Vulnerability Description
Use of a Broken or Risky Cryptographic Algorithm vulnerability in Air Conditioning System G-150AD Ver. 3.21 and prior, Air Conditioning System AG-150A-A Ver. 3.21 and prior, Air Conditioning System AG-150A-J Ver. 3.21 and prior, Air Conditioning System GB-50AD Ver. 3.21 and prior, Air Conditioning System GB-50ADA-A Ver. 3.21 and prior, Air Conditioning System GB-50ADA-J Ver. 3.21 and prior, Air Conditioning System EB-50GU-A Ver. 7.10 and prior, Air Conditioning System EB-50GU-J Ver. 7.10 and prior, Air Conditioning System AE-200J Ver. 7.97 and prior, Air Conditioning System AE-200A Ver. 7.97 and prior, Air Conditioning System AE-200E Ver. 7.97 and prior, Air Conditioning System AE-50J Ver. 7.97 and prior, Air Conditioning System AE-50A Ver. 7.97 and prior, Air Conditioning System AE-50E Ver. 7.97 and prior, Air Conditioning System EW-50J Ver. 7.97 and prior, Air Conditioning System EW-50A Ver. 7.97 and prior, Air Conditioning System EW-50E Ver. 7.97 and prior, Air Conditioning System TE-200A Ver. 7.97 and prior, Air Conditioning System TE-50A Ver. 7.97 and prior and Air Conditioning System TW-50A Ver. 7.97 and prior allows a remote unauthenticated attacker to cause a disclosure of encrypted message of the air conditioning systems by sniffing encrypted communications.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mitsubishi | Ae-200A Firmware | <= 7.97 |
| Mitsubishi | Ae-200A | - |
| Mitsubishi | Ae-200E Firmware | <= 7.97 |
| Mitsubishi | Ae-200E | - |
| Mitsubishi | Ae-200J Firmware | <= 7.97 |
| Mitsubishi | Ae-200J | - |
| Mitsubishi | Ae-50A Firmware | <= 7.97 |
| Mitsubishi | Ae-50A | - |
| Mitsubishi | Ae-50E Firmware | <= 7.97 |
| Mitsubishi | Ae-50E | - |
| Mitsubishi | Ae-50J Firmware | <= 7.97 |
| Mitsubishi | Ae-50J | - |
| Mitsubishi | Ag-150A-A Firmware | <= 3.21 |
| Mitsubishi | Ag-150A-A | - |
| Mitsubishi | Ag-150A-J Firmware | <= 3.21 |
| Mitsubishi | Ag-150A-J | - |
| Mitsubishi | Eb-50Gu-A Firmware | <= 7.10 |
| Mitsubishi | Eb-50Gu-A | - |
| Mitsubishi | Eb-50Gu-J Firmware | <= 7.10 |
| Mitsubishi | Eb-50Gu-J | - |
Related Weaknesses (CWE)
References
- https://jvn.jp/vu/JVNVU95298925/index.htmlThird Party Advisory
- https://www.mee.co.jp/psirt/vulnerability/pdf/2022-001.pdfThird Party Advisory
- https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-005_en.pdfVendor Advisory
- https://jvn.jp/vu/JVNVU95298925/index.htmlThird Party Advisory
- https://www.mee.co.jp/psirt/vulnerability/pdf/2022-001.pdfThird Party Advisory
- https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-005_en.pdfVendor Advisory
FAQ
What is CVE-2022-24296?
CVE-2022-24296 is a vulnerability with a CVSS score of 7.5 (HIGH). Use of a Broken or Risky Cryptographic Algorithm vulnerability in Air Conditioning System G-150AD Ver. 3.21 and prior, Air Conditioning System AG-150A-A Ver. 3.21 and prior, Air Conditioning System AG...
How severe is CVE-2022-24296?
CVE-2022-24296 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-24296?
Check the references section above for vendor advisories and patch information. Affected products include: Mitsubishi Ae-200A Firmware, Mitsubishi Ae-200A, Mitsubishi Ae-200E Firmware, Mitsubishi Ae-200E, Mitsubishi Ae-200J Firmware.