Risk | Low |
Patch available | NO |
Number of vulnerabilities | 2 |
CVE-ID | CVE-2022-21151 CVE-2021-33149 |
CWE-ID | CWE-200 CWE-203 |
Exploitation vector | Local |
Public exploit | N/A |
Vulnerable software |
MELSEC Q Series Q26DHCCPU-LS Hardware solutions / Firmware MELSEC Q Series Q24DHCCPU-LS Hardware solutions / Firmware MELSEC Q Series Q24DHCCPU-VG Hardware solutions / Firmware MELSEC Q Series Q24DHCCPU-V Hardware solutions / Firmware MELSEC iQ-R Series R102WCPU-W Hardware solutions / Firmware MELIPC Series MI3315G-W Hardware solutions / Firmware MELIPC Series MI3321G-W Hardware solutions / Firmware MELIPC Series MI1002-W Hardware solutions / Firmware MELIPC Series MI2012-W Hardware solutions / Firmware MELIPC Series MI5122-VW Hardware solutions / Firmware |
Vendor | Mitsubishi Electric |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
EUVDB-ID: #VU63348
Risk: Low
CVSSv3.1: 5.5 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N/E:U/RL:U/RC:C]
CVE-ID: CVE-2022-21151
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to an error during processor optimization removal or modification of security-critical code. A local privileged user can gain access to potentially sensitive information.
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsMELSEC Q Series Q26DHCCPU-LS: All versions
MELSEC Q Series Q24DHCCPU-LS: All versions
MELSEC Q Series Q24DHCCPU-VG: All versions
MELSEC Q Series Q24DHCCPU-V: All versions
MELSEC iQ-R Series R102WCPU-W: All versions
MELIPC Series MI3315G-W: All versions
MELIPC Series MI3321G-W: All versions
MELIPC Series MI1002-W: All versions
MELIPC Series MI2012-W: All versions
MELIPC Series MI5122-VW: All versions
CPE2.3http://www.cisa.gov/news-events/ics-advisories/icsa-23-341-01
http://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-017_en.pdf
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU84030
Risk: Low
CVSSv3.1: 2.3 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:U/RC:C]
CVE-ID: CVE-2021-33149
CWE-ID:
CWE-203 - Observable discrepancy
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to the observable behavioral discrepancy issue. A local user can gain unauthorized access to sensitive information on the system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsMELSEC Q Series Q26DHCCPU-LS: All versions
MELSEC Q Series Q24DHCCPU-LS: All versions
MELSEC Q Series Q24DHCCPU-VG: All versions
MELSEC Q Series Q24DHCCPU-V: All versions
MELSEC iQ-R Series R102WCPU-W: All versions
MELIPC Series MI3315G-W: All versions
MELIPC Series MI3321G-W: All versions
MELIPC Series MI1002-W: All versions
MELIPC Series MI2012-W: All versions
MELIPC Series MI5122-VW: All versions
CPE2.3http://www.cisa.gov/news-events/ics-advisories/icsa-23-341-01
http://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-017_en.pdf
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.