Vulnerabilites related to mitsubishi - ew-50j_firmware
CVE-2022-24296 (GCVE-0-2022-24296)
Vulnerability from cvelistv5
Published
2022-06-08 14:11
Modified
2024-08-03 04:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Use of a Broken or Risky Cryptographic Algorithm
Summary
Use of a Broken or Risky Cryptographic Algorithm vulnerability in Air Conditioning System G-150AD Ver. 3.21 and prior, Air Conditioning System AG-150A-A Ver. 3.21 and prior, Air Conditioning System AG-150A-J Ver. 3.21 and prior, Air Conditioning System GB-50AD Ver. 3.21 and prior, Air Conditioning System GB-50ADA-A Ver. 3.21 and prior, Air Conditioning System GB-50ADA-J Ver. 3.21 and prior, Air Conditioning System EB-50GU-A Ver. 7.10 and prior, Air Conditioning System EB-50GU-J Ver. 7.10 and prior, Air Conditioning System AE-200J Ver. 7.97 and prior, Air Conditioning System AE-200A Ver. 7.97 and prior, Air Conditioning System AE-200E Ver. 7.97 and prior, Air Conditioning System AE-50J Ver. 7.97 and prior, Air Conditioning System AE-50A Ver. 7.97 and prior, Air Conditioning System AE-50E Ver. 7.97 and prior, Air Conditioning System EW-50J Ver. 7.97 and prior, Air Conditioning System EW-50A Ver. 7.97 and prior, Air Conditioning System EW-50E Ver. 7.97 and prior, Air Conditioning System TE-200A Ver. 7.97 and prior, Air Conditioning System TE-50A Ver. 7.97 and prior and Air Conditioning System TW-50A Ver. 7.97 and prior allows a remote unauthenticated attacker to cause a disclosure of encrypted message of the air conditioning systems by sniffing encrypted communications.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-005_en.pdf | x_refsource_MISC | |
| https://www.mee.co.jp/psirt/vulnerability/pdf/2022-001.pdf | x_refsource_MISC | |
| https://jvn.jp/vu/JVNVU95298925/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Air Conditioning System G-150AD; Air Conditioning System AG-150A-A; Air Conditioning System AG-150A-J; Air Conditioning System GB-50AD; Air Conditioning System GB-50ADA-A; Air Conditioning System GB-50ADA-J; Air Conditioning System EB-50GU-A; Air Conditioning System EB-50GU-J; Air Conditioning System AE-200J; Air Conditioning System AE-200A; Air Conditioning System AE-200E; Air Conditioning System AE-50J; Air Conditioning System AE-50A; Air Conditioning System AE-50E; Air Conditioning System EW-50J; Air Conditioning System EW-50A; Air Conditioning System EW-50E; Air Conditioning System TE-200A; Air Conditioning System TE-50A; Air Conditioning System TW-50A |
Version: Air Conditioning System G-150AD Ver. 3.21 and prior Version: Air Conditioning System AG-150A-A Ver. 3.21 and prior Version: Air Conditioning System AG-150A-J Ver. 3.21 and prior Version: Air Conditioning System GB-50AD Ver. 3.21 and prior Version: Air Conditioning System GB-50ADA-A Ver. 3.21 and prior Version: Air Conditioning System GB-50ADA-J Ver. 3.21 and prior Version: Air Conditioning System EB-50GU-A Ver. 7.10 and prior Version: Air Conditioning System EB-50GU-J Ver. 7.10 and prior Version: Air Conditioning System AE-200J Ver. 7.97 and prior Version: Air Conditioning System AE-200A Ver. 7.97 and prior Version: Air Conditioning System AE-200E Ver. 7.97 and prior Version: Air Conditioning System AE-50J Ver. 7.97 and prior Version: Air Conditioning System AE-50A Ver. 7.97 and prior Version: Air Conditioning System AE-50E Ver. 7.97 and prior Version: Air Conditioning System EW-50J Ver. 7.97 and prior Version: Air Conditioning System EW-50A Ver. 7.97 and prior Version: Air Conditioning System EW-50E Ver. 7.97 and prior Version: Air Conditioning System TE-200A Ver. 7.97 and prior Version: Air Conditioning System TE-50A Ver. 7.97 and prior Version: Air Conditioning System TW-50A Ver. 7.97 and prior |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:07:02.409Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-005_en.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mee.co.jp/psirt/vulnerability/pdf/2022-001.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/vu/JVNVU95298925/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Air Conditioning System G-150AD; Air Conditioning System AG-150A-A; Air Conditioning System AG-150A-J; Air Conditioning System GB-50AD; Air Conditioning System GB-50ADA-A; Air Conditioning System GB-50ADA-J; Air Conditioning System EB-50GU-A; Air Conditioning System EB-50GU-J; Air Conditioning System AE-200J; Air Conditioning System AE-200A; Air Conditioning System AE-200E; Air Conditioning System AE-50J; Air Conditioning System AE-50A; Air Conditioning System AE-50E; Air Conditioning System EW-50J; Air Conditioning System EW-50A; Air Conditioning System EW-50E; Air Conditioning System TE-200A; Air Conditioning System TE-50A; Air Conditioning System TW-50A",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Air Conditioning System G-150AD Ver. 3.21 and prior"
},
{
"status": "affected",
"version": "Air Conditioning System AG-150A-A Ver. 3.21 and prior"
},
{
"status": "affected",
"version": "Air Conditioning System AG-150A-J Ver. 3.21 and prior"
},
{
"status": "affected",
"version": "Air Conditioning System GB-50AD Ver. 3.21 and prior"
},
{
"status": "affected",
"version": "Air Conditioning System GB-50ADA-A Ver. 3.21 and prior"
},
{
"status": "affected",
"version": "Air Conditioning System GB-50ADA-J Ver. 3.21 and prior"
},
{
"status": "affected",
"version": "Air Conditioning System EB-50GU-A Ver. 7.10 and prior"
},
{
"status": "affected",
"version": "Air Conditioning System EB-50GU-J Ver. 7.10 and prior"
},
{
"status": "affected",
"version": "Air Conditioning System AE-200J Ver. 7.97 and prior"
},
{
"status": "affected",
"version": "Air Conditioning System AE-200A Ver. 7.97 and prior"
},
{
"status": "affected",
"version": "Air Conditioning System AE-200E Ver. 7.97 and prior"
},
{
"status": "affected",
"version": "Air Conditioning System AE-50J Ver. 7.97 and prior"
},
{
"status": "affected",
"version": "Air Conditioning System AE-50A Ver. 7.97 and prior"
},
{
"status": "affected",
"version": "Air Conditioning System AE-50E Ver. 7.97 and prior"
},
{
"status": "affected",
"version": "Air Conditioning System EW-50J Ver. 7.97 and prior"
},
{
"status": "affected",
"version": "Air Conditioning System EW-50A Ver. 7.97 and prior"
},
{
"status": "affected",
"version": "Air Conditioning System EW-50E Ver. 7.97 and prior"
},
{
"status": "affected",
"version": "Air Conditioning System TE-200A Ver. 7.97 and prior"
},
{
"status": "affected",
"version": "Air Conditioning System TE-50A Ver. 7.97 and prior"
},
{
"status": "affected",
"version": "Air Conditioning System TW-50A Ver. 7.97 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use of a Broken or Risky Cryptographic Algorithm vulnerability in Air Conditioning System G-150AD Ver. 3.21 and prior, Air Conditioning System AG-150A-A Ver. 3.21 and prior, Air Conditioning System AG-150A-J Ver. 3.21 and prior, Air Conditioning System GB-50AD Ver. 3.21 and prior, Air Conditioning System GB-50ADA-A Ver. 3.21 and prior, Air Conditioning System GB-50ADA-J Ver. 3.21 and prior, Air Conditioning System EB-50GU-A Ver. 7.10 and prior, Air Conditioning System EB-50GU-J Ver. 7.10 and prior, Air Conditioning System AE-200J Ver. 7.97 and prior, Air Conditioning System AE-200A Ver. 7.97 and prior, Air Conditioning System AE-200E Ver. 7.97 and prior, Air Conditioning System AE-50J Ver. 7.97 and prior, Air Conditioning System AE-50A Ver. 7.97 and prior, Air Conditioning System AE-50E Ver. 7.97 and prior, Air Conditioning System EW-50J Ver. 7.97 and prior, Air Conditioning System EW-50A Ver. 7.97 and prior, Air Conditioning System EW-50E Ver. 7.97 and prior, Air Conditioning System TE-200A Ver. 7.97 and prior, Air Conditioning System TE-50A Ver. 7.97 and prior and Air Conditioning System TW-50A Ver. 7.97 and prior allows a remote unauthenticated attacker to cause a disclosure of encrypted message of the air conditioning systems by sniffing encrypted communications."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use of a Broken or Risky Cryptographic Algorithm",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-08T14:11:50",
"orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
"shortName": "Mitsubishi"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-005_en.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mee.co.jp/psirt/vulnerability/pdf/2022-001.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/vu/JVNVU95298925/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"ID": "CVE-2022-24296",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Air Conditioning System G-150AD; Air Conditioning System AG-150A-A; Air Conditioning System AG-150A-J; Air Conditioning System GB-50AD; Air Conditioning System GB-50ADA-A; Air Conditioning System GB-50ADA-J; Air Conditioning System EB-50GU-A; Air Conditioning System EB-50GU-J; Air Conditioning System AE-200J; Air Conditioning System AE-200A; Air Conditioning System AE-200E; Air Conditioning System AE-50J; Air Conditioning System AE-50A; Air Conditioning System AE-50E; Air Conditioning System EW-50J; Air Conditioning System EW-50A; Air Conditioning System EW-50E; Air Conditioning System TE-200A; Air Conditioning System TE-50A; Air Conditioning System TW-50A",
"version": {
"version_data": [
{
"version_value": "Air Conditioning System G-150AD Ver. 3.21 and prior"
},
{
"version_value": "Air Conditioning System AG-150A-A Ver. 3.21 and prior"
},
{
"version_value": "Air Conditioning System AG-150A-J Ver. 3.21 and prior"
},
{
"version_value": "Air Conditioning System GB-50AD Ver. 3.21 and prior"
},
{
"version_value": "Air Conditioning System GB-50ADA-A Ver. 3.21 and prior"
},
{
"version_value": "Air Conditioning System GB-50ADA-J Ver. 3.21 and prior"
},
{
"version_value": "Air Conditioning System EB-50GU-A Ver. 7.10 and prior"
},
{
"version_value": "Air Conditioning System EB-50GU-J Ver. 7.10 and prior"
},
{
"version_value": "Air Conditioning System AE-200J Ver. 7.97 and prior"
},
{
"version_value": "Air Conditioning System AE-200A Ver. 7.97 and prior"
},
{
"version_value": "Air Conditioning System AE-200E Ver. 7.97 and prior"
},
{
"version_value": "Air Conditioning System AE-50J Ver. 7.97 and prior"
},
{
"version_value": "Air Conditioning System AE-50A Ver. 7.97 and prior"
},
{
"version_value": "Air Conditioning System AE-50E Ver. 7.97 and prior"
},
{
"version_value": "Air Conditioning System EW-50J Ver. 7.97 and prior"
},
{
"version_value": "Air Conditioning System EW-50A Ver. 7.97 and prior"
},
{
"version_value": "Air Conditioning System EW-50E Ver. 7.97 and prior"
},
{
"version_value": "Air Conditioning System TE-200A Ver. 7.97 and prior"
},
{
"version_value": "Air Conditioning System TE-50A Ver. 7.97 and prior"
},
{
"version_value": "Air Conditioning System TW-50A Ver. 7.97 and prior"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use of a Broken or Risky Cryptographic Algorithm vulnerability in Air Conditioning System G-150AD Ver. 3.21 and prior, Air Conditioning System AG-150A-A Ver. 3.21 and prior, Air Conditioning System AG-150A-J Ver. 3.21 and prior, Air Conditioning System GB-50AD Ver. 3.21 and prior, Air Conditioning System GB-50ADA-A Ver. 3.21 and prior, Air Conditioning System GB-50ADA-J Ver. 3.21 and prior, Air Conditioning System EB-50GU-A Ver. 7.10 and prior, Air Conditioning System EB-50GU-J Ver. 7.10 and prior, Air Conditioning System AE-200J Ver. 7.97 and prior, Air Conditioning System AE-200A Ver. 7.97 and prior, Air Conditioning System AE-200E Ver. 7.97 and prior, Air Conditioning System AE-50J Ver. 7.97 and prior, Air Conditioning System AE-50A Ver. 7.97 and prior, Air Conditioning System AE-50E Ver. 7.97 and prior, Air Conditioning System EW-50J Ver. 7.97 and prior, Air Conditioning System EW-50A Ver. 7.97 and prior, Air Conditioning System EW-50E Ver. 7.97 and prior, Air Conditioning System TE-200A Ver. 7.97 and prior, Air Conditioning System TE-50A Ver. 7.97 and prior and Air Conditioning System TW-50A Ver. 7.97 and prior allows a remote unauthenticated attacker to cause a disclosure of encrypted message of the air conditioning systems by sniffing encrypted communications."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use of a Broken or Risky Cryptographic Algorithm"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-005_en.pdf",
"refsource": "MISC",
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-005_en.pdf"
},
{
"name": "https://www.mee.co.jp/psirt/vulnerability/pdf/2022-001.pdf",
"refsource": "MISC",
"url": "https://www.mee.co.jp/psirt/vulnerability/pdf/2022-001.pdf"
},
{
"name": "https://jvn.jp/vu/JVNVU95298925/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/vu/JVNVU95298925/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
"assignerShortName": "Mitsubishi",
"cveId": "CVE-2022-24296",
"datePublished": "2022-06-08T14:11:50",
"dateReserved": "2022-02-01T00:00:00",
"dateUpdated": "2024-08-03T04:07:02.409Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2022-06-08 15:15
Modified
2024-11-21 06:50
Severity ?
Summary
Use of a Broken or Risky Cryptographic Algorithm vulnerability in Air Conditioning System G-150AD Ver. 3.21 and prior, Air Conditioning System AG-150A-A Ver. 3.21 and prior, Air Conditioning System AG-150A-J Ver. 3.21 and prior, Air Conditioning System GB-50AD Ver. 3.21 and prior, Air Conditioning System GB-50ADA-A Ver. 3.21 and prior, Air Conditioning System GB-50ADA-J Ver. 3.21 and prior, Air Conditioning System EB-50GU-A Ver. 7.10 and prior, Air Conditioning System EB-50GU-J Ver. 7.10 and prior, Air Conditioning System AE-200J Ver. 7.97 and prior, Air Conditioning System AE-200A Ver. 7.97 and prior, Air Conditioning System AE-200E Ver. 7.97 and prior, Air Conditioning System AE-50J Ver. 7.97 and prior, Air Conditioning System AE-50A Ver. 7.97 and prior, Air Conditioning System AE-50E Ver. 7.97 and prior, Air Conditioning System EW-50J Ver. 7.97 and prior, Air Conditioning System EW-50A Ver. 7.97 and prior, Air Conditioning System EW-50E Ver. 7.97 and prior, Air Conditioning System TE-200A Ver. 7.97 and prior, Air Conditioning System TE-50A Ver. 7.97 and prior and Air Conditioning System TW-50A Ver. 7.97 and prior allows a remote unauthenticated attacker to cause a disclosure of encrypted message of the air conditioning systems by sniffing encrypted communications.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishi:ae-200a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "87DDE988-65E5-4E9B-B31B-E07423E46FBC",
"versionEndIncluding": "7.97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishi:ae-200a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "208B2720-7090-41FB-99EF-20D4BBF07685",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishi:ae-200e_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DEB9AF8C-8A6E-4D54-929F-EFE3B91F9847",
"versionEndIncluding": "7.97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishi:ae-200e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "222E1D60-FB10-477A-A21E-EAC902CCC1EF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishi:ae-200j_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "876307F0-F041-4701-9C9F-862EAECBB1E3",
"versionEndIncluding": "7.97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishi:ae-200j:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E8886362-D208-4431-B7C3-CCB3C4819EED",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishi:ae-50a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0E2B798B-960F-466C-BA50-FA5362032820",
"versionEndIncluding": "7.97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishi:ae-50a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3BC7EF0E-9DC4-4126-BA84-990FDE5EC5EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishi:ae-50e_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8DF02607-33C7-4722-B15D-D7B32CDF3644",
"versionEndIncluding": "7.97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishi:ae-50e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5E2F0B95-8905-4CBD-A50D-DD11C3B1639E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishi:ae-50j_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AA6662F5-6280-46AF-9A2C-6BE7039A54D3",
"versionEndIncluding": "7.97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishi:ae-50j:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B167F919-5471-49B0-825B-1D5242B0F0CD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishi:ag-150a-a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4049B5F1-E6E9-4486-ABC3-1494468CF4D7",
"versionEndIncluding": "3.21",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishi:ag-150a-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2E37278D-F466-4D02-A3D2-C784D579156B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishi:ag-150a-j_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A86C7B0B-E585-4CFC-BCBA-62F3ED93F7B7",
"versionEndIncluding": "3.21",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishi:ag-150a-j:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A95212E0-241E-4AD9-97A4-1F75DF382115",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishi:eb-50gu-a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F8818A82-BCD1-463D-9FE7-E2BA3079EB19",
"versionEndIncluding": "7.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishi:eb-50gu-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4BC98F5E-1FE9-4C5D-80B5-E90852A9BE0C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishi:eb-50gu-j_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "55B3897D-F378-4CCF-8310-10749F80FE53",
"versionEndIncluding": "7.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishi:eb-50gu-j:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4575CA5F-5B1F-46AF-BD08-7A6C37E7D2F9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishi:ew-50a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "16FC42A3-F3A8-416B-8332-E832776986D5",
"versionEndIncluding": "7.97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishi:ew-50a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1A55E519-0E2B-4809-9453-3D240949AF25",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishi:ew-50e_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EA0F2AA5-D52C-4EED-8030-2D23655A56E4",
"versionEndIncluding": "7.97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishi:ew-50e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "36D3BD0B-F2C0-4DD7-9EC7-A0ADD2001833",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishi:ew-50j_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E99EF75-71FA-40A2-8D03-4ABB07EFD892",
"versionEndIncluding": "7.97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishi:ew-50j:-:*:*:*:*:*:*:*",
"matchCriteriaId": "93A0F1B1-919D-4024-A0FA-D8A4B406F346",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishi:g-150ad_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6D90371C-736F-4964-980B-FC6319ECC638",
"versionEndIncluding": "3.21",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishi:g-150ad:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9E5006DE-989A-4BEC-9255-64CBBB7A7474",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishi:gb-50a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0D8CD810-00FE-4008-A8C4-66D9A89C72A5",
"versionEndIncluding": "3.21",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishi:gb-50a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CF1DA319-3B4E-4255-8B09-D4CA82F4CEDD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishi:gb-50ada-a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A0EAF2CA-C57F-4BD7-A325-EE9B4BD0889D",
"versionEndIncluding": "3.21",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishi:gb-50ada-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4F3A0876-AAC8-48B2-9081-F0989CBCF3C0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishi:gb-50ada-j_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "96770815-BB9C-439E-8E9D-373EEA423981",
"versionEndIncluding": "3.21",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishi:gb-50ada-j:-:*:*:*:*:*:*:*",
"matchCriteriaId": "006B9E46-F48B-483B-A909-35A7E5A5A76B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishi:te-200a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "515703FF-B799-4F47-A813-13CA1D02F45C",
"versionEndIncluding": "7.97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishi:te-200a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "15CCCC0A-AFBE-4C9B-A92C-8E0C5CF2A055",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishi:te-50a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "47C8DB00-1741-45AE-A411-227A60538F89",
"versionEndIncluding": "7.97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishi:te-50a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C556A4B8-4351-43AD-9E85-D8736D3799E7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishi:tw-50a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "876361EA-E1E0-42C6-8AA9-C1824909F52A",
"versionEndIncluding": "7.97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishi:tw-50a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2625668C-2AB6-4610-A609-D2B299EA9B53",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Use of a Broken or Risky Cryptographic Algorithm vulnerability in Air Conditioning System G-150AD Ver. 3.21 and prior, Air Conditioning System AG-150A-A Ver. 3.21 and prior, Air Conditioning System AG-150A-J Ver. 3.21 and prior, Air Conditioning System GB-50AD Ver. 3.21 and prior, Air Conditioning System GB-50ADA-A Ver. 3.21 and prior, Air Conditioning System GB-50ADA-J Ver. 3.21 and prior, Air Conditioning System EB-50GU-A Ver. 7.10 and prior, Air Conditioning System EB-50GU-J Ver. 7.10 and prior, Air Conditioning System AE-200J Ver. 7.97 and prior, Air Conditioning System AE-200A Ver. 7.97 and prior, Air Conditioning System AE-200E Ver. 7.97 and prior, Air Conditioning System AE-50J Ver. 7.97 and prior, Air Conditioning System AE-50A Ver. 7.97 and prior, Air Conditioning System AE-50E Ver. 7.97 and prior, Air Conditioning System EW-50J Ver. 7.97 and prior, Air Conditioning System EW-50A Ver. 7.97 and prior, Air Conditioning System EW-50E Ver. 7.97 and prior, Air Conditioning System TE-200A Ver. 7.97 and prior, Air Conditioning System TE-50A Ver. 7.97 and prior and Air Conditioning System TW-50A Ver. 7.97 and prior allows a remote unauthenticated attacker to cause a disclosure of encrypted message of the air conditioning systems by sniffing encrypted communications."
},
{
"lang": "es",
"value": "Uso de una vulnerabilidad de Algoritmo Criptogr\u00e1fico Roto o Arriesgado en el Sistema de aire Acondicionado G-150AD Versiones 3.21 y anteriores, el Sistema de aire Acondicionado AG-150A-A Versiones 3.21 y anteriores, el Sistema de aire Acondicionado AG-150A-J Versiones 3.21 y anteriores, el Sistema de aire Acondicionado GB-50AD Versiones 3.21 y anteriores, el Sistema de aire Acondicionado GB-50ADA-A Versiones 3. 21 y anteriores, Sistema de aire Acondicionado GB-50ADA-J Versiones 3.21 y anteriores, Sistema de aire Acondicionado EB-50GU-A Versiones 7.10 y anteriores, Sistema de aire Acondicionado EB-50GU-J Versiones 7.10 y anteriores, Sistema de aire Acondicionado AE-200J Versiones 7.97 y anteriores, Sistema de aire Acondicionado AE-200A Versiones 7.97 y anteriores, Sistema de aire Acondicionado AE-200E Versiones 7.97 y anteriores, Sistema de aire Acondicionado AE-50J Versiones 7.97 y anteriores, Sistema de aire Acondicionado AE-50A Versiones 7.97 y anteriores, Sistema de aire Acondicionado AE-50E Versiones 7.97 y anteriores, Sistema de aire Acondicionado EW-50J Versiones 7.97 y anteriores, Sistema de aire Acondicionado EW-50A Versiones 7.97 y anteriores, Sistema de aire Acondicionado EW-50E Versiones 7. 97 y anteriores, Sistema de aire Acondicionado TE-200A Versiones 7.97 y anteriores, Sistema de aire Acondicionado TE-50A Versiones 7.97 y anteriores y Sistema de aire Acondicionado TW-50A Versiones 7.97 y anteriores permite a un atacante remoto no autenticado causar una divulgaci\u00f3n de mensajes encriptados de los sistemas de aire acondicionado al olfatear las comunicaciones encriptadas"
}
],
"id": "CVE-2022-24296",
"lastModified": "2024-11-21T06:50:06.880",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-08T15:15:07.927",
"references": [
{
"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/vu/JVNVU95298925/index.html"
},
{
"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://www.mee.co.jp/psirt/vulnerability/pdf/2022-001.pdf"
},
{
"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-005_en.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/vu/JVNVU95298925/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.mee.co.jp/psirt/vulnerability/pdf/2022-001.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-005_en.pdf"
}
],
"sourceIdentifier": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-327"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}