CVE-2022-33322 — MEDIUM (6.1)

Q: How severe is CVE-2022-33322?

CVE-2022-33322 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-33322?

Check the references section above for vendor advisories and patch information. Affected products include: Mitsubishielectric Mac-587If-E Firmware, Mitsubishielectric Mac-587If-E, Mitsubishielectric Mac-587If2-E Firmware, Mitsubishielectric Mac-587If2-E, Mitsubishielectric Mac-507If-E Firmware.

Vulnerability Description

Cross-site scripting vulnerability in Mitsubishi Electric consumer electronics products (Air Conditioning, Wi-Fi Interface, Refrigerator, HEMS adapter, Remote control with Wi-Fi Interface, BATHROOM THERMO VENTILATOR, Rice cooker, Mitsubishi Electric HEMS control adapter, Energy Recovery Ventilator, Smart Switch and Air Purifier) allows a remote unauthenticated attacker to execute an malicious script on a user's browser to disclose information, etc. The wide range of models/versions of Mitsubishi Electric consumer electronics products are affected by this vulnerability. As for the affected product models/versions, see the Mitsubishi Electric's advisory which is listed in [References] section.

CVSS Score

6.1

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Mitsubishielectric	Mac-587If-E Firmware	<= 35.00
Mitsubishielectric	Mac-587If-E	-
Mitsubishielectric	Mac-587If2-E Firmware	<= 35.00
Mitsubishielectric	Mac-587If2-E	-
Mitsubishielectric	Mac-507If-E Firmware	<= 35.00
Mitsubishielectric	Mac-507If-E	-
Mitsubishielectric	Mac-588If-E Firmware	<= 35.00
Mitsubishielectric	Mac-588If-E	-
Mitsubishielectric	S-Mac-002If Firmware	<= 35.00
Mitsubishielectric	S-Mac-002If	-
Mitsubishielectric	Ma-Ew85S-E Firmware	<= 80.00
Mitsubishielectric	Ma-Ew85S-E	-
Mitsubishielectric	Ma-Ew85S-Uk Firmware	<= 80.00
Mitsubishielectric	Ma-Ew85S-Uk	-
Mitsubishielectric	Mfz-Gxt50\/60\/73Vfk Firmware	<= 35.00
Mitsubishielectric	Mfz-Gxt50\/60\/73Vfk	-
Mitsubishielectric	Mfz-Xt50\/60Vfk Firmware	<= 35.00
Mitsubishielectric	Mfz-Xt50\/60Vfk	-
Mitsubishielectric	Msxy-Fp05\/07\/10\/13\/18\/20\/24Vgk-Sg1 Firmware	<= 35.00
Mitsubishielectric	Msxy-Fp05\/07\/10\/13\/18\/20\/24Vgk-Sg1	-

Related Weaknesses (CWE)

CWE-79

References

https://jvn.jp/vu/JVNVU96767562/index.htmlThird Party AdvisoryVDB Entry
https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2022-011.pdfMitigationVendor Advisory
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-011_en.pdfMitigationVendor Advisory
https://jvn.jp/vu/JVNVU96767562/index.htmlThird Party AdvisoryVDB Entry
https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2022-011.pdfMitigationVendor Advisory
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-011_en.pdfMitigationVendor Advisory

FAQ

What is CVE-2022-33322?

CVE-2022-33322 is a vulnerability with a CVSS score of 6.1 (MEDIUM). Cross-site scripting vulnerability in Mitsubishi Electric consumer electronics products (Air Conditioning, Wi-Fi Interface, Refrigerator, HEMS adapter, Remote control with Wi-Fi Interface, BATHROOM TH...

How severe is CVE-2022-33322?

CVE-2022-33322 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-33322?

Check the references section above for vendor advisories and patch information. Affected products include: Mitsubishielectric Mac-587If-E Firmware, Mitsubishielectric Mac-587If-E, Mitsubishielectric Mac-587If2-E Firmware, Mitsubishielectric Mac-587If2-E, Mitsubishielectric Mac-507If-E Firmware.