Description

Predictable Seed in Pseudo-Random Number Generator (PRNG) vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-xMy/z (x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) with serial number 17X**** or later, and versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-xMy/z (x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) with serial number 179**** and prior, and versions 1.074 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-xMy/z (x=32,64,96, y=T, z=D,DSS)) with serial number 17X**** or later, and versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-xMy/z (x=32,64,96, y=T, z=D,DSS)) with serial number 179**** and prior, and versions 1.074 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-32MT/DS-TS versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-32MT/DSS-TS versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-xMy/z (x=24,40,60, y=T,R, z=ES,ESS) versions 1.042 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-xMy/ES-A (x=24,40,60, y=T,R) versions 1.043 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5S-xMy/z (x=30,40,60,80, y=T,R, z=ES,ESS) versions 1.003 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-32MR/DS-TS versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R00/01/02CPU versions 33 and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120(EN)CPU versions 66 and prior allows a remote unauthenticated attacker to access the Web server function by guessing the random numbers used for authentication from several used random numbers.

Related CPE's

o

mitsubishielectric

fx5u-80mt\/ess_firmware

-

Vulnerable

h

mitsubishielectric

fx5u-80mt\/ess

-

o

mitsubishielectric

fx5u-32mt\/dss_firmware

-

Vulnerable

h

mitsubishielectric

fx5u-32mt\/dss

-

o

mitsubishielectric

fx5u-64mt\/dss_firmware

-

Vulnerable

h

mitsubishielectric

fx5u-64mt\/dss

-

o

mitsubishielectric

fx5u-80mt\/dss_firmware

-

Vulnerable

h

mitsubishielectric

fx5u-80mt\/dss

-

o

mitsubishielectric

fx5uc-32mt\/d_firmware

-

Vulnerable

h

mitsubishielectric

fx5uc-32mt\/d

-

o

mitsubishielectric

fx5uc-64mt\/d_firmware

-

Vulnerable

h

mitsubishielectric

fx5uc-64mt\/d

-

o

mitsubishielectric

fx5uc-96mt\/d_firmware

-

Vulnerable

h

mitsubishielectric

fx5uc-96mt\/d

-

o

mitsubishielectric

fx5uc-32mt\/dss_firmware

-

Vulnerable

h

mitsubishielectric

fx5uc-32mt\/dss

-

o

mitsubishielectric

fx5uc-64mt\/dss_firmware

-

Vulnerable

h

mitsubishielectric

fx5uc-64mt\/dss

-

o

mitsubishielectric

fx5uc-96mt\/dss_firmware

-

Vulnerable

h

mitsubishielectric

fx5uc-96mt\/dss

-

o

mitsubishielectric

fx5uc-32mt\/ds-ts_firmware

Vulnerable

h

mitsubishielectric

fx5uc-32mt\/ds-ts

-

o

mitsubishielectric

fx5uc-32mt\/dss-ts_firmware

Vulnerable

h

mitsubishielectric

fx5uc-32mt\/dss-ts

-

o

mitsubishielectric

fx5uc-32mr\/ds-ts_firmware

Vulnerable

h

mitsubishielectric

fx5uc-32mr\/ds-ts

-

o

mitsubishielectric

r00cpu_firmware

-

Vulnerable

h

mitsubishielectric

r00cpu

-

o

mitsubishielectric

r01cpu_firmware

-

Vulnerable

h

mitsubishielectric

r01cpu

-

o

mitsubishielectric

r02cpu_firmware

-

Vulnerable

h

mitsubishielectric

r02cpu

-

o

mitsubishielectric

r04cpu_firmware

-

Vulnerable

h

mitsubishielectric

r04cpu

-

o

mitsubishielectric

r08cpu_firmware

-

Vulnerable

h

mitsubishielectric

r08cpu

-

o

mitsubishielectric

r16cpu_firmware

-

Vulnerable

h

mitsubishielectric

r16cpu

-

o

mitsubishielectric

r32cpu_firmware

-

Vulnerable

h

mitsubishielectric

r32cpu

-

o

mitsubishielectric

r120cpu_firmware

-

Vulnerable

h

mitsubishielectric

r120cpu

-

o

mitsubishielectric

r04encpu_firmware

-

Vulnerable

h

mitsubishielectric

r04encpu

-

o

mitsubishielectric

r08encpu_firmware

-

Vulnerable

h

mitsubishielectric

r08encpu

-

o

mitsubishielectric

r16encpu_firmware

-

Vulnerable

h

mitsubishielectric

r16encpu

-

o

mitsubishielectric

r32encpu_firmware

-

Vulnerable

h

mitsubishielectric

r32encpu

-

o

mitsubishielectric

r120encpu_firmware

-

Vulnerable

h

mitsubishielectric

r120encpu

-

o

mitsubishielectric

fx5uj-24mt\/es_firmware

Vulnerable

h

mitsubishielectric

fx5uj-24mt\/es

-

o

mitsubishielectric

fx5uj-40mt\/es_firmware

Vulnerable

h

mitsubishielectric

fx5uj-40mt\/es

-

o

mitsubishielectric

fx5uj-60mt\/es_firmware

Vulnerable

h

mitsubishielectric

fx5uj-60mt\/es

-

o

mitsubishielectric

fx5uj-24mr\/es_firmware

Vulnerable

h

mitsubishielectric

fx5uj-24mr\/es

-

o

mitsubishielectric

fx5uj-40mr\/es_firmware

Vulnerable

h

mitsubishielectric

fx5uj-40mr\/es

-

o

mitsubishielectric

fx5uj-60mr\/es_firmware

Vulnerable

h

mitsubishielectric

fx5uj-60mr\/es

-

o

mitsubishielectric

fx5uj-24mt\/ess_firmware

Vulnerable

h

mitsubishielectric

fx5uj-24mt\/ess

-

o

mitsubishielectric

fx5uj-40mt\/ess_firmware

Vulnerable

h

mitsubishielectric

fx5uj-40mt\/ess

-

o

mitsubishielectric

fx5uj-60mt\/ess_firmware

Vulnerable

h

mitsubishielectric

fx5uj-60mt\/ess

-

o

mitsubishielectric

fx5uj-24mt\/es-a_firmware

Vulnerable

h

mitsubishielectric

fx5uj-24mt\/es-a

-

o

mitsubishielectric

fx5uj-40mt\/es-a_firmware

Vulnerable

h

mitsubishielectric

fx5uj-40mt\/es-a

-

o

mitsubishielectric

fx5uj-60mt\/es-a_firmware

Vulnerable

h

mitsubishielectric

fx5uj-60mt\/es-a

-

o

mitsubishielectric

fx5uj-24mr\/es-a_firmware

Vulnerable

h

mitsubishielectric

fx5uj-24mr\/es-a

-

o

mitsubishielectric

fx5uj-40mr\/es-a_firmware

Vulnerable

h

mitsubishielectric

fx5uj-40mr\/es-a

-

o

mitsubishielectric

fx5uj-60mr\/es-a_firmware

Vulnerable

h

mitsubishielectric

fx5uj-60mr\/es-a

-

o

mitsubishielectric

fx5s-30mt\/es_firmware

Vulnerable

h

mitsubishielectric

fx5s-30mt\/es

-

o

mitsubishielectric

fx5s-40mt\/es_firmware

Vulnerable

h

mitsubishielectric

fx5s-40mt\/es

-

o

mitsubishielectric

fx5s-60mt\/es_firmware

Vulnerable

h

mitsubishielectric

fx5s-60mt\/es

-

o

mitsubishielectric

fx5s-80mt\/es_firmware

Vulnerable

h

mitsubishielectric

fx5s-80mt\/es

-

o

mitsubishielectric

fx5s-30mr\/es_firmware

Vulnerable

h

mitsubishielectric

fx5s-30mr\/es

-

o

mitsubishielectric

fx5s-40mr\/es_firmware

Vulnerable

h

mitsubishielectric

fx5s-40mr\/es

-

o

mitsubishielectric

fx5s-60mr\/es_firmware

Vulnerable

h

mitsubishielectric

fx5s-60mr\/es

-

o

mitsubishielectric

fx5s-80mr\/es_firmware

Vulnerable

h

mitsubishielectric

fx5s-80mr\/es

-

o

mitsubishielectric

fx5s-30mt\/ess_firmware

Vulnerable

h

mitsubishielectric

fx5s-30mt\/ess

-

o

mitsubishielectric

fx5s-40mt\/ess_firmware

Vulnerable

h

mitsubishielectric

fx5s-40mt\/ess

-

o

mitsubishielectric

fx5s-60mt\/ess_firmware

Vulnerable

h

mitsubishielectric

fx5s-60mt\/ess

-

o

mitsubishielectric

fx5s-80mt\/ess_firmware

Vulnerable

h

mitsubishielectric

fx5s-80mt\/ess

-

References

https://jvn.jp/vu/JVNVU99673580/index.html

MitigationThird Party Advisory

https://www.cisa.gov/uscert/ics/advisories/icsa-23-017-02

MitigationThird Party AdvisoryUS Government Resource

https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-019_en.pdf

MitigationVendor Advisory

https://jvn.jp/vu/JVNVU99673580/index.html

MitigationThird Party Advisory

https://www.cisa.gov/uscert/ics/advisories/icsa-23-017-02

MitigationThird Party AdvisoryUS Government Resource

https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-019_en.pdf

MitigationVendor Advisory

https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1646

Weaknesses

[email protected]

Secondary
CWE-337

[email protected]

Primary
CWE-335

CVSS impact metrics

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

5.9 · Medium

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2023-01-20T07:15:11.373Z

3 years ago

Last modified

2024-11-21T06:21:09.770Z

1 year ago