Vulnerability Description
Active Debug Code vulnerability in robot controller of Mitsubishi Electric Corporation industrial robot MELFA SD/SQ Series and MELFA F-Series allows a remote unauthenticated attacker to gain unauthorized access by authentication bypass through an unauthorized telnet login. As for the affected model names, controller types and firmware versions, see the Mitsubishi Electric's advisory which is listed in [References] section.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mitsubishielectric | Rh-12Sdh55 Firmware | - |
| Mitsubishielectric | Rh-12Sdh55 | - |
| Mitsubishielectric | Rh-12Sdh70 Firmware | - |
| Mitsubishielectric | Rh-12Sdh70 | - |
| Mitsubishielectric | Rh-12Sdh85 Firmware | - |
| Mitsubishielectric | Rh-12Sdh85 | - |
| Mitsubishielectric | Rh-12Sqh55 Firmware | - |
| Mitsubishielectric | Rh-12Sqh55 | - |
| Mitsubishielectric | Rh-12Sqh70 Firmware | - |
| Mitsubishielectric | Rh-12Sqh70 | - |
| Mitsubishielectric | Rh-12Sqh85 Firmware | - |
| Mitsubishielectric | Rh-12Sqh85 | - |
| Mitsubishielectric | Rh-20Sdh100 Firmware | - |
| Mitsubishielectric | Rh-20Sdh100 | - |
| Mitsubishielectric | Rh-20Sdh85 Firmware | - |
| Mitsubishielectric | Rh-20Sdh85 | - |
| Mitsubishielectric | Rh-20Sqh85 Firmware | - |
| Mitsubishielectric | Rh-20Sqh85 | - |
| Mitsubishielectric | Rh-3Sdhr Firmware | - |
| Mitsubishielectric | Rh-3Sdhr | - |
Related Weaknesses (CWE)
References
- https://jvn.jp/vu/JVNVU94588481/index.htmlThird Party Advisory
- https://www.cisa.gov/uscert/ics/advisories/icsa-23-026-05Third Party AdvisoryUS Government Resource
- https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-020_en.pdfVendor Advisory
- https://jvn.jp/vu/JVNVU94588481/index.htmlThird Party Advisory
- https://www.cisa.gov/uscert/ics/advisories/icsa-23-026-05Third Party AdvisoryUS Government Resource
- https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-020_en.pdfVendor Advisory
FAQ
What is CVE-2022-33323?
CVE-2022-33323 is a vulnerability with a CVSS score of 7.5 (HIGH). Active Debug Code vulnerability in robot controller of Mitsubishi Electric Corporation industrial robot MELFA SD/SQ Series and MELFA F-Series allows a remote unauthenticated attacker to gain unauthori...
How severe is CVE-2022-33323?
CVE-2022-33323 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-33323?
Check the references section above for vendor advisories and patch information. Affected products include: Mitsubishielectric Rh-12Sdh55 Firmware, Mitsubishielectric Rh-12Sdh55, Mitsubishielectric Rh-12Sdh70 Firmware, Mitsubishielectric Rh-12Sdh70, Mitsubishielectric Rh-12Sdh85 Firmware.