CVE-2022-33323 Vulnerability Details

  /     /     /  

CVE-2022-33323 Metadata Quick Info

CVE Published: 02/02/2023 | CVE Updated: 03/08/2024 | CVE Year: 2022
Source: Mitsubishi | Vendor: Mitsubishi Electric Corporation | Product: MELFA SD/SQ Series Controller CR1DA-771 of RV-2SD
Status : PUBLISHED

---

CVE-2022-33323 Description

Active Debug Code vulnerability in robot controller of Mitsubishi Electric Corporation industrial robot MELFA SD/SQ Series and MELFA F-Series allows a remote unauthenticated attacker to gain unauthorized access by authentication bypass through an unauthorized telnet login. As for the affected model names, controller types and firmware versions, see the Mitsubishi Electric\'s advisory which is listed in [References] section.

Metrics

CVSS Version: 3.1 | Base Score: 7.5 HIGH
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

l➤ Exploitability Metrics:
    Attack Vector (AV)* NETWORK
    Attack Complexity (AC)* LOW
    Privileges Required (PR)* NONE
    User Interaction (UI)* NONE
    Scope (S)* UNCHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* NONE
    Integrity Impact (I)* HIGH
    Availability Impact (A)* NONE

Weakness Enumeration (CWE)

CWE-ID: CWE-489
CWE Name: CWE-489 Active Debug Code
Source: Mitsubishi Electric Corporation

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description: Authentication Bypass


Source: NVD (National Vulnerability Database).