Skip to main content

Mac 587If E Firmware CVE-2022-33322

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2022-11-08 Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
XSS Mac 587If E Firmware Mac 587If2 E Firmware Mac 507If E Firmware Mac 588If E Firmware S Mac 002If Firmware Ma Ew85S E Firmware Ma Ew85S Uk Firmware Mfz Gxt50 60 73Vfk Firmware Mfz Xt50 60Vfk Firmware Msxy Fp05 07 10 13 18 20 24Vgk Sg1 Firmware Msy Gp10 13 15 18 20 24Vfk Sg1 Firmware Msz Ap15 20 25 35 42 50 60 71Vgk E2 Firmware Msz Ap15 20 25 35 42 50 60 71Vgk Er2 Firmware Msz Ap15 20 25 35 42 50 60 71Vgk Et2 Firmware Msz Ap22 25 35 42 50 60 71 80Vgkd A2 Firmware Msz Ap22 25 35 42 50 61 70 80Vgkd A1 Firmware Msz Ap25 35 42 50 60 71Vgk E3 Firmware Msz Ap25 35 42 50 60 71Vgk Er3 Firmware Msz Ap25 35 42 50 60 71Vgk Et3 Firmware Msz Ap25 35 42 50Vgk E1 Firmware Msz Ap25 35 42 50Vgk E7 Firmware Msz Ap25 35 42 50Vgk E8 Firmware Msz Ap25 35 42 50Vgk En1 Firmware Msz Ap25 35 42 50Vgk En2 Firmware Msz Ap25 35 42 50Vgk En3 Firmware Msz Ap25 35 42 50Vgk Er1 Firmware Msz Ap25 35 42 50Vgk Et1 Firmware Msz Ay25 35 42 50Vgk E1 Firmware Msz Ay25 35 42 50Vgk E6 Firmware Msz Ay25 35 42 50Vgk Er1 Firmware Msz Ay25 35 42 50Vgk Et1 Firmware Msz Ay25 35 42 50Vgk Sc1 Firmware Msz Ay25 35 42 50Vgkp E6 Firmware Msz Ay25 35 42 50Vgkp Er1 Firmware Msz Ay25 35 42 50Vgkp Et1 Firmware Msz Ay25 35 42 50Vgkp Sc1 Firmware Msz Bt20 25 35 50Vgk E1 Firmware Msz Bt20 25 35 50Vgk E2 Firmware Msz Bt20 25 35 50Vgk E3 Firmware Msz Bt20 25 35 50Vgk Er1 Firmware Msz Bt20 25 35 50Vgk Er2 Firmware Msz Bt20 25 35 50Vgk Et1 Firmware Msz Bt20 25 35 50Vgk Et2 Firmware Msz Bt20 25 35 50Vgk Et3 Firmware Msz Ef18 22 25 35 42 50Vgkb E1 Firmware Msz Ef18 22 25 35 42 50Vgkb E2 Firmware Msz Ef18 22 25 35 42 50Vgks E1 Firmware Msz Ef18 22 25 35 42 50Vgks E2 Firmware Msz Ef18 22 25 35 42 50Vgkw E1 Firmware Msz Ef18 22 25 35 42 50Vgkw E2 Firmware Msz Ef22 25 35 42 50Vgkb A1 Firmware Msz Ef22 25 35 42 50Vgkb Er1 Firmware Msz Ef22 25 35 42 50Vgkb Er2 Firmware Msz Ef22 25 35 42 50Vgkb Et1 Firmware Msz Ef22 25 35 42 50Vgkb Et2 Firmware Msz Ef22 25 35 42 50Vgks A1 Firmware Msz Ef22 25 35 42 50Vgks Er1 Firmware Msz Ef22 25 35 42 50Vgks Er2 Firmware Msz Ef22 25 35 42 50Vgks Et1 Firmware Msz Ef22 25 35 42 50Vgks Et2 Firmware Msz Ef22 25 35 42 50Vgkw A1 Firmware Msz Ef22 25 35 42 50Vgkw Er1 Firmware Msz Ef22 25 35 42 50Vgkw Er2 Firmware Msz Ef22 25 35 42 50Vgkw Et1 Firmware Msz Ef22 25 35 42 50Vgkw Et2 Firmware Msz Exa09 12Vak Firmware Msz Eza09 12Vak Firmware Msz Ft25 35 50Vgk E1 Firmware Msz Ft25 35 50Vgk E2 Firmware Msz Ft25 35 50Vgk Et1 Firmware Msz Ft25 35 50Vgk Sc1 Firmware Msz Ft25 35 50Vgk Sc2 Firmware Msz Gzy09 12 18Vfk Firmware Msz Hr25 35 42 50 60 71Vfk E1 Firmware Msz Hr25 35 42 50 60 71Vfk Er1 Firmware Msz Hr25 35 42 50 60 71Vfk Et1 Firmware Msz Hr25 35 42 50Vfk E6 Firmware Msz Ky09 12 18Vfk Firmware Msz Ln18 25 35 50 60Vg2B E2 Firmware Msz Ln18 25 35 50 60Vg2B E3 Firmware Msz Ln18 25 35 50 60Vg2R E2 Firmware Msz Ln18 25 35 50 60Vg2R E3 Firmware Msz Ln18 25 35 50 60Vg2V E2 Firmware Msz Ln18 25 35 50 60Vg2V E3 Firmware Msz Ln18 25 35 50 60Vg2W E2 Firmware Msz Ln18 25 35 50 60Vg2W E3 Firmware Msz Ln18 25 35 50 60Vg2W Er2 Firmware Msz Ln18 25 35 50 60Vg2W Et2 Firmware Msz Ln18 25 35 50Vg2W Sc1 Firmware Msz Ln25 35 50 60Vg2B A2 Firmware Msz Ln25 35 50 60Vg2B Er2 Firmware Msz Ln25 35 50 60Vg2B Er3 Firmware Msz Ln25 35 50 60Vg2B Et2 Firmware Msz Ln25 35 50 60Vg2B Et3 Firmware Msz Ln25 35 50 60Vg2R A2 Firmware Msz Ln25 35 50 60Vg2R Er2 Firmware Msz Ln25 35 50 60Vg2R Er3 Firmware Msz Ln25 35 50 60Vg2R Et2 Firmware Msz Ln25 35 50 60Vg2R Et3 Firmware Msz Ln25 35 50 60Vg2V A2 Firmware Msz Ln25 35 50 60Vg2V Er2 Firmware Msz Ln25 35 50 60Vg2V Er3 Firmware Msz Ln25 35 50 60Vg2V Et2 Firmware Msz Ln25 35 50 60Vg2V Et3 Firmware Msz Ln25 35 50 60Vg2W Er3 Firmware Msz Ln25 35 50 60Vg2W Et3 Firmware Msz Ln25 35 50Vg2B En2 Firmware Msz Ln25 35 50Vg2B Sc1 Firmware Msz Ln25 35 50Vg2R En2 Firmware Msz Ln25 35 50Vg2R Sc1 Firmware Msz Ln25 35 50Vg2V En2 Firmware Msz Ln25 35 50Vg2V Sc1 Firmware Msz Ln25 35 50Vg2W En2 Firmware Msz Rw25 35 50Vg E1 Firmware Msz Rw25 35 50Vg Er1 Firmware Msz Rw25 35 50Vg Et1 Firmware Msz Rw25 35 50Vg Sc1 Firmware Msz Wx18 20 25Vfk Firmware Msz Zy09 12 18Vfk Firmware
6.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.1 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Nov 08, 2022 - 20:15 nvd
MEDIUM 6.1

DescriptionNVD

Cross-site scripting vulnerability in Mitsubishi Electric consumer electronics products (Air Conditioning, Wi-Fi Interface, Refrigerator, HEMS adapter, Remote control with Wi-Fi Interface, BATHROOM THERMO VENTILATOR, Rice cooker, Mitsubishi Electric HEMS control adapter, Energy Recovery Ventilator, Smart Switch and Air Purifier) allows a remote unauthenticated attacker to execute an malicious script on a user's browser to disclose information, etc. The wide range of models/versions of Mitsubishi Electric consumer electronics products are affected by this vulnerability. As for the affected product models/versions, see the Mitsubishi Electric's advisory which is listed in [References] section.

AnalysisAI

Cross-site scripting vulnerability in Mitsubishi Electric consumer electronics products (Air Conditioning, Wi-Fi Interface, Refrigerator, HEMS adapter, Remote control with Wi-Fi Interface, BATHROOM. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. Cross-site scripting vulnerability in Mitsubishi Electric consumer electronics products (Air Conditioning, Wi-Fi Interface, Refrigerator, HEMS adapter, Remote control with Wi-Fi Interface, BATHROOM THERMO VENTILATOR, Rice cooker, Mitsubishi Electric HEMS control adapter, Energy Recovery Ventilator, Smart Switch and Air Purifier) allows a remote unauthenticated attacker to execute an malicious script on a user's browser to disclose information, etc. The wide range of models/versions of Mitsubishi Electric consumer electronics products are affected by this vulnerability. As for the affected product models/versions, see the Mitsubishi Electric's advisory which is listed in [References] section. Affected products include: Mitsubishielectric Mac-587If-E Firmware, Mitsubishielectric Mac-587If2-E Firmware, Mitsubishielectric Mac-507If-E Firmware, Mitsubishielectric Mac-588If-E Firmware, Mitsubishielectric S-Mac-002If Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

Share

CVE-2022-33322 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy