CVE-2022-23128 — CRITICAL (9.8)

Q: How severe is CVE-2022-23128?

CVE-2022-23128 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2022-23128?

Check the references section above for vendor advisories and patch information. Affected products include: Iconics Analytix, Iconics Genesis64, Iconics Hyper Historian, Iconics Mobilehmi, Mitsubishielectric Mc Works64.

Vulnerability Description

Incomplete List of Disallowed Inputs vulnerability in Mitsubishi Electric MC Works64 versions 4.00A (10.95.201.23) to 4.04E (10.95.210.01), ICONICS GENESIS64 versions 10.95.3 to 10.97, ICONICS Hyper Historian versions 10.95.3 to 10.97, ICONICS AnalytiX versions 10.95.3 to 10.97 and ICONICS MobileHMI versions 10.95.3 to 10.97 allows a remote unauthenticated attacker to bypass the authentication of MC Works64, GENESIS64, Hyper Historian, AnalytiX and MobileHMI, and gain unauthorized access to the products, by sending specially crafted WebSocket packets to FrameWorX server, one of the functions of the products.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Iconics	Analytix	>= 10.95.3, <= 10.97
Iconics	Genesis64	>= 10.95.3, <= 10.97
Iconics	Hyper Historian	>= 10.95.3, <= 10.97
Iconics	Mobilehmi	>= 10.95.3, <= 10.97
Mitsubishielectric	Mc Works64	>= 10.95.201.23, <= 10.95.210.01

References

https://jvn.jp/vu/JVNVU95403720/index.htmlMitigationThird Party AdvisoryVDB Entry
https://www.cisa.gov/uscert/ics/advisories/icsa-22-020-01MitigationThird Party AdvisoryUS Government Resource
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-026_en.pdfMitigationVendor Advisory
https://jvn.jp/vu/JVNVU95403720/index.htmlMitigationThird Party AdvisoryVDB Entry
https://www.cisa.gov/uscert/ics/advisories/icsa-22-020-01MitigationThird Party AdvisoryUS Government Resource
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-026_en.pdfMitigationVendor Advisory

FAQ

What is CVE-2022-23128?

CVE-2022-23128 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Incomplete List of Disallowed Inputs vulnerability in Mitsubishi Electric MC Works64 versions 4.00A (10.95.201.23) to 4.04E (10.95.210.01), ICONICS GENESIS64 versions 10.95.3 to 10.97, ICONICS Hyper H...

How severe is CVE-2022-23128?

CVE-2022-23128 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2022-23128?

Check the references section above for vendor advisories and patch information. Affected products include: Iconics Analytix, Iconics Genesis64, Iconics Hyper Historian, Iconics Mobilehmi, Mitsubishielectric Mc Works64.