{"containers": {"cna": {"affected": [{"product": "Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU; Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU; Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU; Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU; Mitsubishi Electric MELSEC iQ-R series RJ71GN11-T2; Mitsubishi Electric MELSEC iQ-R series RJ71GN11-EIP; Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4); Mitsubishi Electric MELSEC iQ-R series RJ71EN71; Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2; Mitsubishi Electric MELSEC Q series Q03UDECPU; Mitsubishi Electric MELSEC Q series Q04/06/10/13/20/26/50/100UDEHCPU; Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU; Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU; Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4); Mitsubishi Electric MELSEC Q series QJ71E71-100; Mitsubishi Electric MELSEC Q series QJ72BR15; Mitsubishi Electric MELSEC Q series QJ72LP25(-25/G/GE); Mitsubishi Electric MELSEC L series L02/06/26CPU(-P); Mitsubishi Electric MELSEC L series L26CPU-(P)BT; Mitsubishi Electric MELSEC L series LJ71C24(-R2); Mitsubishi Electric MELSEC L series LJ71E71-100; Mitsubishi Electric MELSEC L series LJ72GF15-T2", "vendor": "n/a", "versions": [{"status": "affected", "version": "Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions"}, {"status": "affected", "version": "Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions"}, {"status": "affected", "version": "Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions"}, {"status": "affected", "version": "Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU all versions"}, {"status": "affected", "version": "Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU all versions"}, {"status": "affected", "version": "Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU all versions"}, {"status": "affected", "version": "Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU all versions"}, {"status": "affected", "version": "Mitsubishi Electric MELSEC iQ-R series RJ71GN11-T2 all versions"}, {"status": "affected", "version": "Mitsubishi Electric MELSEC iQ-R series RJ71GN11-EIP all versions"}, {"status": "affected", "version": "Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4) all versions"}, {"status": "affected", "version": "Mitsubishi Electric MELSEC iQ-R series RJ71EN71 all versions"}, {"status": "affected", "version": "Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2 all versions"}, {"status": "affected", "version": "Mitsubishi Electric MELSEC Q series Q03UDECPU all versions"}, {"status": "affected", "version": "Mitsubishi Electric MELSEC Q series Q04/06/10/13/20/26/50/100UDEHCPU all versions"}, {"status": "affected", "version": "Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU all versions"}, {"status": "affected", "version": "Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU all versions"}, {"status": "affected", "version": "Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4) all versions"}, {"status": "affected", "version": "Mitsubishi Electric MELSEC Q series QJ71E71-100 all versions"}, {"status": "affected", "version": "Mitsubishi Electric MELSEC Q series QJ72BR15 all versions"}, {"status": "affected", "version": "Mitsubishi Electric MELSEC Q series QJ72LP25(-25/G/GE) all versions"}, {"status": "affected", "version": "Mitsubishi Electric MELSEC L series L02/06/26CPU(-P) all versions"}, {"status": "affected", "version": "Mitsubishi Electric MELSEC L series L26CPU-(P)BT all versions"}, {"status": "affected", "version": "Mitsubishi Electric MELSEC L series LJ71C24(-R2) all versions"}, {"status": "affected", "version": "Mitsubishi Electric MELSEC L series LJ71E71-100 all versions"}, {"status": "affected", "version": "Mitsubishi Electric MELSEC L series LJ72GF15-T2 all versions"}]}], "descriptions": [{"lang": "en", "value": "Use of Password Hash Instead of Password for Authentication vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions, Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU all versions, Mitsubishi Electric MELSEC iQ-R series RJ71GN11-T2 all versions, Mitsubishi Electric MELSEC iQ-R series RJ71GN11-EIP all versions, Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4) all versions, Mitsubishi Electric MELSEC iQ-R series RJ71EN71 all versions, Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2 all versions, Mitsubishi Electric MELSEC Q series Q03UDECPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/10/13/20/26/50/100UDEHCPU all versions, Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU all versions, Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4) all versions, Mitsubishi Electric MELSEC Q series QJ71E71-100 all versions, Mitsubishi Electric MELSEC Q series QJ72BR15 all versions, Mitsubishi Electric MELSEC Q series QJ72LP25(-25/G/GE) all versions, Mitsubishi Electric MELSEC L series L02/06/26CPU(-P) all versions, Mitsubishi Electric MELSEC L series L26CPU-(P)BT all versions, Mitsubishi Electric MELSEC L series LJ71C24(-R2) all versions, Mitsubishi Electric MELSEC L series LJ71E71-100 all versions and Mitsubishi Electric MELSEC L series LJ72GF15-T2 all versions allows a remote unauthenticated attacker to login to the product by replaying an eavesdropped password hash."}], "problemTypes": [{"descriptions": [{"description": "Use of Password Hash Instead of Password for Authentication", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-06-02T16:29:04.000Z", "orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad", "shortName": "Mitsubishi"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-031_en.pdf"}, {"tags": ["x_refsource_MISC"], "url": "https://jvn.jp/vu/JVNVU96577897/index.html"}, {"tags": ["x_refsource_MISC"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-04"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", "ID": "CVE-2022-25155", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU; Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU; Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU; Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU; Mitsubishi Electric MELSEC iQ-R series RJ71GN11-T2; Mitsubishi Electric MELSEC iQ-R series RJ71GN11-EIP; Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4); Mitsubishi Electric MELSEC iQ-R series RJ71EN71; Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2; Mitsubishi Electric MELSEC Q series Q03UDECPU; Mitsubishi Electric MELSEC Q series Q04/06/10/13/20/26/50/100UDEHCPU; Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU; Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU; Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4); Mitsubishi Electric MELSEC Q series QJ71E71-100; Mitsubishi Electric MELSEC Q series QJ72BR15; Mitsubishi Electric MELSEC Q series QJ72LP25(-25/G/GE); Mitsubishi Electric MELSEC L series L02/06/26CPU(-P); Mitsubishi Electric MELSEC L series L26CPU-(P)BT; Mitsubishi Electric MELSEC L series LJ71C24(-R2); Mitsubishi Electric MELSEC L series LJ71E71-100; Mitsubishi Electric MELSEC L series LJ72GF15-T2", "version": {"version_data": [{"version_value": "Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions"}, {"version_value": "Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions"}, {"version_value": "Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions"}, {"version_value": "Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU all versions"}, {"version_value": "Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU all versions"}, {"version_value": "Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU all versions"}, {"version_value": "Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU all versions"}, {"version_value": "Mitsubishi Electric MELSEC iQ-R series RJ71GN11-T2 all versions"}, {"version_value": "Mitsubishi Electric MELSEC iQ-R series RJ71GN11-EIP all versions"}, {"version_value": "Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4) all versions"}, {"version_value": "Mitsubishi Electric MELSEC iQ-R series RJ71EN71 all versions"}, {"version_value": "Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2 all versions"}, {"version_value": "Mitsubishi Electric MELSEC Q series Q03UDECPU all versions"}, {"version_value": "Mitsubishi Electric MELSEC Q series Q04/06/10/13/20/26/50/100UDEHCPU all versions"}, {"version_value": "Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU all versions"}, {"version_value": "Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU all versions"}, {"version_value": "Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4) all versions"}, {"version_value": "Mitsubishi Electric MELSEC Q series QJ71E71-100 all versions"}, {"version_value": "Mitsubishi Electric MELSEC Q series QJ72BR15 all versions"}, {"version_value": "Mitsubishi Electric MELSEC Q series QJ72LP25(-25/G/GE) all versions"}, {"version_value": "Mitsubishi Electric MELSEC L series L02/06/26CPU(-P) all versions"}, {"version_value": "Mitsubishi Electric MELSEC L series L26CPU-(P)BT all versions"}, {"version_value": "Mitsubishi Electric MELSEC L series LJ71C24(-R2) all versions"}, {"version_value": "Mitsubishi Electric MELSEC L series LJ71E71-100 all versions"}, {"version_value": "Mitsubishi Electric MELSEC L series LJ72GF15-T2 all versions"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Use of Password Hash Instead of Password for Authentication vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions, Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU all versions, Mitsubishi Electric MELSEC iQ-R series RJ71GN11-T2 all versions, Mitsubishi Electric MELSEC iQ-R series RJ71GN11-EIP all versions, Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4) all versions, Mitsubishi Electric MELSEC iQ-R series RJ71EN71 all versions, Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2 all versions, Mitsubishi Electric MELSEC Q series Q03UDECPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/10/13/20/26/50/100UDEHCPU all versions, Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU all versions, Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4) all versions, Mitsubishi Electric MELSEC Q series QJ71E71-100 all versions, Mitsubishi Electric MELSEC Q series QJ72BR15 all versions, Mitsubishi Electric MELSEC Q series QJ72LP25(-25/G/GE) all versions, Mitsubishi Electric MELSEC L series L02/06/26CPU(-P) all versions, Mitsubishi Electric MELSEC L series L26CPU-(P)BT all versions, Mitsubishi Electric MELSEC L series LJ71C24(-R2) all versions, Mitsubishi Electric MELSEC L series LJ71E71-100 all versions and Mitsubishi Electric MELSEC L series LJ72GF15-T2 all versions allows a remote unauthenticated attacker to login to the product by replaying an eavesdropped password hash."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Use of Password Hash Instead of Password for Authentication"}]}]}, "references": {"reference_data": [{"name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-031_en.pdf", "refsource": "MISC", "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-031_en.pdf"}, {"name": "https://jvn.jp/vu/JVNVU96577897/index.html", "refsource": "MISC", "url": "https://jvn.jp/vu/JVNVU96577897/index.html"}, {"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-04", "refsource": "MISC", "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-04"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T04:29:01.619Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-031_en.pdf"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://jvn.jp/vu/JVNVU96577897/index.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-04"}]}]}, "cveMetadata": {"assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad", "assignerShortName": "Mitsubishi", "cveId": "CVE-2022-25155", "datePublished": "2022-04-01T22:17:58.000Z", "dateReserved": "2022-02-14T00:00:00.000Z", "dateUpdated": "2024-08-03T04:29:01.619Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mitsubishielectric:fx5uc_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "66B8BB34-6DC1-459A-9C82-C54CC44F9D03", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mitsubishielectric:fx5uc:-:*:*:*:*:*:*:*", "matchCriteriaId": "58019A30-5F53-4E6A-AADA-A002C8B73C24", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mitsubishielectric:fx5uc-32mr\\/ds-ts_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "E10C7797-2505-4B69-94E9-78F931A72D0B", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mitsubishielectric:fx5uc-32mr\\/ds-ts:-:*:*:*:*:*:*:*", "matchCriteriaId": "6319D639-CC7B-414E-9DCB-F9D427E8FEF2", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mitsubishielectric:fx5uc-32mt\\/d_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "9E2293F8-1A3F-4880-BCF5-B3A7DFF01F35", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mitsubishielectric:fx5uc-32mt\\/d:-:*:*:*:*:*:*:*", "matchCriteriaId": "EBBFA917-5DCF-4B0C-8C32-AC384FB880AC", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mitsubishielectric:fx5uc-32mt\\/dss_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "C554660B-CDC7-4DAA-8741-CFC546A6D678", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mitsubishielectric:fx5uc-32mt\\/dss:-:*:*:*:*:*:*:*", "matchCriteriaId": "2CFE160B-32CC-4529-AD35-7467A32B609E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mitsubishielectric:fx5uj-24mr\\/es_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "5192EC31-9128-4DCB-ABEA-2EDE141B251C", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mitsubishielectric:fx5uj-24mr\\/es:-:*:*:*:*:*:*:*", "matchCriteriaId": "3F4BA009-4F0A-427C-9D4A-F8A128F5F8C9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mitsubishielectric:fx5uj-24mt\\/es_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "0C1BD07A-538D-44BC-A50E-0CD12303EE6E", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mitsubishielectric:fx5uj-24mt\\/es:-:*:*:*:*:*:*:*", "matchCriteriaId": "2B284B91-7571-4614-A721-676D1972E2D0", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mitsubishielectric:fx5uj-24mt\\/ess_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "EFC5E3AC-5403-46FE-8E8D-B2970BC18192", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mitsubishielectric:fx5uj-24mt\\/ess:-:*:*:*:*:*:*:*", "matchCriteriaId": "7D8A69D9-DE42-4953-AD81-40EF7A003823", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mitsubishielectric:fx5uj-40mr\\/es_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "E437415B-3072-438C-8054-FB4C8AD780D4", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mitsubishielectric:fx5uj-40mr\\/es:-:*:*:*:*:*:*:*", "matchCriteriaId": "3B0AA6C3-68CC-454B-A959-707BB20F4E07", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mitsubishielectric:fx5uj-40mt\\/es_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "63BA3EA7-C2A4-4A58-914C-63DDB958548B", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mitsubishielectric:fx5uj-40mt\\/es:-:*:*:*:*:*:*:*", "matchCriteriaId": "8ED5C2F9-C203-40FD-B15C-F91A68FA0DCC", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mitsubishielectric:fx5uj-40mt\\/ess_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "DE6A1EF8-C44A-466A-BDD2-BED016A9BED2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mitsubishielectric:fx5uj-40mt\\/ess:-:*:*:*:*:*:*:*", "matchCriteriaId": "1A38E527-6290-49AE-885A-21C4FC77EE96", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mitsubishielectric:fx5uj-60mr\\/es_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "B59ED412-6D2A-4B07-B665-6B8EB9FFF173", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mitsubishielectric:fx5uj-60mr\\/es:-:*:*:*:*:*:*:*", "matchCriteriaId": "8CAF8ED8-B265-4FC5-91AE-CFA4C282E27F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mitsubishielectric:fx5uj-60mt\\/es_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "EF1D2D59-F506-45D4-BD4A-D69CFDDCD50F", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mitsubishielectric:fx5uj-60mt\\/es:-:*:*:*:*:*:*:*", "matchCriteriaId": "8F5B2760-4E56-4FAA-A723-BB7CC28FAFD2", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mitsubishielectric:fx5uj-60mt\\/ess_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "1AADFEEA-40C3-4F4B-ADFD-4B58DF06E6A3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mitsubishielectric:fx5uj-60mt\\/ess:-:*:*:*:*:*:*:*", "matchCriteriaId": "7625B11E-0A91-46D2-8952-AC0BA956D7A8", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mitsubishielectric:fx5uc-32mt\\/dss-ts_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "62AF044F-84FF-4EEB-A0ED-755B94BE8A3B", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mitsubishielectric:fx5uc-32mt\\/dss-ts:-:*:*:*:*:*:*:*", "matchCriteriaId": "2122A970-5A7D-40A6-BB97-622B695713ED", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mitsubishielectric:fx5uc-32mt\\/ds-ts_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "D9666151-FC68-471D-960F-9A85B2AE513B", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mitsubishielectric:fx5uc-32mt\\/ds-ts:-:*:*:*:*:*:*:*", "matchCriteriaId": "C4B64FFA-59CE-46E9-B240-F083B332BFD1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mitsubishielectric:fx5uj_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "2526AE1D-EE80-4828-AD4B-DD1E985F238B", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mitsubishielectric:fx5uj:-:*:*:*:*:*:*:*", "matchCriteriaId": "71622C45-9436-4AC0-8DFC-C05E4F92EA61", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Use of Password Hash Instead of Password for Authentication vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions, Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU all versions, Mitsubishi Electric MELSEC iQ-R series RJ71GN11-T2 all versions, Mitsubishi Electric MELSEC iQ-R series RJ71GN11-EIP all versions, Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4) all versions, Mitsubishi Electric MELSEC iQ-R series RJ71EN71 all versions, Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2 all versions, Mitsubishi Electric MELSEC Q series Q03UDECPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/10/13/20/26/50/100UDEHCPU all versions, Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU all versions, Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4) all versions, Mitsubishi Electric MELSEC Q series QJ71E71-100 all versions, Mitsubishi Electric MELSEC Q series QJ72BR15 all versions, Mitsubishi Electric MELSEC Q series QJ72LP25(-25/G/GE) all versions, Mitsubishi Electric MELSEC L series L02/06/26CPU(-P) all versions, Mitsubishi Electric MELSEC L series L26CPU-(P)BT all versions, Mitsubishi Electric MELSEC L series LJ71C24(-R2) all versions, Mitsubishi Electric MELSEC L series LJ71E71-100 all versions and Mitsubishi Electric MELSEC L series LJ72GF15-T2 all versions allows a remote unauthenticated attacker to login to the product by replaying an eavesdropped password hash."}, {"lang": "es", "value": "Vulnerabilidad en el uso del hash de la contrase\u00f1a en lugar de la contrase\u00f1a para la autenticaci\u00f3n en Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU todas las versiones, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU todas las versiones, Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU todas las versiones, Mitsubishi Electric MELSEC iQ-R serie R04/08/16/32/120(ES)CPU todas las versiones, Mitsubishi Electric MELSEC iQ-R serie R08/16/32/120SFCPU todas las versiones, Mitsubishi Electric MELSEC iQ-R serie R08/16/32/120PCPU todas las versiones, Mitsubishi Electric MELSEC iQ-R serie R08/16/32/120PSFCPU todas las versiones, Mitsubishi Electric MELSEC iQ-R serie RJ71GN11-T2 todas las versiones, Mitsubishi Electric MELSEC iQ-R serie RJ71GN11-EIP todas las versiones, Mitsubishi Electric MELSEC iQ-R serie RJ71C24(-R2/R4) todas las versiones, Mitsubishi Electric MELSEC iQ-R serie RJ71EN71 todas las versiones, Mitsubishi Electric MELSEC iQ-R serie RJ72GF15-T2 todas las versiones, Mitsubishi Electric MELSEC Q serie Q03UDECPU todas las versiones, Mitsubishi Electric MELSEC Q serie Q04/06/10/13/20/26/50/100UDEHCPU todas las versiones, Mitsubishi Electric MELSEC Q serie Q03/04/06/13/26UDVCPU todas las versiones, Mitsubishi Electric MELSEC Q serie Q04/06/13/26UDPVCPU todas las versiones, Mitsubishi Electric MELSEC Q serie QJ71C24N(-R2/R4) todas las versiones, Mitsubishi Electric MELSEC Q serie QJ71E71-100 todas las versiones, Mitsubishi Electric MELSEC Q serie QJ72BR15 todas las versiones, Mitsubishi Electric MELSEC Q serie QJ72LP25(-25/G/GE) todas las versiones, Mitsubishi Electric MELSEC serie L L02/06/26CPU(-P) todas las versiones, Mitsubishi Electric MELSEC serie L L26CPU-(P)BT todas las versiones, Mitsubishi Electric MELSEC serie L LJ71C24(-R2) todas las versiones, Mitsubishi Electric MELSEC serie L LJ71E71-100 todas las versiones y Mitsubishi Electric MELSEC serie L LJ72GF15-T2 todas las versiones permiten que un atacante remoto no autenticado inicie sesi\u00f3n en el producto reproduciendo un hash de contrase\u00f1a interceptado"}], "id": "CVE-2022-25155", "lastModified": "2024-11-21T06:51:42.563", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-04-01T23:15:14.060", "references": [{"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", "tags": ["Third Party Advisory"], "url": "https://jvn.jp/vu/JVNVU96577897/index.html"}, {"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-04"}, {"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", "tags": ["Vendor Advisory"], "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-031_en.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://jvn.jp/vu/JVNVU96577897/index.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-04"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-031_en.pdf"}], "sourceIdentifier": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}