "89CEB979-0C82-41BB-9371-F860EE9C635E",
"versionEndIncluding": "2.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishi:pac-yg50eca:-:*:*:*:*:*:*:*",
"matchCriteriaId": "32415898-51D3-4925-8AD1-84D9A3276181",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Restriction of XML External Entity Reference vulnerability in Mitsubishi Electric Air Conditioning System/Centralized Controllers (G-50A Ver.3.35 and prior, GB-50A Ver.3.35 and prior, GB-24A Ver.9.11 and prior, AG-150A-A Ver.3.20 and prior, AG-150A-J Ver.3.20 and prior, GB-50ADA-A Ver.3.20 and prior, GB-50ADA-J Ver.3.20 and prior, EB-50GU-A Ver 7.09 and prior, EB-50GU-J Ver 7.09 and prior, AE-200A Ver 7.93 and prior, AE-200E Ver 7.93 and prior, AE-50A Ver 7.93 and prior, AE-50E Ver 7.93 and prior, EW-50A Ver 7.93 and prior, EW-50E Ver 7.93 and prior, TE-200A Ver 7.93 and prior, TE-50A Ver 7.93 and prior, TW-50A Ver 7.93 and prior, CMS-RMD-J Ver.1.30 and prior), Air Conditioning System/Expansion Controllers (PAC-YG50ECA Ver.2.20 and prior) and Air Conditioning System/BM adapter(BAC-HD150 Ver.2.21 and prior) allows a remote unauthenticated attacker to disclose some of data in the air conditioning system or cause a DoS condition by sending specially crafted packets."
},
{
"lang": "es",
"value": "Una vulnerabilidad de restricci\u00f3n inapropiada de referencia de tipo XML External Entity en Mitsubishi Electric Air Conditioning System/Centralized Controllers versiones: (G-50A Ver.3.35 y anteriores, GB-50A Ver.3.35 y anteriores, GB-24A Ver.9.11 y anteriores, AG-150A-A Ver.3.20 y anteriores, AG-150A-J Ver.3.20 y anteriores, GB-50ADA-A Ver.3.20 y anteriores, GB-50ADA-J Ver.3 .20 y anteriores, EB-50GU-A Ver 7.09 y anteriores, EB-50GU-J Ver 7.09 y anteriores, AE-200A Ver 7.93 y anteriores, AE-200E Ver 7.93 y anteriores, AE-50A Ver 7.93 y anteriores, AE-50E Ver 7.93 y anteriores, EW-50A Ver 7.93 y anteriores, EW-50E Ver 7.93 y anteriores, TE-200A Ver 7.93 y anteriores, TE-50A Ver 7.93 y anteriores, TW-50A Ver 7.93 y anteriores, CMS-RMD-J Ver.1 .30 y anteriores), Air Conditioning System/Expansion Controllers (PAC-YG50ECA Ver.2.20 y anteriores) y Sistema de Aire Acondicionado/Adaptador BM (BAC-HD150 Ver.2.21 y anteriores) permite a un atacante remoto no autenticado divulgar algunos de los datos del sistema de aire acondicionado o causar una condici\u00f3n de DoS mediante el env\u00edo de paquetes especialmente dise\u00f1ados"
}
],
"id": "CVE-2021-20595",
"lastModified": "2024-11-21T05:46:50.793",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 7.8,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-07-13T11:15:09.327",
"references": [
{
"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/vu/JVNVU93086468/index.html"
},
{
"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-005_en.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/vu/JVNVU93086468/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-005_en.pdf"
}
],
"sourceIdentifier": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-611"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-07-13 14:15
Modified
2024-11-21 05:46
Severity ?
Summary
Incorrect Implementation of Authentication Algorithm in Mitsubishi Electric Air Conditioning System/Centralized Controllers (G-50A Ver.2.50 to Ver. 3.35, GB-50A Ver.2.50 to Ver. 3.35, AG-150A-A Ver.3.20 and prior, AG-150A-J Ver.3.20 and prior, GB-50ADA-A Ver.3.20 and prior, GB-50ADA-J Ver.3.20 and prior, EB-50GU-A Ver 7.09 and prior, EB-50GU-J Ver 7.09 and prior, AE-200A Ver 7.93 and prior, AE-200E Ver 7.93 and prior, AE-50A Ver 7.93 and prior, AE-50E Ver 7.93 and prior, EW-50A Ver 7.93 and prior, EW-50E Ver 7.93 and prior, TE-200A Ver 7.93 and prior, TE-50A Ver 7.93 and prior, TW-50A Ver 7.93 and prior, CMS-RMD-J Ver.1.30 and prior) and Air Conditioning System/Expansion Controllers (PAC-YG50ECA Ver.2.20 and prior) allows a remote authenticated attacker to impersonate administrators to disclose configuration information of the air conditioning system and tamper information (e.g. operation information and configuration of air conditioning system) by exploiting this vulnerability.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishi:g-50a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "590E5BE8-3A41-4AAE-831E-8D01C2E4296F",
"versionEndIncluding": "3.35",
"versionStartIncluding": "2.50",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishi:g-50a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD839297-7BB1-4447-B781-86A501682648",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishi:gb-50a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C24DC7AC-ACF3-4B4F-8605-60ABBC91F723",
"versionEndIncluding": "3.35",
"versionStartIncluding": "2.50",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishi:gb-50a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CF1DA319-3B4E-4255-8B09-D4CA82F4CEDD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishi:ag-150a-a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A59BEA50-00EF-4958-97D3-D13599FDB02E",
"versionEndIncluding": "3.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishi:ag-150a-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2E37278D-F466-4D02-A3D2-C784D579156B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishi:ag-150a-j_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "66F1FEF1-1896-4ABD-A69B-789AF83B5D17",
"versionEndIncluding": "3.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishi:ag-150a-j:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A95212E0-241E-4AD9-97A4-1F75DF382115",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishi:gb-50ada-a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2714AD39-85DB-4A82-91F4-AF1E1AD7732B",
"versionEndIncluding": "3.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishi:gb-50ada-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4F3A0876-AAC8-48B2-9081-F0989CBCF3C0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishi:gb-50ada-j_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2175EE52-FE97-490D-A52F-2775C84E2577",
"versionEndIncluding": "3.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishi:gb-50ada-j:-:*:*:*:*:*:*:*",
"matchCriteriaId": "006B9E46-F48B-483B-A909-35A7E5A5A76B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishi:eb-50gu-a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0750A08B-856A-456E-926F-1EBDB90A6608",
"versionEndIncluding": "7.09",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishi:eb-50gu-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4BC98F5E-1FE9-4C5D-80B5-E90852A9BE0C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishi:eb-50gu-j_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "84227253-E377-41F7-B515-C890F28F271B",
"versionEndIncluding": "7.09",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishi:eb-50gu-j:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4575CA5F-5B1F-46AF-BD08-7A6C37E7D2F9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishi:ae-200a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "70AC9C1D-4AE3-430F-98F0-6A4944725B58",
"versionEndIncluding": "7.93",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishi:ae-200a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "208B2720-7090-41FB-99EF-20D4BBF07685",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishi:ae-200e_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "125ED867-F47D-4532-98F5-FDC99819D37C",
"versionEndIncluding": "7.93",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishi:ae-200e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "222E1D60-FB10-477A-A21E-EAC902CCC1EF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishi:ae-50a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8AEC0B91-9928-404E-9991-6FE8560E4A94",
"versionEndIncluding": "7.93",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishi:ae-50a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3BC7EF0E-9DC4-4126-BA84-990FDE5EC5EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishi:ae-50e_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A13BC506-5437-4FB5-9FA6-666B9785D774",
"versionEndIncluding": "7.93",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishi:ae-50e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5E2F0B95-8905-4CBD-A50D-DD11C3B1639E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishi:ew-50a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7BA4C2EB-96FD-416E-BB0F-6390516904E5",
"versionEndIncluding": "7.93",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishi:ew-50a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1A55E519-0E2B-4809-9453-3D240949AF25",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishi:ew-50e_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BA6DCE61-57D2-4011-AF5B-6A5A8D180491",
"versionEndIncluding": "7.93",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishi:ew-50e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "36D3BD0B-F2C0-4DD7-9EC7-A0ADD2001833",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishi:te-200a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2454711C-B053-4071-996A-CF2F90FCC27D",
"versionEndIncluding": "7.93",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishi:te-200a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "15CCCC0A-AFBE-4C9B-A92C-8E0C5CF2A055",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishi:te-50a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E5CD0C0A-7EFE-4435-A6DE-A0AEF6F1CA09",
"versionEndIncluding": "7.93",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishi:te-50a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C556A4B8-4351-43AD-9E85-D8736D3799E7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishi:tw-50a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D9B2E089-A079-448D-A0AB-B92828747504",
"versionEndIncluding": "7.93",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishi:tw-50a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2625668C-2AB6-4610-A609-D2B299EA9B53",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishi:cms-rmd-j_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E55ABCF2-4170-40F6-8D75-C6EFA7EA4802",
"versionEndIncluding": "1.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishi:cms-rmd-j:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F93ABCC-1DD4-4202-831C-AD1E5D04FD31",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishi:pac-yg50eca_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "89CEB979-0C82-41BB-9371-F860EE9C635E",
"versionEndIncluding": "2.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishi:pac-yg50eca:-:*:*:*:*:*:*:*",
"matchCriteriaId": "32415898-51D3-4925-8AD1-84D9A3276181",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Incorrect Implementation of Authentication Algorithm in Mitsubishi Electric Air Conditioning System/Centralized Controllers (G-50A Ver.2.50 to Ver. 3.35, GB-50A Ver.2.50 to Ver. 3.35, AG-150A-A Ver.3.20 and prior, AG-150A-J Ver.3.20 and prior, GB-50ADA-A Ver.3.20 and prior, GB-50ADA-J Ver.3.20 and prior, EB-50GU-A Ver 7.09 and prior, EB-50GU-J Ver 7.09 and prior, AE-200A Ver 7.93 and prior, AE-200E Ver 7.93 and prior, AE-50A Ver 7.93 and prior, AE-50E Ver 7.93 and prior, EW-50A Ver 7.93 and prior, EW-50E Ver 7.93 and prior, TE-200A Ver 7.93 and prior, TE-50A Ver 7.93 and prior, TW-50A Ver 7.93 and prior, CMS-RMD-J Ver.1.30 and prior) and Air Conditioning System/Expansion Controllers (PAC-YG50ECA Ver.2.20 and prior) allows a remote authenticated attacker to impersonate administrators to disclose configuration information of the air conditioning system and tamper information (e.g. operation information and configuration of air conditioning system) by exploiting this vulnerability."
},
{
"lang": "es",
"value": "Una Implementaci\u00f3n Incorrecta del Algoritmo de Autenticaci\u00f3n en Mitsubishi Electric Air Conditioning System/Centralized Controllers versiones: (G-50A Versiones.2.50 hasta Versiones. 3.35, GB-50A Versiones.2.50 hasta Versiones. 3.35, AG-150A-A Ver.3.20 y anteriores, AG-150A-J Ver.3.20 y anteriores, GB-50ADA-A Versiones.3.20 y anteriores, GB-50ADA-J Versiones.3 .20 y anteriores, EB-50GU-A Versiones 7.09 y anteriores, EB-50GU-J Versiones 7.09 y anteriores, AE-200A Versiones 7.93 y anteriores, AE-200E Versiones 7.93 y anteriores, AE-50A Versiones 7.93 y anteriores, AE-50E Versiones 7.93 y anteriores, EW-50A Versiones 7.93 y anteriores, EW-50E Versiones 7.93 y anteriores, TE-200A Versiones 7.93 y anteriores, TE-50A Versiones 7.93 y anteriores, TW-50A Versiones 7.93 y anteriores, CMS-RMD-J Versiones.1 .30 y anteriores) y los Controladores del Air Conditioning System/Expansion (PAC-YG50ECA Versiones .2.20 y anteriores) permiten a un atacante remoto autenticado hacerse pasar por administrador para divulgar informaci\u00f3n de configuraci\u00f3n del sistema de aire acondicionado e informaci\u00f3n de manipulaci\u00f3n (por ejemplo, informaci\u00f3n de funcionamiento y configuraci\u00f3n del sistema de aire acondicionado) al explotar esta vulnerabilidad"
}
],
"id": "CVE-2021-20593",
"lastModified": "2024-11-21T05:46:50.477",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-07-13T14:15:08.410",
"references": [
{
"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/vu/JVNVU96046575/index.html"
},
{
"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-004_en.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/vu/JVNVU96046575/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-004_en.pdf"
}
],
"sourceIdentifier": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-06-08 15:15
Modified
2024-11-21 06:50
Severity ?
Summary
Use of a Broken or Risky Cryptographic Algorithm vulnerability in Air Conditioning System G-150AD Ver. 3.21 and prior, Air Conditioning System AG-150A-A Ver. 3.21 and prior, Air Conditioning System AG-150A-J Ver. 3.21 and prior, Air Conditioning System GB-50AD Ver. 3.21 and prior, Air Conditioning System GB-50ADA-A Ver. 3.21 and prior, Air Conditioning System GB-50ADA-J Ver. 3.21 and prior, Air Conditioning System EB-50GU-A Ver. 7.10 and prior, Air Conditioning System EB-50GU-J Ver. 7.10 and prior, Air Conditioning System AE-200J Ver. 7.97 and prior, Air Conditioning System AE-200A Ver. 7.97 and prior, Air Conditioning System AE-200E Ver. 7.97 and prior, Air Conditioning System AE-50J Ver. 7.97 and prior, Air Conditioning System AE-50A Ver. 7.97 and prior, Air Conditioning System AE-50E Ver. 7.97 and prior, Air Conditioning System EW-50J Ver. 7.97 and prior, Air Conditioning System EW-50A Ver. 7.97 and prior, Air Conditioning System EW-50E Ver. 7.97 and prior, Air Conditioning System TE-200A Ver. 7.97 and prior, Air Conditioning System TE-50A Ver. 7.97 and prior and Air Conditioning System TW-50A Ver. 7.97 and prior allows a remote unauthenticated attacker to cause a disclosure of encrypted message of the air conditioning systems by sniffing encrypted communications.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishi:ae-200a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "87DDE988-65E5-4E9B-B31B-E07423E46FBC",
"versionEndIncluding": "7.97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishi:ae-200a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "208B2720-7090-41FB-99EF-20D4BBF07685",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishi:ae-200e_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DEB9AF8C-8A6E-4D54-929F-EFE3B91F9847",
"versionEndIncluding": "7.97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishi:ae-200e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "222E1D60-FB10-477A-A21E-EAC902CCC1EF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishi:ae-200j_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "876307F0-F041-4701-9C9F-862EAECBB1E3",
"versionEndIncluding": "7.97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishi:ae-200j:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E8886362-D208-4431-B7C3-CCB3C4819EED",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishi:ae-50a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0E2B798B-960F-466C-BA50-FA5362032820",
"versionEndIncluding": "7.97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishi:ae-50a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3BC7EF0E-9DC4-4126-BA84-990FDE5EC5EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishi:ae-50e_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8DF02607-33C7-4722-B15D-D7B32CDF3644",
"versionEndIncluding": "7.97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishi:ae-50e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5E2F0B95-8905-4CBD-A50D-DD11C3B1639E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishi:ae-50j_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AA6662F5-6280-46AF-9A2C-6BE7039A54D3",
"versionEndIncluding": "7.97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishi:ae-50j:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B167F919-5471-49B0-825B-1D5242B0F0CD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishi:ag-150a-a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4049B5F1-E6E9-4486-ABC3-1494468CF4D7",
"versionEndIncluding": "3.21",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishi:ag-150a-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2E37278D-F466-4D02-A3D2-C784D579156B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishi:ag-150a-j_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A86C7B0B-E585-4CFC-BCBA-62F3ED93F7B7",
"versionEndIncluding": "3.21",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishi:ag-150a-j:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A95212E0-241E-4AD9-97A4-1F75DF382115",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishi:eb-50gu-a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F8818A82-BCD1-463D-9FE7-E2BA3079EB19",
"versionEndIncluding": "7.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishi:eb-50gu-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4BC98F5E-1FE9-4C5D-80B5-E90852A9BE0C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishi:eb-50gu-j_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "55B3897D-F378-4CCF-8310-10749F80FE53",
"versionEndIncluding": "7.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishi:eb-50gu-j:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4575CA5F-5B1F-46AF-BD08-7A6C37E7D2F9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishi:ew-50a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "16FC42A3-F3A8-416B-8332-E832776986D5",
"versionEndIncluding": "7.97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishi:ew-50a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1A55E519-0E2B-4809-9453-3D240949AF25",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishi:ew-50e_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EA0F2AA5-D52C-4EED-8030-2D23655A56E4",
"versionEndIncluding": "7.97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishi:ew-50e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "36D3BD0B-F2C0-4DD7-9EC7-A0ADD2001833",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishi:ew-50j_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E99EF75-71FA-40A2-8D03-4ABB07EFD892",
"versionEndIncluding": "7.97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishi:ew-50j:-:*:*:*:*:*:*:*",
"matchCriteriaId": "93A0F1B1-919D-4024-A0FA-D8A4B406F346",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishi:g-150ad_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6D90371C-736F-4964-980B-FC6319ECC638",
"versionEndIncluding": "3.21",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishi:g-150ad:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9E5006DE-989A-4BEC-9255-64CBBB7A7474",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishi:gb-50a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0D8CD810-00FE-4008-A8C4-66D9A89C72A5",
"versionEndIncluding": "3.21",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishi:gb-50a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CF1DA319-3B4E-4255-8B09-D4CA82F4CEDD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishi:gb-50ada-a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A0EAF2CA-C57F-4BD7-A325-EE9B4BD0889D",
"versionEndIncluding": "3.21",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishi:gb-50ada-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4F3A0876-AAC8-48B2-9081-F0989CBCF3C0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishi:gb-50ada-j_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "96770815-BB9C-439E-8E9D-373EEA423981",
"versionEndIncluding": "3.21",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishi:gb-50ada-j:-:*:*:*:*:*:*:*",
"matchCriteriaId": "006B9E46-F48B-483B-A909-35A7E5A5A76B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishi:te-200a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "515703FF-B799-4F47-A813-13CA1D02F45C",
"versionEndIncluding": "7.97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishi:te-200a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "15CCCC0A-AFBE-4C9B-A92C-8E0C5CF2A055",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishi:te-50a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "47C8DB00-1741-45AE-A411-227A60538F89",
"versionEndIncluding": "7.97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishi:te-50a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C556A4B8-4351-43AD-9E85-D8736D3799E7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishi:tw-50a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "876361EA-E1E0-42C6-8AA9-C1824909F52A",
"versionEndIncluding": "7.97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishi:tw-50a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2625668C-2AB6-4610-A609-D2B299EA9B53",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Use of a Broken or Risky Cryptographic Algorithm vulnerability in Air Conditioning System G-150AD Ver. 3.21 and prior, Air Conditioning System AG-150A-A Ver. 3.21 and prior, Air Conditioning System AG-150A-J Ver. 3.21 and prior, Air Conditioning System GB-50AD Ver. 3.21 and prior, Air Conditioning System GB-50ADA-A Ver. 3.21 and prior, Air Conditioning System GB-50ADA-J Ver. 3.21 and prior, Air Conditioning System EB-50GU-A Ver. 7.10 and prior, Air Conditioning System EB-50GU-J Ver. 7.10 and prior, Air Conditioning System AE-200J Ver. 7.97 and prior, Air Conditioning System AE-200A Ver. 7.97 and prior, Air Conditioning System AE-200E Ver. 7.97 and prior, Air Conditioning System AE-50J Ver. 7.97 and prior, Air Conditioning System AE-50A Ver. 7.97 and prior, Air Conditioning System AE-50E Ver. 7.97 and prior, Air Conditioning System EW-50J Ver. 7.97 and prior, Air Conditioning System EW-50A Ver. 7.97 and prior, Air Conditioning System EW-50E Ver. 7.97 and prior, Air Conditioning System TE-200A Ver. 7.97 and prior, Air Conditioning System TE-50A Ver. 7.97 and prior and Air Conditioning System TW-50A Ver. 7.97 and prior allows a remote unauthenticated attacker to cause a disclosure of encrypted message of the air conditioning systems by sniffing encrypted communications."
},
{
"lang": "es",
"value": "Uso de una vulnerabilidad de Algoritmo Criptogr\u00e1fico Roto o Arriesgado en el Sistema de aire Acondicionado G-150AD Versiones 3.21 y anteriores, el Sistema de aire Acondicionado AG-150A-A Versiones 3.21 y anteriores, el Sistema de aire Acondicionado AG-150A-J Versiones 3.21 y anteriores, el Sistema de aire Acondicionado GB-50AD Versiones 3.21 y anteriores, el Sistema de aire Acondicionado GB-50ADA-A Versiones 3. 21 y anteriores, Sistema de aire Acondicionado GB-50ADA-J Versiones 3.21 y anteriores, Sistema de aire Acondicionado EB-50GU-A Versiones 7.10 y anteriores, Sistema de aire Acondicionado EB-50GU-J Versiones 7.10 y anteriores, Sistema de aire Acondicionado AE-200J Versiones 7.97 y anteriores, Sistema de aire Acondicionado AE-200A Versiones 7.97 y anteriores, Sistema de aire Acondicionado AE-200E Versiones 7.97 y anteriores, Sistema de aire Acondicionado AE-50J Versiones 7.97 y anteriores, Sistema de aire Acondicionado AE-50A Versiones 7.97 y anteriores, Sistema de aire Acondicionado AE-50E Versiones 7.97 y anteriores, Sistema de aire Acondicionado EW-50J Versiones 7.97 y anteriores, Sistema de aire Acondicionado EW-50A Versiones 7.97 y anteriores, Sistema de aire Acondicionado EW-50E Versiones 7. 97 y anteriores, Sistema de aire Acondicionado TE-200A Versiones 7.97 y anteriores, Sistema de aire Acondicionado TE-50A Versiones 7.97 y anteriores y Sistema de aire Acondicionado TW-50A Versiones 7.97 y anteriores permite a un atacante remoto no autenticado causar una divulgaci\u00f3n de mensajes encriptados de los sistemas de aire acondicionado al olfatear las comunicaciones encriptadas"
}
],
"id": "CVE-2022-24296",
"lastModified": "2024-11-21T06:50:06.880",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-08T15:15:07.927",
"references": [
{
"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/vu/JVNVU95298925/index.html"
},
{
"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://www.mee.co.jp/psirt/vulnerability/pdf/2022-001.pdf"
},
{
"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-005_en.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/vu/JVNVU95298925/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.mee.co.jp/psirt/vulnerability/pdf/2022-001.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-005_en.pdf"
}
],
"sourceIdentifier": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-327"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}