Skip to main content

Mac 557If E Firmware CVE-2022-33321

CRITICAL
Cleartext Transmission of Sensitive Information (CWE-319)
2022-11-08 Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
Denial Of Service Mac 557If E Firmware Mac 557If E1 Firmware Pac Wf010 E Firmware Mac 566Ifb E Firmware Mac 576If E1 Firmware Mac 567Ifb E Firmware Mac 567Ifb2 E Firmware Mac 558If E Firmware Mac 558If E1 Firmware Mac 559If E Firmware Mac 559If E1 Firmware Mac 568If E Firmware Mac 568Ifb E Firmware Mac 568Ifb2 E Firmware Mac 568Ifb3 E Firmware Pac Whs01Wf E Firmware S Mac 702If F Firmware S Mac 702If Z Firmware S Mac 702If B Firmware S Mac 905If Firmware S Mac 906If Firmware Msz Ap60 71Vgk E1 Firmware Msz Ap60 71Vgk Er1 Firmware Msz Ap60 71Vgk Et1 Firmware Msz Ap25 35 42 50Vgk E6 Firmware Msz Ln18 25 35 50 60Vgw E1 Firmware Msz Ln18 25 35 50 60Vgv E1 Firmware Msz Ln18 25 35 50 60Vgb E1 Firmware Msz Ln18 25 35 50 60Vgr E1 Firmware Msz Ln25 35 50 60Vgw Er1 Firmware Msz Ln25 35 50 60Vgv Er1 Firmware Msz Ln25 35 50 60Vgb Er1 Firmware Msz Ln25 35 50 60Vgr Er1 Firmware Msz Ln18 25 35 50 60Vg2W E1 Firmware Msz Ln18 25 35 50 60Vg2V E1 Firmware Msz Ln18 25 35 50 60Vg2B E1 Firmware Msz Ln18 25 35 50 60Vg2R E1 Firmware Msz Ln18 25 35 50 60Vg2W Er1 Firmware Msz Ln25 35 50 60Vg2V Er1 Firmware Msz Ln25 35 50 60Vg2B Er1 Firmware Msz Ln25 35 50 60Vg2R Er1 Firmware Msz Ln18 25 35 50 60Vg2W Et1 Firmware Msz Ln18 25 35 50 60Vg2V Et1 Firmware Msz Ln18 25 35 50 60Vg2B Et1 Firmware Msz Ln18 25 35 50 60Vg2R Et1 Firmware Msz Ln18 25 35 50Vg2W En1 Firmware Msz Ln18 25 35 50Vg2V En1 Firmware Msz Ln18 25 35 50Vg2B En1 Firmware Msz Ln18 25 35 50Vg2R En1 Firmware Msz Ln25 35 50 60Vgv A1 Firmware Msz Ln25 35 50 60Vgb A1 Firmware Msz Ln25 35 50 60Vgr A1 Firmware Msz Ln25 35 50 60Vg2V A1 Firmware Msz Ln25 35 50 60Vg2B A1 Firmware Msz Ln25 35 50 60Vg2R A1 Firmware Msz Ft20 25Vfk Firmware Msz Fx20 25Vfk Firmware Msz Gzt09 12 18Vak Firmware Msz Zt09 12 18Vak Firmware Mac 587If E Firmware Mac 587If2 E Firmware Mac 507If E Firmware Mac 588If E Firmware S Mac 002If Firmware Ma Ew85S E Firmware Ma Ew85S Uk Firmware Msxy Fp05 07 10 13 18 20 24Vgk Sg1 Firmware Msy Gp10 13 15 18 20 24Vfk Sg1 Firmware Msz Ap25 35 42 50Vgk E1 Firmware Msz Ap15 20 25 35 42 50 60 71Vgk E2 Firmware Msz Ap25 35 42 50 60 71Vgk E3 Firmware Msz Ap25 35 42 50Vgk E7 Firmware Msz Ap25 35 42 50Vgk E8 Firmware Msz Ap25 35 42 50Vgk En1 Firmware Msz Ap25 35 42 50Vgk En2 Firmware Msz Ap25 35 42 50Vgk En3 Firmware Msz Ap25 35 42 50Vgk Er1 Firmware Msz Ap15 20 25 35 42 50 60 71Vgk Er2 Firmware Msz Ap25 35 42 50 60 71Vgk Er3 Firmware Msz Ap25 35 42 50Vgk Et1 Firmware Msz Ap15 20 25 35 42 50 60 71Vgk Et2 Firmware Msz Ap25 35 42 50 60 71Vgk Et3 Firmware Msz Ay25 35 42 50Vgk E1 Firmware Msz Ay25 35 42 50Vgk E6 Firmware Msz Ay25 35 42 50Vgk Er1 Firmware Msz Ay25 35 42 50Vgk Et1 Firmware Msz Ay25 35 42 50Vgk Sc1 Firmware Msz Ay25 35 42 50Vgkp E6 Firmware Msz Ay25 35 42 50Vgkp Er1 Firmware Msz Ay25 35 42 50Vgkp Et1 Firmware Msz Ay25 35 42 50Vgkp Sc1 Firmware Msz Bt20 25 35 50Vgk E1 Firmware Msz Bt20 25 35 50Vgk E2 Firmware Msz Bt20 25 35 50Vgk E3 Firmware Msz Bt20 25 35 50Vgk Er1 Firmware Msz Bt20 25 35 50Vgk Er2 Firmware Msz Bt20 25 35 50Vgk Et1 Firmware Msz Bt20 25 35 50Vgk Et2 Firmware Msz Bt20 25 35 50Vgk Et3 Firmware Msz Ef18 22 25 35 42 50Vgkw E1 Firmware Msz Ef18 22 25 35 42 50Vgkb E1 Firmware Msz Ef18 22 25 35 42 50Vgks E1 Firmware Msz Ef18 22 25 35 42 50Vgkw E2 Firmware Msz Ef18 22 25 35 42 50Vgkb E2 Firmware Msz Ef18 22 25 35 42 50Vgks E2 Firmware Msz Ef22 25 35 42 50Vgkw Er1 Firmware Msz Ef22 25 35 42 50Vgkb Er1 Firmware Msz Ef22 25 35 42 50Vgks Er1 Firmware Msz Ef22 25 35 42 50Vgkw Er2 Firmware Msz Ef22 25 35 42 50Vgkb Er2 Firmware Msz Ef22 25 35 42 50Vgks Er2 Firmware Msz Ef22 25 35 42 50Vgkw Et1 Firmware Msz Ef22 25 35 42 50Vgkb Et1 Firmware Msz Ef22 25 35 42 50Vgks Et1 Firmware Msz Ef22 25 35 42 50Vgkw Et2 Firmware Msz Ef22 25 35 42 50Vgkb Et2 Firmware Msz Ef22 25 35 42 50Vgks Et2 Firmware Msz Ft25 35 50Vgk E1 Firmware Msz Ft25 35 50Vgk E2 Firmware Msz Ft25 35 50Vgk Et1 Firmware Msz Ft25 35 50Vgk Sc1 Firmware Msz Ft25 35 50Vgk Sc2 Firmware Msz Hr25 35 42 50 60 71Vfk E1 Firmware Msz Hr25 35 42 50Vfk E6 Firmware Msz Hr25 35 42 50 60 71Vfk Er1 Firmware Msz Hr25 35 42 50 60 71Vfk Et1 Firmware Msz Ln18 25 35 50 60Vg2W E2 Firmware Msz Ln18 25 35 50 60Vg2W E3 Firmware Msz Ln25 35 50Vg2W En2 Firmware Msz Ln18 25 35 50 60Vg2W Er2 Firmware Msz Ln25 35 50 60Vg2W Er3 Firmware Msz Ln18 25 35 50 60Vg2W Et2 Firmware Msz Ln25 35 50 60Vg2W Et3 Firmware Msz Ln18 25 35 50 60Vg2V E2 Firmware Msz Ln18 25 35 50 60Vg2V E3 Firmware Msz Ln25 35 50Vg2V En2 Firmware Msz Ln25 35 50 60Vg2V Er2 Firmware Msz Ln25 35 50 60Vg2V Er3 Firmware Msz Ln25 35 50 60Vg2V Et2 Firmware Msz Ln25 35 50 60Vg2V Et3 Firmware Msz Ln18 25 35 50 60Vg2B E2 Firmware Msz Ln18 25 35 50 60Vg2B E3 Firmware Msz Ln25 35 50Vg2B En2 Firmware Msz Ln25 35 50 60Vg2B Er2 Firmware Msz Ln25 35 50 60Vg2B Er3 Firmware Msz Ln25 35 50 60Vg2B Et2 Firmware Msz Ln25 35 50 60Vg2B Et3 Firmware Msz Ln18 25 35 50 60Vg2R E2 Firmware Msz Ln18 25 35 50 60Vg2R E3 Firmware Msz Ln25 35 50Vg2R En2 Firmware Msz Ln25 35 50 60Vg2R Er2 Firmware Msz Ln25 35 50 60Vg2R Er3 Firmware Msz Ln25 35 50 60Vg2R Et2 Firmware Msz Ln25 35 50 60Vg2R Et3 Firmware Msz Ln18 25 35 50Vg2W Sc1 Firmware Msz Ln25 35 50Vg2V Sc1 Firmware Msz Ln25 35 50Vg2B Sc1 Firmware Msz Ln25 35 50Vg2R Sc1 Firmware Msz Rw25 35 50Vg E1 Firmware Msz Rw25 35 50Vg Er1 Firmware Msz Rw25 35 50Vg Et1 Firmware Msz Rw25 35 50Vg Sc1 Firmware Msz Ap22 25 35 42 50 61 70 80Vgkd A1 Firmware Msz Ap22 25 35 42 50 60 71 80Vgkd A2 Firmware Msz Ef22 25 35 42 50Vgkw A1 Firmware Msz Ef22 25 35 42 50Vgkb A1 Firmware Msz Ef22 25 35 42 50Vgks A1 Firmware Msz Ln25 35 50 60Vg2V A2 Firmware Msz Ln25 35 50 60Vg2B A2 Firmware Msz Ln25 35 50 60Vg2R A2 Firmware Mfz Gxt50 60 73Vfk Firmware Mfz Xt50 60Vfk Firmware Msz Eza09 12Vak Firmware Msz Exa09 12Vak Firmware Msz Gzy09 12 18Vfk Firmware Msz Ky09 12 18Vfk Firmware Msz Wx18 20 25Vfk Firmware Msz Zy09 12 18Vfk Firmware
9.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Nov 08, 2022 - 20:15 nvd
CRITICAL 9.8

DescriptionNVD

Cleartext Transmission of Sensitive Information vulnerability due to the use of Basic Authentication for HTTP connections in Mitsubishi Electric consumer electronics products (PHOTOVOLTAIC COLOR MONITOR ECO-GUIDE, HEMS adapter, Wi-Fi Interface, Air Conditioning, Induction hob, Mitsubishi Electric HEMS Energy Measurement Unit, Refrigerator, Remote control with Wi-Fi Interface, BATHROOM THERMO VENTILATOR, Rice cooker, Mitsubishi Electric HEMS control adapter, Energy Recovery Ventilator, Smart Switch, Ventilating Fan, Range hood fan, Energy Measurement Unit and Air Purifier) allows a remote unauthenticated attacker to disclose information in the products or cause a denial of service (DoS) condition as a result by sniffing credential information (username and password). The wide range of models/versions of Mitsubishi Electric consumer electronics products are affected by this vulnerability. As for the affected product models/versions, see the Mitsubishi Electric's advisory which is listed in [References] section.

AnalysisAI

Cleartext Transmission of Sensitive Information vulnerability due to the use of Basic Authentication for HTTP connections in Mitsubishi Electric consumer electronics products (PHOTOVOLTAIC COLOR. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-319. Cleartext Transmission of Sensitive Information vulnerability due to the use of Basic Authentication for HTTP connections in Mitsubishi Electric consumer electronics products (PHOTOVOLTAIC COLOR MONITOR ECO-GUIDE, HEMS adapter, Wi-Fi Interface, Air Conditioning, Induction hob, Mitsubishi Electric HEMS Energy Measurement Unit, Refrigerator, Remote control with Wi-Fi Interface, BATHROOM THERMO VENTILATOR, Rice cooker, Mitsubishi Electric HEMS control adapter, Energy Recovery Ventilator, Smart Switch, Ventilating Fan, Range hood fan, Energy Measurement Unit and Air Purifier) allows a remote unauthenticated attacker to disclose information in the products or cause a denial of service (DoS) condition as a result by sniffing credential information (username and password). The wide range of models/versions of Mitsubishi Electric consumer electronics products are affected by this vulnerability. As for the affected product models/versions, see the Mitsubishi Electric's advisory which is listed in [References] section. Affected products include: Mitsubishielectric Mac-557If-E Firmware, Mitsubishielectric Mac-557If-E1 Firmware, Mitsubishielectric Pac-Wf010-E Firmware, Mitsubishielectric Mac-566Ifb-E Firmware, Mitsubishielectric Mac-576If-E1 Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

Share

CVE-2022-33321 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy