CVE-2022-24296

Use of a Broken or Risky Cryptographic Algorithm vulnerability in Air Conditioning System G-150AD Ver. 3.21 and prior, Air Conditioning System AG-150A-A Ver. 3.21 and prior, Air Conditioning System AG-150A-J Ver. 3.21 and prior, Air Conditioning System GB-50AD Ver. 3.21 and prior, Air Conditioning System GB-50ADA-A Ver. 3.21 and prior, Air Conditioning System GB-50ADA-J Ver. 3.21 and prior, Air Conditioning System EB-50GU-A Ver. 7.10 and prior, Air Conditioning System EB-50GU-J Ver. 7.10 and prior, Air Conditioning System AE-200J Ver. 7.97 and prior, Air Conditioning System AE-200A Ver. 7.97 and prior, Air Conditioning System AE-200E Ver. 7.97 and prior, Air Conditioning System AE-50J Ver. 7.97 and prior, Air Conditioning System AE-50A Ver. 7.97 and prior, Air Conditioning System AE-50E Ver. 7.97 and prior, Air Conditioning System EW-50J Ver. 7.97 and prior, Air Conditioning System EW-50A Ver. 7.97 and prior, Air Conditioning System EW-50E Ver. 7.97 and prior, Air Conditioning System TE-200A Ver. 7.97 and prior, Air Conditioning System TE-50A Ver. 7.97 and prior and Air Conditioning System TW-50A Ver. 7.97 and prior allows a remote unauthenticated attacker to cause a disclosure of encrypted message of the air conditioning systems by sniffing encrypted communications.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
MitsubishiCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 48%
VendorProductVersion
mitsubishiae-200a_firmware
𝑥
≤ 7.97
mitsubishiae-200e_firmware
𝑥
≤ 7.97
mitsubishiae-200j_firmware
𝑥
≤ 7.97
mitsubishiae-50a_firmware
𝑥
≤ 7.97
mitsubishiae-50e_firmware
𝑥
≤ 7.97
mitsubishiae-50j_firmware
𝑥
≤ 7.97
mitsubishiag-150a-a_firmware
𝑥
≤ 3.21
mitsubishiag-150a-j_firmware
𝑥
≤ 3.21
mitsubishieb-50gu-a_firmware
𝑥
≤ 7.10
mitsubishieb-50gu-j_firmware
𝑥
≤ 7.10
mitsubishiew-50a_firmware
𝑥
≤ 7.97
mitsubishiew-50e_firmware
𝑥
≤ 7.97
mitsubishiew-50j_firmware
𝑥
≤ 7.97
mitsubishig-150ad_firmware
𝑥
≤ 3.21
mitsubishigb-50a_firmware
𝑥
≤ 3.21
mitsubishigb-50ada-a_firmware
𝑥
≤ 3.21
mitsubishigb-50ada-j_firmware
𝑥
≤ 3.21
mitsubishite-200a_firmware
𝑥
≤ 7.97
mitsubishite-50a_firmware
𝑥
≤ 7.97
mitsubishitw-50a_firmware
𝑥
≤ 7.97
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://jvn.jp/vu/JVNVU95298925/index.html
https://www.mee.co.jp/psirt/vulnerability/pdf/2022-001.pdf
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-005_en.pdf
https://jvn.jp/vu/JVNVU95298925/index.html
https://www.mee.co.jp/psirt/vulnerability/pdf/2022-001.pdf
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-005_en.pdf