Vulnerability Description
Predictable Seed in Pseudo-Random Number Generator (PRNG) vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-xMy/z (x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) with serial number 17X**** or later, and versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-xMy/z (x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) with serial number 179**** and prior, and versions 1.074 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-xMy/z (x=32,64,96, y=T, z=D,DSS)) with serial number 17X**** or later, and versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-xMy/z (x=32,64,96, y=T, z=D,DSS)) with serial number 179**** and prior, and versions 1.074 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-32MT/DS-TS versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-32MT/DSS-TS versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-xMy/z (x=24,40,60, y=T,R, z=ES,ESS) versions 1.042 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-xMy/ES-A (x=24,40,60, y=T,R) versions 1.043 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5S-xMy/z (x=30,40,60,80, y=T,R, z=ES,ESS) versions 1.003 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-32MR/DS-TS versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R00/01/02CPU versions 33 and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120(EN)CPU versions 66 and prior allows a remote unauthenticated attacker to access the Web server function by guessing the random numbers used for authentication from several used random numbers.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mitsubishielectric | Fx5U-80Mt\/Ess Firmware | - |
| Mitsubishielectric | Fx5U-80Mt\/Ess | - |
| Mitsubishielectric | Fx5U-32Mt\/Dss Firmware | - |
| Mitsubishielectric | Fx5U-32Mt\/Dss | - |
| Mitsubishielectric | Fx5U-64Mt\/Dss Firmware | - |
| Mitsubishielectric | Fx5U-64Mt\/Dss | - |
| Mitsubishielectric | Fx5U-80Mt\/Dss Firmware | - |
| Mitsubishielectric | Fx5U-80Mt\/Dss | - |
| Mitsubishielectric | Fx5Uc-32Mt\/D Firmware | - |
| Mitsubishielectric | Fx5Uc-32Mt\/D | - |
| Mitsubishielectric | Fx5Uc-64Mt\/D Firmware | - |
| Mitsubishielectric | Fx5Uc-64Mt\/D | - |
| Mitsubishielectric | Fx5Uc-96Mt\/D Firmware | - |
| Mitsubishielectric | Fx5Uc-96Mt\/D | - |
| Mitsubishielectric | Fx5Uc-32Mt\/Dss Firmware | - |
| Mitsubishielectric | Fx5Uc-32Mt\/Dss | - |
| Mitsubishielectric | Fx5Uc-64Mt\/Dss Firmware | - |
| Mitsubishielectric | Fx5Uc-64Mt\/Dss | - |
| Mitsubishielectric | Fx5Uc-96Mt\/Dss Firmware | - |
| Mitsubishielectric | Fx5Uc-96Mt\/Dss | - |
Related Weaknesses (CWE)
References
- https://jvn.jp/vu/JVNVU99673580/index.htmlMitigationThird Party Advisory
- https://www.cisa.gov/uscert/ics/advisories/icsa-23-017-02MitigationThird Party AdvisoryUS Government Resource
- https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-019_en.pdfMitigationVendor Advisory
- https://jvn.jp/vu/JVNVU99673580/index.htmlMitigationThird Party Advisory
- https://www.cisa.gov/uscert/ics/advisories/icsa-23-017-02MitigationThird Party AdvisoryUS Government Resource
- https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-019_en.pdfMitigationVendor Advisory
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1646
FAQ
What is CVE-2022-40267?
CVE-2022-40267 is a vulnerability with a CVSS score of 5.9 (MEDIUM). Predictable Seed in Pseudo-Random Number Generator (PRNG) vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-xMy/z (x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) with serial number 17X****...
How severe is CVE-2022-40267?
CVE-2022-40267 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-40267?
Check the references section above for vendor advisories and patch information. Affected products include: Mitsubishielectric Fx5U-80Mt\/Ess Firmware, Mitsubishielectric Fx5U-80Mt\/Ess, Mitsubishielectric Fx5U-32Mt\/Dss Firmware, Mitsubishielectric Fx5U-32Mt\/Dss, Mitsubishielectric Fx5U-64Mt\/Dss Firmware.