Details of VAR-202203-1529

ID

VAR-202203-1529

CVE

CVE-2022-25156

TITLE

plural Mitsubishi Electric MELSEC iQ-F Insufficient password hash usage vulnerabilities in series products

Trust: 0.8

sources: JVNDB: JVNDB-2022-001564

DESCRIPTION

Use of Weak Hash vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions, Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU all versions, Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4) all versions, Mitsubishi Electric MELSEC iQ-R series RJ71EN71 all versions, Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2 all versions, Mitsubishi Electric MELSEC Q series Q03UDECPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/10/13/20/26/50/100UDEHCPU all versions, Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU all versions, Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4) all versions, Mitsubishi Electric MELSEC Q series QJ71E71-100 all versions, Mitsubishi Electric MELSEC Q series QJ72BR15 all versions, Mitsubishi Electric MELSEC Q series QJ72LP25(-25/G/GE) all versions, Mitsubishi Electric MELSEC L series L02/06/26CPU(-P) all versions, Mitsubishi Electric MELSEC L series L26CPU-(P)BT all versions, Mitsubishi Electric MELSEC L series LJ71C24(-R2) all versions, Mitsubishi Electric MELSEC L series LJ71E71-100 all versions and Mitsubishi Electric MELSEC L series LJ72GF15-T2 all versions allows a remote unauthenticated attacker to login to the product by using a password reversed from a previously eavesdropped password hash. plural Mitsubishi Electric MELSEC iQ-F A series of products contains a vulnerability related to the use of password hashes that are not strong enough.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Mitsubishi Electric Automation (China) Co., Ltd. is a wholly-owned enterprise in China invested by Mitsubishi Electric Corporation. Mainly produces mechanical appliances for power distribution (including low-voltage circuit breakers, electromagnetic switches), electrical processing products (including CNC EDM machines, wire-cut EDM machines, and laser processing machines). Mitsubishi MELSEC Q03UDECPU PLC has a logic flaw vulnerability, an attacker can use the vulnerability to decrypt the correct key through the encrypted password, and directly replay the message containing the key

Trust: 2.16

sources: NVD: CVE-2022-25156 // JVNDB: JVNDB-2022-001564 // CNVD: CNVD-2022-41726

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2022-41726

AFFECTED PRODUCTS

vendor:	mitsubishielectric	model:	fx5uc-32mt\/dss-ts	scope:	eq	version:	-	Trust: 1.0
vendor:	mitsubishielectric	model:	fx5uj-40mr\/es	scope:	eq	version:	-	Trust: 1.0
vendor:	mitsubishielectric	model:	fx5uj	scope:	eq	version:	-	Trust: 1.0
vendor:	mitsubishielectric	model:	fx5uc-32mt\/d	scope:	eq	version:	-	Trust: 1.0
vendor:	mitsubishielectric	model:	fx5uc-32mt\/ds-ts	scope:	eq	version:	-	Trust: 1.0
vendor:	mitsubishielectric	model:	fx5uc	scope:	eq	version:	-	Trust: 1.0
vendor:	mitsubishielectric	model:	fx5uj-24mt\/ess	scope:	eq	version:	-	Trust: 1.0
vendor:	mitsubishielectric	model:	fx5uc-32mr\/ds-ts	scope:	eq	version:	-	Trust: 1.0
vendor:	mitsubishielectric	model:	fx5uc-32mt\/dss	scope:	eq	version:	-	Trust: 1.0
vendor:	mitsubishielectric	model:	fx5uj-24mt\/es	scope:	eq	version:	-	Trust: 1.0
vendor:	mitsubishielectric	model:	fx5uj-40mt\/es	scope:	eq	version:	-	Trust: 1.0
vendor:	mitsubishielectric	model:	fx5uj-40mt\/ess	scope:	eq	version:	-	Trust: 1.0
vendor:	mitsubishielectric	model:	fx5uj-60mt\/es	scope:	eq	version:	-	Trust: 1.0
vendor:	mitsubishielectric	model:	fx5uj-60mr\/es	scope:	eq	version:	-	Trust: 1.0
vendor:	mitsubishielectric	model:	fx5uj-60mt\/ess	scope:	eq	version:	-	Trust: 1.0
vendor:	mitsubishielectric	model:	fx5uj-24mr\/es	scope:	eq	version:	-	Trust: 1.0
vendor:	三菱電機	model:	fx5uc-32mt/d	scope:	-	version:	-	Trust: 0.8
vendor:	三菱電機	model:	fx5uc-32mr/ds-ts	scope:	-	version:	-	Trust: 0.8
vendor:	三菱電機	model:	fx5uj-40mt/es	scope:	-	version:	-	Trust: 0.8
vendor:	三菱電機	model:	fx5uj-40mr/es	scope:	-	version:	-	Trust: 0.8
vendor:	三菱電機	model:	fx5uc	scope:	-	version:	-	Trust: 0.8
vendor:	三菱電機	model:	fx5uj-24mt/ess	scope:	-	version:	-	Trust: 0.8
vendor:	三菱電機	model:	fx5uc-32mt/dss	scope:	-	version:	-	Trust: 0.8
vendor:	三菱電機	model:	fx5uj-24mr/es	scope:	-	version:	-	Trust: 0.8
vendor:	三菱電機	model:	fx5uj-40mt/ess	scope:	-	version:	-	Trust: 0.8
vendor:	三菱電機	model:	fx5uj-24mt/es	scope:	-	version:	-	Trust: 0.8
vendor:	mitsubishi electric automation	model:	melsec q03udecpu plc	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2022-41726 // JVNDB: JVNDB-2022-001564 // NVD: CVE-2022-25156

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-25156
value:	HIGH
Trust: 1.0
NVD:	CVE-2022-25156
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2022-41726
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-202203-2694
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2022-25156
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2022-41726
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2022-25156
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.2
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2022-25156
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2022-41726 // JVNDB: JVNDB-2022-001564 // CNNVD: CNNVD-202203-2694 // NVD: CVE-2022-25156

PROBLEMTYPE DATA

problemtype:	CWE-326	Trust: 1.0
problemtype:	Using weak password hashes (CWE-916) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-001564 // NVD: CVE-2022-25156

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202203-2694

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202203-2694

PATCH

title:	Authentication Bypass, Information Disclosure and Information Tampering Vulnerabilities in Multiple FA Products	url:	https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-031_en.pdf	Trust: 0.8
title:	Patch for Mitsubishi MELSEC Q03UDECPU PLC has logic flaw vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/332961	Trust: 0.6
title:	Mitsubishi Electric MELSEC iQ-F series Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=194631	Trust: 0.6

sources: CNVD: CNVD-2022-41726 // JVNDB: JVNDB-2022-001564 // CNNVD: CNNVD-202203-2694

EXTERNAL IDS

db:	NVD	id:	CVE-2022-25156	Trust: 3.8
db:	ICS CERT	id:	ICSA-22-090-04	Trust: 2.4
db:	JVN	id:	JVNVU96577897	Trust: 2.4
db:	JVNDB	id:	JVNDB-2022-001564	Trust: 0.8
db:	CNVD	id:	CNVD-2022-41726	Trust: 0.6
db:	CNNVD	id:	CNNVD-202203-2694	Trust: 0.6

sources: CNVD: CNVD-2022-41726 // JVNDB: JVNDB-2022-001564 // CNNVD: CNNVD-202203-2694 // NVD: CVE-2022-25156

REFERENCES

url:	https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-04	Trust: 2.4
url:	https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-031_en.pdf	Trust: 1.6
url:	https://jvn.jp/vu/jvnvu96577897/index.html	Trust: 1.6
url:	https://jvn.jp/vu/jvnvu96577897/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2022-25156	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-25156/	Trust: 0.6
url:	https://us-cert.cisa.gov/ics/advisories/icsa-22-090-04	Trust: 0.6

sources: JVNDB: JVNDB-2022-001564 // CNNVD: CNNVD-202203-2694 // NVD: CVE-2022-25156

CREDITS

Iliya Rogachev and Artur Akhatov of Positive Technologies reported these vulnerabilities to Mitsubishi Electric.,Anton Dorfman, Dmitry Sklyarov

Trust: 0.6

sources: CNNVD: CNNVD-202203-2694

SOURCES

db:	CNVD	id:	CNVD-2022-41726
db:	JVNDB	id:	JVNDB-2022-001564
db:	CNNVD	id:	CNNVD-202203-2694
db:	NVD	id:	CVE-2022-25156

LAST UPDATE DATE

2024-11-23T22:20:33.214000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2022-41726	date:	2022-05-29T00:00:00
db:	JVNDB	id:	JVNDB-2022-001564	date:	2022-04-20T05:21:00
db:	CNNVD	id:	CNNVD-202203-2694	date:	2022-06-06T00:00:00
db:	NVD	id:	CVE-2022-25156	date:	2024-11-21T06:51:42.703

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2022-41726	date:	2022-05-26T00:00:00
db:	JVNDB	id:	JVNDB-2022-001564	date:	2022-04-20T00:00:00
db:	CNNVD	id:	CNNVD-202203-2694	date:	2022-03-31T00:00:00
db:	NVD	id:	CVE-2022-25156	date:	2022-04-01T23:15:14.253