CVE-2022-24296

{"id": "CVE-2022-24296", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2022-06-08T15:15:07.927", "references": [{"url": "https://jvn.jp/vu/JVNVU95298925/index.html", "tags": ["Third Party Advisory"], "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp"}, {"url": "https://www.mee.co.jp/psirt/vulnerability/pdf/2022-001.pdf", "tags": ["Third Party Advisory"], "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp"}, {"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-005_en.pdf", "tags": ["Vendor Advisory"], "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-327"}]}], "descriptions": [{"lang": "en", "value": "Use of a Broken or Risky Cryptographic Algorithm vulnerability in Air Conditioning System G-150AD Ver. 3.21 and prior, Air Conditioning System AG-150A-A Ver. 3.21 and prior, Air Conditioning System AG-150A-J Ver. 3.21 and prior, Air Conditioning System GB-50AD Ver. 3.21 and prior, Air Conditioning System GB-50ADA-A Ver. 3.21 and prior, Air Conditioning System GB-50ADA-J Ver. 3.21 and prior, Air Conditioning System EB-50GU-A Ver. 7.10 and prior, Air Conditioning System EB-50GU-J Ver. 7.10 and prior, Air Conditioning System AE-200J Ver. 7.97 and prior, Air Conditioning System AE-200A Ver. 7.97 and prior, Air Conditioning System AE-200E Ver. 7.97 and prior, Air Conditioning System AE-50J Ver. 7.97 and prior, Air Conditioning System AE-50A Ver. 7.97 and prior, Air Conditioning System AE-50E Ver. 7.97 and prior, Air Conditioning System EW-50J Ver. 7.97 and prior, Air Conditioning System EW-50A Ver. 7.97 and prior, Air Conditioning System EW-50E Ver. 7.97 and prior, Air Conditioning System TE-200A Ver. 7.97 and prior, Air Conditioning System TE-50A Ver. 7.97 and prior and Air Conditioning System TW-50A Ver. 7.97 and prior allows a remote unauthenticated attacker to cause a disclosure of encrypted message of the air conditioning systems by sniffing encrypted communications."}, {"lang": "es", "value": "Uso de una vulnerabilidad de Algoritmo Criptogr\u00e1fico Roto o Arriesgado en el Sistema de aire Acondicionado G-150AD Versiones 3.21 y anteriores, el Sistema de aire Acondicionado AG-150A-A Versiones 3.21 y anteriores, el Sistema de aire Acondicionado AG-150A-J Versiones 3.21 y anteriores, el Sistema de aire Acondicionado GB-50AD Versiones 3.21 y anteriores, el Sistema de aire Acondicionado GB-50ADA-A Versiones 3. 21 y anteriores, Sistema de aire Acondicionado GB-50ADA-J Versiones 3.21 y anteriores, Sistema de aire Acondicionado EB-50GU-A Versiones 7.10 y anteriores, Sistema de aire Acondicionado EB-50GU-J Versiones 7.10 y anteriores, Sistema de aire Acondicionado AE-200J Versiones 7.97 y anteriores, Sistema de aire Acondicionado AE-200A Versiones 7.97 y anteriores, Sistema de aire Acondicionado AE-200E Versiones 7.97 y anteriores, Sistema de aire Acondicionado AE-50J Versiones 7.97 y anteriores, Sistema de aire Acondicionado AE-50A Versiones 7.97 y anteriores, Sistema de aire Acondicionado AE-50E Versiones 7.97 y anteriores, Sistema de aire Acondicionado EW-50J Versiones 7.97 y anteriores, Sistema de aire Acondicionado EW-50A Versiones 7.97 y anteriores, Sistema de aire Acondicionado EW-50E Versiones 7. 97 y anteriores, Sistema de aire Acondicionado TE-200A Versiones 7.97 y anteriores, Sistema de aire Acondicionado TE-50A Versiones 7.97 y anteriores y Sistema de aire Acondicionado TW-50A Versiones 7.97 y anteriores permite a un atacante remoto no autenticado causar una divulgaci\u00f3n de mensajes encriptados de los sistemas de aire acondicionado al olfatear las comunicaciones encriptadas"}], "lastModified": "2022-06-17T15:36:06.147", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:mitsubishi:ae-200a_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "87DDE988-65E5-4E9B-B31B-E07423E46FBC", "versionEndIncluding": "7.97"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:mitsubishi:ae-200a:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "208B2720-7090-41FB-99EF-20D4BBF07685"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:mitsubishi:ae-200e_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DEB9AF8C-8A6E-4D54-929F-EFE3B91F9847", "versionEndIncluding": "7.97"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:mitsubishi:ae-200e:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "222E1D60-FB10-477A-A21E-EAC902CCC1EF"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:mitsubishi:ae-200j_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "876307F0-F041-4701-9C9F-862EAECBB1E3", "versionEndIncluding": "7.97"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:mitsubishi:ae-200j:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E8886362-D208-4431-B7C3-CCB3C4819EED"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:mitsubishi:ae-50a_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0E2B798B-960F-466C-BA50-FA5362032820", "versionEndIncluding": "7.97"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:mitsubishi:ae-50a:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3BC7EF0E-9DC4-4126-BA84-990FDE5EC5EA"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:mitsubishi:ae-50e_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8DF02607-33C7-4722-B15D-D7B32CDF3644", "versionEndIncluding": "7.97"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:mitsubishi:ae-50e:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5E2F0B95-8905-4CBD-A50D-DD11C3B1639E"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:mitsubishi:ae-50j_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AA6662F5-6280-46AF-9A2C-6BE7039A54D3", "versionEndIncluding": "7.97"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:mitsubishi:ae-50j:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B167F919-5471-49B0-825B-1D5242B0F0CD"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:mitsubishi:ag-150a-a_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4049B5F1-E6E9-4486-ABC3-1494468CF4D7", "versionEndIncluding": "3.21"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:mitsubishi:ag-150a-a:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2E37278D-F466-4D02-A3D2-C784D579156B"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:mitsubishi:ag-150a-j_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A86C7B0B-E585-4CFC-BCBA-62F3ED93F7B7", "versionEndIncluding": "3.21"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:mitsubishi:ag-150a-j:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A95212E0-241E-4AD9-97A4-1F75DF382115"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:mitsubishi:eb-50gu-a_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F8818A82-BCD1-463D-9FE7-E2BA3079EB19", "versionEndIncluding": "7.10"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:mitsubishi:eb-50gu-a:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "4BC98F5E-1FE9-4C5D-80B5-E90852A9BE0C"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:mitsubishi:eb-50gu-j_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "55B3897D-F378-4CCF-8310-10749F80FE53", "versionEndIncluding": "7.10"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:mitsubishi:eb-50gu-j:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "4575CA5F-5B1F-46AF-BD08-7A6C37E7D2F9"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:mitsubishi:ew-50a_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "16FC42A3-F3A8-416B-8332-E832776986D5", "versionEndIncluding": "7.97"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:mitsubishi:ew-50a:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1A55E519-0E2B-4809-9453-3D240949AF25"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:mitsubishi:ew-50e_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EA0F2AA5-D52C-4EED-8030-2D23655A56E4", "versionEndIncluding": "7.97"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:mitsubishi:ew-50e:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "36D3BD0B-F2C0-4DD7-9EC7-A0ADD2001833"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:mitsubishi:ew-50j_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8E99EF75-71FA-40A2-8D03-4ABB07EFD892", "versionEndIncluding": "7.97"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:mitsubishi:ew-50j:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "93A0F1B1-919D-4024-A0FA-D8A4B406F346"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:mitsubishi:g-150ad_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6D90371C-736F-4964-980B-FC6319ECC638", "versionEndIncluding": "3.21"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:mitsubishi:g-150ad:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9E5006DE-989A-4BEC-9255-64CBBB7A7474"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:mitsubishi:gb-50a_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0D8CD810-00FE-4008-A8C4-66D9A89C72A5", "versionEndIncluding": "3.21"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:mitsubishi:gb-50a:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "CF1DA319-3B4E-4255-8B09-D4CA82F4CEDD"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:mitsubishi:gb-50ada-a_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A0EAF2CA-C57F-4BD7-A325-EE9B4BD0889D", "versionEndIncluding": "3.21"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:mitsubishi:gb-50ada-a:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "4F3A0876-AAC8-48B2-9081-F0989CBCF3C0"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:mitsubishi:gb-50ada-j_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "96770815-BB9C-439E-8E9D-373EEA423981", "versionEndIncluding": "3.21"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:mitsubishi:gb-50ada-j:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "006B9E46-F48B-483B-A909-35A7E5A5A76B"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:mitsubishi:te-200a_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "515703FF-B799-4F47-A813-13CA1D02F45C", "versionEndIncluding": "7.97"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:mitsubishi:te-200a:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "15CCCC0A-AFBE-4C9B-A92C-8E0C5CF2A055"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:mitsubishi:te-50a_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "47C8DB00-1741-45AE-A411-227A60538F89", "versionEndIncluding": "7.97"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:mitsubishi:te-50a:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C556A4B8-4351-43AD-9E85-D8736D3799E7"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:mitsubishi:tw-50a_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "876361EA-E1E0-42C6-8AA9-C1824909F52A", "versionEndIncluding": "7.97"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:mitsubishi:tw-50a:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2625668C-2AB6-4610-A609-D2B299EA9B53"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp"}