Exploit for #VU71302 Predictable Seed in Pseudo-Random Number Generator (PRNG) in Mitsubishi Electric Hardware solutions

Exploit for #VU71302 Predictable Seed in Pseudo-Random Number Generator (PRNG) in Mitsubishi Electric Hardware solutions

Published: 2023-04-11

Vulnerability identifier: #VU71302

Vulnerability risk: Medium

CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C]

CVE-ID: CVE-2022-40267

CWE-ID: CWE-337

Exploitation vector: Network

Exploits in database: 1

April 11, 2023
- Mitsubishi Electric Corporation MELSEC iQ-FX5U webserver session identifier generation authentication bypass vulnerability [Talos]

Impact: Data manipulation

Vulnerable software:
MELSEC iQ-F FX5U
Hardware solutions / Routers & switches, VoIP, GSM, etc
MELSEC iQ-F FX5UC
Hardware solutions / Routers & switches, VoIP, GSM, etc
MELSEC iQ-F FX5UC-32MT/DS-TS
Hardware solutions / Routers & switches, VoIP, GSM, etc
MELSEC iQ-F FX5UC-32MT/DSS-TS
Hardware solutions / Routers & switches, VoIP, GSM, etc
MELSEC iQ-F FX5UC-32MR/DS-TS
Hardware solutions / Routers & switches, VoIP, GSM, etc
MELSEC iQ-R 00 CPU
Hardware solutions / Firmware
MELSEC iQ-R 01 CPU
Hardware solutions / Firmware
MELSEC iQ-R 02 CPU
Hardware solutions / Firmware
MELSEC iQ-R 04 (EN) CPU
Hardware solutions / Firmware
MELSEC iQ-R 08 (EN) CPU
Hardware solutions / Firmware
MELSEC iQ-R 16 (EN) CPU
Hardware solutions / Firmware
MELSEC iQ-R 32 (EN) CPU
Hardware solutions / Firmware
MELSEC iQ-R 120 (EN) CPU
Hardware solutions / Firmware

Vendor: Mitsubishi Electric