CVE-2022-25158

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 02-04-2022 01:15

Last modified: - 02-06-2022 08:15

Total changes: - 4

Description

Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions, Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU all versions, Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4) all versions, Mitsubishi Electric MELSEC iQ-R series RJ71EN71 all versions, Mitsubishi Electric MELSEC iQ-R series RJ71GF11-T2 all versions, Mitsubishi Electric MELSEC iQ-R series RJ71GP21(S)-SX all versions, Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2 all versions, Mitsubishi Electric MELSEC Q series Q03UDECPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/10/13/20/26/50/100UDEHCPU all versions, Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU all versions, Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4) all versions, Mitsubishi Electric MELSEC Q series QJ71E71-100 all versions, Mitsubishi Electric MELSEC L series L02/06/26CPU(-P) all versions, Mitsubishi Electric MELSEC L series L26CPU-(P)BT all versions, Mitsubishi Electric MELSEC L series LJ71C24(-R2) all versions, Mitsubishi Electric MELSEC L series LJ71E71-100 all versions and Mitsubishi Electric MELSEC L series LJ72GF15-T2 all versions allows a remote attacker to disclose or tamper with a file in which password hash is saved in cleartext.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Low

Attack complexity

Network

Attack vector

None

Availability

High

Confidentiality

High

Integrity

None

Privileges required

Unchanged

Scope

None

User interaction

9.1

Base score

3.9

5.2

Exploitability score

Impact score

Verification logic

AND

vendor=mitsubishielectric AND product=fx5uc_firmware AND version=-

vendor=mitsubishielectric AND product=fx5uc AND version=-

AND

vendor=mitsubishielectric AND product=fx5uc-32mr\/ds-ts_firmware AND version=-

vendor=mitsubishielectric AND product=fx5uc-32mr\/ds-ts AND version=-

AND

vendor=mitsubishielectric AND product=fx5uc-32mt\/d_firmware AND version=-

vendor=mitsubishielectric AND product=fx5uc-32mt\/d AND version=-

AND

vendor=mitsubishielectric AND product=fx5uc-32mt\/dss_firmware AND version=-

vendor=mitsubishielectric AND product=fx5uc-32mt\/dss AND version=-

AND

vendor=mitsubishielectric AND product=fx5uj-24mr\/es_firmware AND version=-

vendor=mitsubishielectric AND product=fx5uj-24mr\/es AND version=-

AND

vendor=mitsubishielectric AND product=fx5uj-24mt\/es_firmware AND version=-

vendor=mitsubishielectric AND product=fx5uj-24mt\/es AND version=-

AND

vendor=mitsubishielectric AND product=fx5uj-24mt\/ess_firmware AND version=-

vendor=mitsubishielectric AND product=fx5uj-24mt\/ess AND version=-

AND

vendor=mitsubishielectric AND product=fx5uj-40mr\/es_firmware AND version=-

vendor=mitsubishielectric AND product=fx5uj-40mr\/es AND version=-

AND

vendor=mitsubishielectric AND product=fx5uj-40mt\/es_firmware AND version=-

vendor=mitsubishielectric AND product=fx5uj-40mt\/es AND version=-

AND

vendor=mitsubishielectric AND product=fx5uj-40mt\/ess_firmware AND version=-

vendor=mitsubishielectric AND product=fx5uj-40mt\/ess AND version=-

AND

vendor=mitsubishielectric AND product=fx5uj-60mr\/es_firmware AND version=-

vendor=mitsubishielectric AND product=fx5uj-60mr\/es AND version=-

AND

vendor=mitsubishielectric AND product=fx5uj-60mt\/es_firmware AND version=-

vendor=mitsubishielectric AND product=fx5uj-60mt\/es AND version=-

AND

vendor=mitsubishielectric AND product=fx5uj-60mt\/ess_firmware AND version=-

vendor=mitsubishielectric AND product=fx5uj-60mt\/ess AND version=-

AND

vendor=mitsubishielectric AND product=fx5uc-32mt\/dss-ts_firmware AND version=-

vendor=mitsubishielectric AND product=fx5uc-32mt\/dss-ts AND version=-

AND

vendor=mitsubishielectric AND product=fx5uc-32mt\/ds-ts_firmware AND version=-

vendor=mitsubishielectric AND product=fx5uc-32mt\/ds-ts AND version=-

AND

vendor=mitsubishielectric AND product=fx5uj_firmware AND version=-

vendor=mitsubishielectric AND product=fx5uj AND version=-

Reference

Keywords

CVE-2022-25158

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2022-25158

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures