1. Home
  2. CVE Database
  3. CVE-2022-25158
CRITICAL · 9.1

CVE-2022-25158

Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi E...

Vulnerability Description

Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions, Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU all versions, Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4) all versions, Mitsubishi Electric MELSEC iQ-R series RJ71EN71 all versions, Mitsubishi Electric MELSEC iQ-R series RJ71GF11-T2 all versions, Mitsubishi Electric MELSEC iQ-R series RJ71GP21(S)-SX all versions, Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2 all versions, Mitsubishi Electric MELSEC Q series Q03UDECPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/10/13/20/26/50/100UDEHCPU all versions, Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU all versions, Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4) all versions, Mitsubishi Electric MELSEC Q series QJ71E71-100 all versions, Mitsubishi Electric MELSEC L series L02/06/26CPU(-P) all versions, Mitsubishi Electric MELSEC L series L26CPU-(P)BT all versions, Mitsubishi Electric MELSEC L series LJ71C24(-R2) all versions, Mitsubishi Electric MELSEC L series LJ71E71-100 all versions and Mitsubishi Electric MELSEC L series LJ72GF15-T2 all versions allows a remote attacker to disclose or tamper with a file in which password hash is saved in cleartext.

CVSS Score

9.1

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
NONE

Affected Products

VendorProductVersions
MitsubishielectricFx5Uc Firmware-
MitsubishielectricFx5Uc-
MitsubishielectricFx5Uc-32Mr\/Ds-Ts Firmware-
MitsubishielectricFx5Uc-32Mr\/Ds-Ts-
MitsubishielectricFx5Uc-32Mt\/D Firmware-
MitsubishielectricFx5Uc-32Mt\/D-
MitsubishielectricFx5Uc-32Mt\/Dss Firmware-
MitsubishielectricFx5Uc-32Mt\/Dss-
MitsubishielectricFx5Uj-24Mr\/Es Firmware-
MitsubishielectricFx5Uj-24Mr\/Es-
MitsubishielectricFx5Uj-24Mt\/Es Firmware-
MitsubishielectricFx5Uj-24Mt\/Es-
MitsubishielectricFx5Uj-24Mt\/Ess Firmware-
MitsubishielectricFx5Uj-24Mt\/Ess-
MitsubishielectricFx5Uj-40Mr\/Es Firmware-
MitsubishielectricFx5Uj-40Mr\/Es-
MitsubishielectricFx5Uj-40Mt\/Es Firmware-
MitsubishielectricFx5Uj-40Mt\/Es-
MitsubishielectricFx5Uj-40Mt\/Ess Firmware-
MitsubishielectricFx5Uj-40Mt\/Ess-

Related Weaknesses (CWE)

CWE-312

References

FAQ

What is CVE-2022-25158?

CVE-2022-25158 is a vulnerability with a CVSS score of 9.1 (CRITICAL). Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi E...

How severe is CVE-2022-25158?

CVE-2022-25158 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2022-25158?

Check the references section above for vendor advisories and patch information. Affected products include: Mitsubishielectric Fx5Uc Firmware, Mitsubishielectric Fx5Uc, Mitsubishielectric Fx5Uc-32Mr\/Ds-Ts Firmware, Mitsubishielectric Fx5Uc-32Mr\/Ds-Ts, Mitsubishielectric Fx5Uc-32Mt\/D Firmware.