CVE-2022-33323

Published: Feb 2, 2023Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Active Debug Code vulnerability in robot controller of Mitsubishi Electric Corporation industrial robot MELFA SD/SQ Series and MELFA F-Series allows a remote unauthenticated attacker to gain unauthorized access by authentication bypass through an unauthorized telnet login. As for the affected model names, controller types and firmware versions, see the Mitsubishi Electric's advisory which is listed in [References] section.

Affected (51)

Products: Mitsubishielectric: Rh 12sdh55 Firmware, Rh 12sdh70 Firmware, Rh 12sdh85 Firmware, Rh 12sqh55 Firmware, Rh 12sqh70 Firmware, Rh 12sqh85 Firmware, Rh 20sdh100 Firmware, Rh 20sdh85 Firmware, Rh 20sqh85 Firmware, Rh 3sdhr Firmware, Rh 3sqhr Firmware, Rh 6sdh35 Firmware, Rh 6sdh45 Firmware, Rh 6sdh55 Firmware, Rh 6sqh35 Firmware, Rh 6sqh45 Firmware, Rh 6sqh55 Firmware, Rv 12sd Firmware, Rv 12sdl Firmware, Rv 12sq Firmware, Rv 12sql Firmware, Rv 2sdb Firmware, Rv 2sqb Firmware, Rv 3sd Firmware, Rv 3sdj Firmware, Rv 3sq Firmware, Rv 3sqj Firmware, Rv 6sd Firmware, Rv 6sdl Firmware, Rv 6sq Firmware, Rv 6sql Firmware, Rh 12fh55 Firmware, Rh 12fh70 Firmware, Rh 12fh85 Firmware, Rh 20fh100 Firmware, Rh 20fh85 Firmware, Rh 3fh35 Firmware, Rh 3fh45 Firmware, Rh 3fh55 Firmware, Rh 6fh35 Firmware, Rh 6fh45 Firmware, Rh 6fh55 Firmware, Rv 13f Firmware, Rv 13fl Firmware, Rv 20f Firmware, Rv 2f Firmware, Rv 4f Firmware, Rv 4fl Firmware, Rv 7f Firmware, Rv 7fl Firmware, Rv 7fll Firmware

51 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric Rh 12sdh55 Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric Rh 12sdh55	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric Rh 12sdh70 Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric Rh 12sdh70	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric Rh 12sdh85 Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric Rh 12sdh85	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric Rh 12sqh55 Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric Rh 12sqh55	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric Rh 12sqh70 Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric Rh 12sqh70	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric Rh 12sqh85 Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric Rh 12sqh85	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric Rh 20sdh100 Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric Rh 20sdh100	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric Rh 20sdh85 Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric Rh 20sdh85	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric Rh 20sqh85 Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric Rh 20sqh85	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric Rh 3sdhr Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric Rh 3sdhr	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric Rh 3sqhr Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric Rh 3sqhr	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric Rh 6sdh35 Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric Rh 6sdh35	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric Rh 6sdh45 Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric Rh 6sdh45	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric Rh 6sdh55 Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric Rh 6sdh55	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric Rh 6sqh35 Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric Rh 6sqh35	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric Rh 6sqh45 Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric Rh 6sqh45	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric Rh 6sqh55 Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric Rh 6sqh55	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric Rv 12sd Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric Rv 12sd	All versions

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric Rv 12sdl Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric Rv 12sdl	All versions

Configuration T

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric Rv 12sq Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric Rv 12sq	All versions

Configuration U

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric Rv 12sql Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric Rv 12sql	All versions

Configuration V

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric Rv 2sdb Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric Rv 2sdb	All versions

Configuration W

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric Rv 2sqb Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric Rv 2sqb	All versions

Configuration X

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric Rv 3sd Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric Rv 3sd	All versions

Configuration Y

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric Rv 3sdj Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric Rv 3sdj	All versions

Configuration Z

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric Rv 3sq Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric Rv 3sq	All versions

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric Rv 3sqj Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric Rv 3sqj	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric Rv 6sd Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric Rv 6sd	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric Rv 6sdl Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric Rv 6sdl	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric Rv 6sq Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric Rv 6sq	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric Rv 6sql Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric Rv 6sql	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric Rh 12fh55 Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric Rh 12fh55	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric Rh 12fh70 Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric Rh 12fh70	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric Rh 12fh85 Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric Rh 12fh85	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric Rh 20fh100 Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric Rh 20fh100	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric Rh 20fh85 Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric Rh 20fh85	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric Rh 3fh35 Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric Rh 3fh35	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric Rh 3fh45 Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric Rh 3fh45	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric Rh 3fh55 Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric Rh 3fh55	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric Rh 6fh35 Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric Rh 6fh35	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric Rh 6fh45 Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric Rh 6fh45	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric Rh 6fh55 Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric Rh 6fh55	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric Rv 13f Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric Rv 13f	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric Rv 13fl Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric Rv 13fl	All versions

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric Rv 20f Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric Rv 20f	All versions

Configuration T

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric Rv 2f Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric Rv 2f	All versions

Configuration U

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric Rv 4f Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric Rv 4f	All versions

Configuration V

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric Rv 4fl Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric Rv 4fl	All versions

Configuration W

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric Rv 7f Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric Rv 7f	All versions

Configuration X

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric Rv 7fl Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric Rv 7fl	All versions

Configuration Y

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric Rv 7fll Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric Rv 7fll	All versions

Related CWEs

CWE-489

Active Debug Code

The product is deployed to unauthorized actors with debugging code still enabled or active, which can create unintended entry points or expose sensitive information.

References (6)

https://jvn.jp/vu/JVNVU94588481/index.html

Source: Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp

Third Party Advisory

https://www.cisa.gov/uscert/ics/advisories/icsa-23-026-05

Source: Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp

Third Party AdvisoryUS Government Resource

https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-020_en.pdf

Source: Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp

Vendor Advisory

https://jvn.jp/vu/JVNVU94588481/index.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.cisa.gov/uscert/ics/advisories/icsa-23-026-05

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-020_en.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.