#VU61824 Use of Password Hash Instead of Password for Authentication in MELSEC iQ-F series FX5U(C) CPU module and MELSEC iQ-F Series FX5UJ CPU module - CVE-2022-25157
Published: April 4, 2022 / Updated: June 2, 2022
Vulnerability identifier: #VU61824
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2022-25157
CWE-ID: CWE-836
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
MELSEC iQ-F series FX5U(C) CPU module
MELSEC iQ-F Series FX5UJ CPU module
MELSEC iQ-F series FX5U(C) CPU module
MELSEC iQ-F Series FX5UJ CPU module
Software vendor:
Mitsubishi Electric
Mitsubishi Electric
Description
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to use of password hash instead of password for authentication. A remote attacker can disclose or tamper with the information in the product by using an eavesdropped password hash.
Remediation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.