← Back

CVE-2021-20595

nvd nist
Published: Jul 13, 2021Modified: Nov 21, 2024

JSON object

Loading...
8.2
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
Exploitability: 3.9 / Impact: 4.2
Source: NVD

Description

Improper Restriction of XML External Entity Reference vulnerability in Mitsubishi Electric Air Conditioning System/Centralized Controllers (G-50A Ver.3.35 and prior, GB-50A Ver.3.35 and prior, GB-24A Ver.9.11 and prior, AG-150A-A Ver.3.20 and prior, AG-150A-J Ver.3.20 and prior, GB-50ADA-A Ver.3.20 and prior, GB-50ADA-J Ver.3.20 and prior, EB-50GU-A Ver 7.09 and prior, EB-50GU-J Ver 7.09 and prior, AE-200A Ver 7.93 and prior, AE-200E Ver 7.93 and prior, AE-50A Ver 7.93 and prior, AE-50E Ver 7.93 and prior, EW-50A Ver 7.93 and prior, EW-50E Ver 7.93 and prior, TE-200A Ver 7.93 and prior, TE-50A Ver 7.93 and prior, TW-50A Ver 7.93 and prior, CMS-RMD-J Ver.1.30 and prior), Air Conditioning System/Expansion Controllers (PAC-YG50ECA Ver.2.20 and prior) and Air Conditioning System/BM adapter(BAC-HD150 Ver.2.21 and prior) allows a remote unauthenticated attacker to disclose some of data in the air conditioning system or cause a DoS condition by sending specially crafted packets.

Affected (19)

Mitsubishi
19 products
G 50a Firmware
Gb 50a Firmware
Ag 150a A Firmware
Ag 150a J Firmware
Gb 50ada A Firmware
Gb 50ada J Firmware
Eb 50gu A Firmware
Eb 50gu J Firmware
Ae 200a Firmware
Ae 200e Firmware
Ae 50a Firmware
Ae 50e Firmware
Ew 50a Firmware
Ew 50e Firmware
Te 200a Firmware
Te 50a Firmware
Tw 50a Firmware
Cms Rmd J Firmware
Pac Yg50eca Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
G 50a Firmware
From 2.50 to 3.35
Running on/withPlatform Versions
Mitsubishi
G 50a
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Gb 50a Firmware
From 2.50 to 3.35
Running on/withPlatform Versions
Mitsubishi
Gb 50a
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ag 150a A Firmware
Up to 3.20
Running on/withPlatform Versions
Mitsubishi
Ag 150a A
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ag 150a J Firmware
Up to 3.20
Running on/withPlatform Versions
Mitsubishi
Ag 150a J
All versions
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Gb 50ada A Firmware
Up to 3.20
Running on/withPlatform Versions
Mitsubishi
Gb 50ada A
All versions
Configuration F
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Gb 50ada J Firmware
Up to 3.20
Running on/withPlatform Versions
Mitsubishi
Gb 50ada J
All versions
Configuration G
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Eb 50gu A Firmware
Up to 7.09
Running on/withPlatform Versions
Mitsubishi
Eb 50gu A
All versions
Configuration H
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Eb 50gu J Firmware
Up to 7.09
Running on/withPlatform Versions
Mitsubishi
Eb 50gu J
All versions
Configuration I
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ae 200a Firmware
Up to 7.93
Running on/withPlatform Versions
Mitsubishi
Ae 200a
All versions
Configuration J
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ae 200e Firmware
Up to 7.93
Running on/withPlatform Versions
Mitsubishi
Ae 200e
All versions
Configuration K
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ae 50a Firmware
Up to 7.93
Running on/withPlatform Versions
Mitsubishi
Ae 50a
All versions
Configuration L
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ae 50e Firmware
Up to 7.93
Running on/withPlatform Versions
Mitsubishi
Ae 50e
All versions
Configuration M
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ew 50a Firmware
Up to 7.93
Running on/withPlatform Versions
Mitsubishi
Ew 50a
All versions
Configuration N
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ew 50e Firmware
Up to 7.93
Running on/withPlatform Versions
Mitsubishi
Ew 50e
All versions
Configuration O
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Te 200a Firmware
Up to 7.93
Running on/withPlatform Versions
Mitsubishi
Te 200a
All versions
Configuration P
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Te 50a Firmware
Up to 7.93
Running on/withPlatform Versions
Mitsubishi
Te 50a
All versions
Configuration Q
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tw 50a Firmware
Up to 7.93
Running on/withPlatform Versions
Mitsubishi
Tw 50a
All versions
Configuration R
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Cms Rmd J Firmware
Up to 1.30
Running on/withPlatform Versions
Mitsubishi
Cms Rmd J
All versions
Configuration S
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Pac Yg50eca Firmware
Up to 2.20
Running on/withPlatform Versions
Mitsubishi
Pac Yg50eca
All versions

Related CWEs

CWE-611
Improper Restriction of XML External Entity Reference
The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

References (4)

Source: Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
Third Party Advisory
Source: Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.