MR-GM5L-S1, MR-GM5A-L1 CVE-2026-20892
HIGHSeverity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
5DescriptionCVE.org
Code injection vulnerability exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an attacker with administrative privileges to execute arbitrary commands.
AnalysisAI
Code injection in MitsubishiChemical network devices MR-GM5L-S1 and MR-GM5A-L1 allows authenticated administrators to execute arbitrary commands via crafted inputs. While requiring high-privilege access (CVSS:4.0 PR:H), successful exploitation achieves complete system compromise with high confidentiality, integrity, and availability impact. EPSS score of 0.05% (16th percentile) indicates low probability of mass exploitation. No active exploitation or public proof-of-concept identified at time of analysis, though JPCERT/CC coordination suggests vendor awareness and patch availability.
Technical ContextAI
This is a CWE-94 code injection vulnerability affecting Mitsubishi Chemical's MR-GM5L-S1 and MR-GM5A-L1 network devices, likely industrial automation or building management equipment based on the vendor profile. Code injection occurs when user-supplied input is improperly validated before being passed to an interpreter or execution context. In administrative interfaces, this commonly manifests in command-line utilities, configuration parsers, script execution features, or system management functions where input sanitization is inadequate. The CVSS:4.0 vector indicates network-accessible exploitation (AV:N) with low attack complexity (AC:L) but requires high privileges (PR:H), suggesting the vulnerability exists in authenticated administrative functionality rather than guest-accessible interfaces. The attack does not require special timing conditions (AT:N) or user interaction (UI:N), and scope remains unchanged (SC:N/SI:N/SA:N), meaning exploitation is confined to the vulnerable component's security context.
Affected ProductsAI
Mitsubishi Chemical network devices MR-GM5L-S1 and MR-GM5A-L1 are confirmed affected. The vendor advisory from Mitsubishi Chemical (https://www.mrl.co.jp/download/security/JVNVU98103854.pdf) and JPCERT/CC coordination notice (https://jvn.jp/en/vu/JVNVU98103854/) provide official confirmation. Specific firmware versions are not detailed in the NVD record, suggesting all currently deployed versions may be vulnerable pending vendor clarification. Organizations should consult the Japanese-language vendor security bulletin for complete version enumeration and affected product configurations.
RemediationAI
Apply vendor-supplied security updates from Mitsubishi Chemical's official security advisory at https://www.mrl.co.jp/download/security/JVNVU98103854.pdf. The coordination through JPCERT/CC (https://jvn.jp/en/vu/JVNVU98103854/) indicates patches or mitigations have been developed. Until patching is complete, implement compensating controls: restrict administrative interface access to dedicated management VLANs or jump hosts with multi-factor authentication; enforce principle of least privilege by creating role-based access controls rather than sharing full administrative credentials; enable comprehensive logging of all administrative actions for forensic detection; deploy network segmentation to isolate these devices from untrusted networks; implement IP whitelisting for administrative access if remote management is required. Note that access restrictions may complicate legitimate remote troubleshooting and require coordination with operational teams. Monitor vendor communications for firmware update notifications and test patches in non-production environments before deployment to critical systems.
Same weakness CWE-94 – Code Injection
View allSame technique Code Injection
View allShare
External POC / Exploit Code
Leaving vuln.today