CVE-2022-24296
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Exploitability: 3.9 / Impact: 3.6
Source: NVD
Description
Use of a Broken or Risky Cryptographic Algorithm vulnerability in Air Conditioning System G-150AD Ver. 3.21 and prior, Air Conditioning System AG-150A-A Ver. 3.21 and prior, Air Conditioning System AG-150A-J Ver. 3.21 and prior, Air Conditioning System GB-50AD Ver. 3.21 and prior, Air Conditioning System GB-50ADA-A Ver. 3.21 and prior, Air Conditioning System GB-50ADA-J Ver. 3.21 and prior, Air Conditioning System EB-50GU-A Ver. 7.10 and prior, Air Conditioning System EB-50GU-J Ver. 7.10 and prior, Air Conditioning System AE-200J Ver. 7.97 and prior, Air Conditioning System AE-200A Ver. 7.97 and prior, Air Conditioning System AE-200E Ver. 7.97 and prior, Air Conditioning System AE-50J Ver. 7.97 and prior, Air Conditioning System AE-50A Ver. 7.97 and prior, Air Conditioning System AE-50E Ver. 7.97 and prior, Air Conditioning System EW-50J Ver. 7.97 and prior, Air Conditioning System EW-50A Ver. 7.97 and prior, Air Conditioning System EW-50E Ver. 7.97 and prior, Air Conditioning System TE-200A Ver. 7.97 and prior, Air Conditioning System TE-50A Ver. 7.97 and prior and Air Conditioning System TW-50A Ver. 7.97 and prior allows a remote unauthenticated attacker to cause a disclosure of encrypted message of the air conditioning systems by sniffing encrypted communications.
Affected (20)
Products: Mitsubishi: Ae 200a Firmware, Ae 200e Firmware, Ae 200j Firmware, Ae 50a Firmware, Ae 50e Firmware, Ae 50j Firmware, Ag 150a A Firmware, Ag 150a J Firmware, Eb 50gu A Firmware, Eb 50gu J Firmware, Ew 50a Firmware, Ew 50e Firmware, Ew 50j Firmware, G 150ad Firmware, Gb 50a Firmware, Gb 50ada A Firmware, Gb 50ada J Firmware, Te 200a Firmware, Te 50a Firmware, Tw 50a Firmware
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 7.97 |
| Running on/with | Platform Versions |
|---|---|
Mitsubishi Ae 200a | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 7.97 |
| Running on/with | Platform Versions |
|---|---|
Mitsubishi Ae 200e | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 7.97 |
| Running on/with | Platform Versions |
|---|---|
Mitsubishi Ae 200j | All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 7.97 |
| Running on/with | Platform Versions |
|---|---|
Mitsubishi Ae 50a | All versions |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 7.97 |
| Running on/with | Platform Versions |
|---|---|
Mitsubishi Ae 50e | All versions |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 7.97 |
| Running on/with | Platform Versions |
|---|---|
Mitsubishi Ae 50j | All versions |
Configuration G
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 3.21 |
| Running on/with | Platform Versions |
|---|---|
Mitsubishi Ag 150a A | All versions |
Configuration H
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 3.21 |
| Running on/with | Platform Versions |
|---|---|
Mitsubishi Ag 150a J | All versions |
Configuration I
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 7.10 |
| Running on/with | Platform Versions |
|---|---|
Mitsubishi Eb 50gu A | All versions |
Configuration J
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 7.10 |
| Running on/with | Platform Versions |
|---|---|
Mitsubishi Eb 50gu J | All versions |
Configuration K
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 7.97 |
| Running on/with | Platform Versions |
|---|---|
Mitsubishi Ew 50a | All versions |
Configuration L
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 7.97 |
| Running on/with | Platform Versions |
|---|---|
Mitsubishi Ew 50e | All versions |
Configuration M
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 7.97 |
| Running on/with | Platform Versions |
|---|---|
Mitsubishi Ew 50j | All versions |
Configuration N
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 3.21 |
| Running on/with | Platform Versions |
|---|---|
Mitsubishi G 150ad | All versions |
Configuration O
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 3.21 |
| Running on/with | Platform Versions |
|---|---|
Mitsubishi Gb 50a | All versions |
Configuration P
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 3.21 |
| Running on/with | Platform Versions |
|---|---|
Mitsubishi Gb 50ada A | All versions |
Configuration Q
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 3.21 |
| Running on/with | Platform Versions |
|---|---|
Mitsubishi Gb 50ada J | All versions |
Configuration R
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 7.97 |
| Running on/with | Platform Versions |
|---|---|
Mitsubishi Te 200a | All versions |
Configuration S
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 7.97 |
| Running on/with | Platform Versions |
|---|---|
Mitsubishi Te 50a | All versions |
Configuration T
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 7.97 |
| Running on/with | Platform Versions |
|---|---|
Mitsubishi Tw 50a | All versions |
References (6)
Source: Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
Third Party Advisory
Source: Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
Third Party Advisory
Source: Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Timeline
No history available yet.