SB2022040408 - Multiple vulnerabilities in Mitsubishi Electric FA Products
Published: April 4, 2022 Updated: June 2, 2022
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 6 vulnerabilities.
1) Use of Password Hash Instead of Password for Authentication (CVE-ID: CVE-2022-25155)
CWE-ID: CWE-836 - Use of Password Hash Instead of Password for Authentication
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to use of password hash instead of password for authentication. A remote attacker can log in to the product by replaying an eavesdropped password hash.
2) Reversible One-Way Hash (CVE-ID: CVE-2022-25156)
CWE-ID: -
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to use of weak hash. A remote attacker can log in to the product by using a password reversed from an eavesdropped password hash.
3) Use of Password Hash Instead of Password for Authentication (CVE-ID: CVE-2022-25157)
CWE-ID: CWE-836 - Use of Password Hash Instead of Password for Authentication
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to use of password hash instead of password for authentication. A remote attacker can disclose or tamper with the information in the product by using an eavesdropped password hash.
4) Cleartext storage of sensitive information (CVE-ID: CVE-2022-25158)
CWE-ID: CWE-312 - Cleartext Storage of Sensitive Information
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to the password hash is saved in cleartext. A remote attacker can disclose or tamper with a file.
5) Authentication Bypass by Capture-replay (CVE-ID: CVE-2022-25159)
CWE-ID: CWE-294 - Authentication Bypass by Capture-replay
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to an error in when processing authentication requests. A remote attacker can log in to the product by replay attack.
6) Cleartext storage of sensitive information (CVE-ID: CVE-2022-25160)
CWE-ID: CWE-312 - Cleartext Storage of Sensitive Information
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to the password hash is saved in cleartext. A remote attacker can disclose a file in a legitimate user's product by using previously eavesdropped cleartext information and counterfeit a legitimate user’s system.
Remediation
Cybersecurity Help is not aware of any official remediation provided by the vendor.
References
- https://jvn.jp/vu/JVNVU96577897/index.html
- https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-031_en.pdf
- https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-04
- https://www.ptsecurity.com/ww-en/analytics/threatscape/pt-2021-08/
- https://www.ptsecurity.com/ww-en/analytics/threatscape/pt-2021-09/
- https://www.ptsecurity.com/ww-en/analytics/threatscape/pt-2021-10/
- https://www.ptsecurity.com/ww-en/analytics/threatscape/pt-2021-11/
- https://www.ptsecurity.com/ww-en/analytics/threatscape/pt-2021-12/
- https://www.ptsecurity.com/ww-en/analytics/threatscape/pt-2021-13/