CVE-2022-33321

Cleartext Transmission of Sensitive Information vulnerability due to the use of Basic Authentication for HTTP connections in Mitsubishi Electric consumer electronics products (PHOTOVOLTAIC COLOR MONITOR ECO-GUIDE, HEMS adapter, Wi-Fi Interface, Air Conditioning, Induction hob, Mitsubishi Electric HEMS Energy Measurement Unit, Refrigerator, Remote control with Wi-Fi Interface, BATHROOM THERMO VENTILATOR, Rice cooker, Mitsubishi Electric HEMS control adapter, Energy Recovery Ventilator, Smart Switch, Ventilating Fan, Range hood fan, Energy Measurement Unit and Air Purifier) allows a remote unauthenticated attacker to disclose information in the products or cause a denial of service (DoS) condition as a result by sniffing credential information (username and password).
The wide range of models/versions of Mitsubishi Electric consumer electronics products are affected by this vulnerability.
As for the affected product models/versions, see the Mitsubishi Electric's advisory which is listed in [References] section.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
MitsubishiCNA
---
---
CVEADP
---
---
CISA-ADPADP
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 63%
VendorProductVersion
mitsubishielectricmac-557if-e_firmware
*
mitsubishielectricmac-557if-e1_firmware
*
mitsubishielectricpac-wf010-e_firmware
*
mitsubishielectricmac-566ifb-e_firmware
*
mitsubishielectricmac-576if-e1_firmware
*
mitsubishielectricmac-567ifb-e_firmware
*
mitsubishielectricmac-567ifb2-e_firmware
*
mitsubishielectricmac-558if-e_firmware
*
mitsubishielectricmac-558if-e1_firmware
*
mitsubishielectricmac-559if-e_firmware
*
mitsubishielectricmac-559if-e1_firmware
*
mitsubishielectricmac-568if-e_firmware
*
mitsubishielectricmac-568ifb-e_firmware
*
mitsubishielectricmac-568ifb2-e_firmware
*
mitsubishielectricmac-568ifb3-e_firmware
*
mitsubishielectricpac-whs01wf-e_firmware
*
mitsubishielectrics-mac-702if-f_firmware
*
mitsubishielectrics-mac-702if-z_firmware
*
mitsubishielectrics-mac-702if-b_firmware
*
mitsubishielectrics-mac-905if_firmware
*
mitsubishielectrics-mac-906if_firmware
*
mitsubishielectricmsz-ap60\/71vgk-e1_firmware
*
mitsubishielectricmsz-ap60\/71vgk-er1_firmware
*
mitsubishielectricmsz-ap60\/71vgk-et1_firmware
*
mitsubishielectricmsz-ap25\/35\/42\/50vgk-e6_firmware
*
mitsubishielectricmsz-ln18\/25\/35\/50\/60vgw-e1_firmware
*
mitsubishielectricmsz-ln18\/25\/35\/50\/60vgv-e1_firmware
*
mitsubishielectricmsz-ln18\/25\/35\/50\/60vgb-e1_firmware
*
mitsubishielectricmsz-ln18\/25\/35\/50\/60vgr-e1_firmware
*
mitsubishielectricmsz-ln25\/35\/50\/60vgw-er1_firmware
*
mitsubishielectricmsz-ln25\/35\/50\/60vgv-er1_firmware
*
mitsubishielectricmsz-ln25\/35\/50\/60vgb-er1_firmware
*
mitsubishielectricmsz-ln25\/35\/50\/60vgr-er1_firmware
*
mitsubishielectricmsz-ln18\/25\/35\/50\/60vg2w-e1_firmware
*
mitsubishielectricmsz-ln18\/25\/35\/50\/60vg2v-e1_firmware
*
mitsubishielectricmsz-ln18\/25\/35\/50\/60vg2b-e1_firmware
*
mitsubishielectricmsz-ln18\/25\/35\/50\/60vg2r-e1_firmware
*
mitsubishielectricmsz-ln18\/25\/35\/50\/60vg2w-er1_firmware
*
mitsubishielectricmsz-ln25\/35\/50\/60vg2v-er1_firmware
*
mitsubishielectricmsz-ln25\/35\/50\/60vg2b-er1_firmware
*
mitsubishielectricmsz-ln25\/35\/50\/60vg2r-er1_firmware
*
mitsubishielectricmsz-ln18\/25\/35\/50\/60vg2w-et1_firmware
*
mitsubishielectricmsz-ln18\/25\/35\/50\/60vg2v-et1_firmware
*
mitsubishielectricmsz-ln18\/25\/35\/50\/60vg2b-et1_firmware
*
mitsubishielectricmsz-ln18\/25\/35\/50\/60vg2r-et1_firmware
*
mitsubishielectricmsz-ln18\/25\/35\/50vg2w-en1_firmware
*
mitsubishielectricmsz-ln18\/25\/35\/50vg2v-en1_firmware
*
mitsubishielectricmsz-ln18\/25\/35\/50vg2b-en1_firmware
*
mitsubishielectricmsz-ln18\/25\/35\/50vg2r-en1_firmware
*
mitsubishielectricmsz-ln25\/35\/50\/60vgv-a1_firmware
*
mitsubishielectricmsz-ln25\/35\/50\/60vgb-a1_firmware
*
mitsubishielectricmsz-ln25\/35\/50\/60vgr-a1_firmware
*
mitsubishielectricmsz-ln25\/35\/50\/60vg2v-a1_firmware
*
mitsubishielectricmsz-ln25\/35\/50\/60vg2b-a1_firmware
*
mitsubishielectricmsz-ln25\/35\/50\/60vg2r-a1_firmware
*
mitsubishielectricmsz-ft20\/25vfk_firmware
*
mitsubishielectricmsz-fx20\/25vfk_firmware
*
mitsubishielectricmsz-gzt09\/12\/18vak_firmware
*
mitsubishielectricmsz-zt09\/12\/18vak_firmware
*
mitsubishielectricmac-587if-e_firmware
𝑥
≤ 35.00
mitsubishielectricmac-587if2-e_firmware
𝑥
≤ 35.00
mitsubishielectricmac-507if-e_firmware
𝑥
≤ 35.00
mitsubishielectricmac-588if-e_firmware
𝑥
≤ 35.00
mitsubishielectrics-mac-002if_firmware
𝑥
≤ 35.00
mitsubishielectricma-ew85s-e_firmware
𝑥
≤ 80.00
mitsubishielectricma-ew85s-uk_firmware
𝑥
≤ 80.00
mitsubishielectricmsxy-fp05\/07\/10\/13\/18\/20\/24vgk-sg1_firmware
𝑥
≤ 35.00
mitsubishielectricmsy-gp10\/13\/15\/18\/20\/24vfk-sg1_firmware
𝑥
≤ 35.00
mitsubishielectricmsz-ap25\/35\/42\/50vgk-e1_firmware
𝑥
≤ 35.00
mitsubishielectricmsz-ap15\/20\/25\/35\/42\/50\/60\/71vgk-e2_firmware
𝑥
≤ 35.00
mitsubishielectricmsz-ap25\/35\/42\/50\/60\/71vgk-e3_firmware
𝑥
≤ 35.00
mitsubishielectricmsz-ap25\/35\/42\/50vgk-e7_firmware
𝑥
≤ 35.00
mitsubishielectricmsz-ap25\/35\/42\/50vgk-e8_firmware
𝑥
≤ 35.00
mitsubishielectricmsz-ap25\/35\/42\/50vgk-en1_firmware
𝑥
≤ 35.00
mitsubishielectricmsz-ap25\/35\/42\/50vgk-en2_firmware
𝑥
≤ 35.00
mitsubishielectricmsz-ap25\/35\/42\/50vgk-en3_firmware
𝑥
≤ 35.00
mitsubishielectricmsz-ap25\/35\/42\/50vgk-er1_firmware
𝑥
≤ 35.00
mitsubishielectricmsz-ap15\/20\/25\/35\/42\/50\/60\/71vgk-er2_firmware
𝑥
≤ 35.00
mitsubishielectricmsz-ap25\/35\/42\/50\/60\/71vgk-er3_firmware
𝑥
≤ 35.00
mitsubishielectricmsz-ap25\/35\/42\/50vgk-et1_firmware
𝑥
≤ 35.00
mitsubishielectricmsz-ap15\/20\/25\/35\/42\/50\/60\/71vgk-et2_firmware
𝑥
≤ 35.00
mitsubishielectricmsz-ap25\/35\/42\/50\/60\/71vgk-et3_firmware
𝑥
≤ 35.00
mitsubishielectricmsz-ay25\/35\/42\/50vgk-e1_firmware
𝑥
≤ 35.00
mitsubishielectricmsz-ay25\/35\/42\/50vgk-e6_firmware
𝑥
≤ 35.00
mitsubishielectricmsz-ay25\/35\/42\/50vgk-er1_firmware
𝑥
≤ 35.00
mitsubishielectricmsz-ay25\/35\/42\/50vgk-et1_firmware
𝑥
≤ 35.00
mitsubishielectricmsz-ay25\/35\/42\/50vgk-sc1_firmware
𝑥
≤ 35.00
mitsubishielectricmsz-ay25\/35\/42\/50vgkp-e6_firmware
𝑥
≤ 35.00
mitsubishielectricmsz-ay25\/35\/42\/50vgkp-er1_firmware
𝑥
≤ 35.00
mitsubishielectricmsz-ay25\/35\/42\/50vgkp-et1_firmware
𝑥
≤ 35.00
mitsubishielectricmsz-ay25\/35\/42\/50vgkp-sc1_firmware
𝑥
≤ 35.00
mitsubishielectricmsz-bt20\/25\/35\/50vgk-e1_firmware
𝑥
≤ 35.00
mitsubishielectricmsz-bt20\/25\/35\/50vgk-e2_firmware
𝑥
≤ 35.00
mitsubishielectricmsz-bt20\/25\/35\/50vgk-e3_firmware
𝑥
≤ 35.00
mitsubishielectricmsz-bt20\/25\/35\/50vgk-er1_firmware
𝑥
≤ 35.00
mitsubishielectricmsz-bt20\/25\/35\/50vgk-er2_firmware
𝑥
≤ 35.00
mitsubishielectricmsz-bt20\/25\/35\/50vgk-et1_firmware
𝑥
≤ 35.00
mitsubishielectricmsz-bt20\/25\/35\/50vgk-et2_firmware
𝑥
≤ 35.00
mitsubishielectricmsz-bt20\/25\/35\/50vgk-et3_firmware
𝑥
≤ 35.00
mitsubishielectricmsz-ef18\/22\/25\/35\/42\/50vgkw-e1_firmware
𝑥
≤ 35.00
mitsubishielectricmsz-ef18\/22\/25\/35\/42\/50vgkb-e1_firmware
𝑥
≤ 35.00
mitsubishielectricmsz-ef18\/22\/25\/35\/42\/50vgks-e1_firmware
𝑥
≤ 35.00
mitsubishielectricmsz-ef18\/22\/25\/35\/42\/50vgkw-e2_firmware
𝑥
≤ 35.00
mitsubishielectricmsz-ef18\/22\/25\/35\/42\/50vgkb-e2_firmware
𝑥
≤ 35.00
mitsubishielectricmsz-ef18\/22\/25\/35\/42\/50vgks-e2_firmware
𝑥
≤ 35.00
mitsubishielectricmsz-ef22\/25\/35\/42\/50vgkw-er1_firmware
𝑥
≤ 35.00
mitsubishielectricmsz-ef22\/25\/35\/42\/50vgkb-er1_firmware
𝑥
≤ 35.00
mitsubishielectricmsz-ef22\/25\/35\/42\/50vgks-er1_firmware
𝑥
≤ 35.00
mitsubishielectricmsz-ef22\/25\/35\/42\/50vgkw-er2_firmware
𝑥
≤ 35.00
mitsubishielectricmsz-ef22\/25\/35\/42\/50vgkb-er2_firmware
𝑥
≤ 35.00
mitsubishielectricmsz-ef22\/25\/35\/42\/50vgks-er2_firmware
𝑥
≤ 35.00
mitsubishielectricmsz-ef22\/25\/35\/42\/50vgkw-et1_firmware
𝑥
≤ 35.00
mitsubishielectricmsz-ef22\/25\/35\/42\/50vgkb-et1_firmware
𝑥
≤ 35.00
mitsubishielectricmsz-ef22\/25\/35\/42\/50vgks-et1_firmware
𝑥
≤ 35.00
mitsubishielectricmsz-ef22\/25\/35\/42\/50vgkw-et2_firmware
𝑥
≤ 35.00
mitsubishielectricmsz-ef22\/25\/35\/42\/50vgkb-et2_firmware
𝑥
≤ 35.00
mitsubishielectricmsz-ef22\/25\/35\/42\/50vgks-et2_firmware
𝑥
≤ 35.00
mitsubishielectricmsz-ft25\/35\/50vgk-e1_firmware
𝑥
≤ 35.00
mitsubishielectricmsz-ft25\/35\/50vgk-e2_firmware
𝑥
≤ 35.00
mitsubishielectricmsz-ft25\/35\/50vgk-et1_firmware
𝑥
≤ 35.00
mitsubishielectricmsz-ft25\/35\/50vgk-sc1_firmware
𝑥
≤ 35.00
mitsubishielectricmsz-ft25\/35\/50vgk-sc2_firmware
𝑥
≤ 35.00
mitsubishielectricmsz-hr25\/35\/42\/50\/60\/71vfk-e1_firmware
𝑥
≤ 35.00
mitsubishielectricmsz-hr25\/35\/42\/50vfk-e6_firmware
𝑥
≤ 35.00
mitsubishielectricmsz-hr25\/35\/42\/50\/60\/71vfk-er1_firmware
𝑥
≤ 35.00
mitsubishielectricmsz-hr25\/35\/42\/50\/60\/71vfk-et1_firmware
𝑥
≤ 35.00
mitsubishielectricmsz-ln18\/25\/35\/50\/60vg2w-e2_firmware
𝑥
≤ 35.00
mitsubishielectricmsz-ln18\/25\/35\/50\/60vg2w-e3_firmware
𝑥
≤ 35.00
mitsubishielectricmsz-ln25\/35\/50vg2w-en2_firmware
𝑥
≤ 35.00
mitsubishielectricmsz-ln18\/25\/35\/50\/60vg2w-er2_firmware
𝑥
≤ 35.00
mitsubishielectricmsz-ln25\/35\/50\/60vg2w-er3_firmware
𝑥
≤ 35.00
mitsubishielectricmsz-ln18\/25\/35\/50\/60vg2w-et2_firmware
𝑥
≤ 35.00
mitsubishielectricmsz-ln25\/35\/50\/60vg2w-et3_firmware
𝑥
≤ 35.00
mitsubishielectricmsz-ln18\/25\/35\/50\/60vg2v-e2_firmware
𝑥
≤ 35.00
mitsubishielectricmsz-ln18\/25\/35\/50\/60vg2v-e3_firmware
𝑥
≤ 35.00
mitsubishielectricmsz-ln25\/35\/50vg2v-en2_firmware
𝑥
≤ 35.00
mitsubishielectricmsz-ln25\/35\/50\/60vg2v-er2_firmware
𝑥
≤ 35.00
mitsubishielectricmsz-ln25\/35\/50\/60vg2v-er3_firmware
𝑥
≤ 35.00
mitsubishielectricmsz-ln25\/35\/50\/60vg2v-et2_firmware
𝑥
≤ 35.00
mitsubishielectricmsz-ln25\/35\/50\/60vg2v-et3_firmware
𝑥
≤ 35.00
mitsubishielectricmsz-ln18\/25\/35\/50\/60vg2b-e2_firmware
𝑥
≤ 35.00
mitsubishielectricmsz-ln18\/25\/35\/50\/60vg2b-e3_firmware
𝑥
≤ 35.00
mitsubishielectricmsz-ln25\/35\/50vg2b-en2_firmware
𝑥
≤ 35.00
mitsubishielectricmsz-ln25\/35\/50\/60vg2b-er2_firmware
𝑥
≤ 35.00
mitsubishielectricmsz-ln25\/35\/50\/60vg2b-er3_firmware
𝑥
≤ 35.00
mitsubishielectricmsz-ln25\/35\/50\/60vg2b-et2_firmware
𝑥
≤ 35.00
mitsubishielectricmsz-ln25\/35\/50\/60vg2b-et3_firmware
𝑥
≤ 35.00
mitsubishielectricmsz-ln18\/25\/35\/50\/60vg2r-e2_firmware
𝑥
≤ 35.00
mitsubishielectricmsz-ln18\/25\/35\/50\/60vg2r-e3_firmware
𝑥
≤ 35.00
mitsubishielectricmsz-ln25\/35\/50vg2r-en2_firmware
𝑥
≤ 35.00
mitsubishielectricmsz-ln25\/35\/50\/60vg2r-er2_firmware
𝑥
≤ 35.00
mitsubishielectricmsz-ln25\/35\/50\/60vg2r-er3_firmware
𝑥
≤ 35.00
mitsubishielectricmsz-ln25\/35\/50\/60vg2r-et2_firmware
𝑥
≤ 35.00
mitsubishielectricmsz-ln25\/35\/50\/60vg2r-et3_firmware
𝑥
≤ 35.00
mitsubishielectricmsz-ln18\/25\/35\/50vg2w-sc1_firmware
𝑥
≤ 35.00
mitsubishielectricmsz-ln25\/35\/50vg2v-sc1_firmware
𝑥
≤ 35.00
mitsubishielectricmsz-ln25\/35\/50vg2b-sc1_firmware
𝑥
≤ 35.00
mitsubishielectricmsz-ln25\/35\/50vg2r-sc1_firmware
𝑥
≤ 35.00
mitsubishielectricmsz-rw25\/35\/50vg-e1_firmware
𝑥
≤ 35.00
mitsubishielectricmsz-rw25\/35\/50vg-er1_firmware
𝑥
≤ 35.00
mitsubishielectricmsz-rw25\/35\/50vg-et1_firmware
𝑥
≤ 35.00
mitsubishielectricmsz-rw25\/35\/50vg-sc1_firmware
𝑥
≤ 35.00
mitsubishielectricmsz-ap22\/25\/35\/42\/50\/61\/70\/80vgkd-a1_firmware
𝑥
≤ 35.00
mitsubishielectricmsz-ap22\/25\/35\/42\/50\/60\/71\/80vgkd-a2_firmware
𝑥
≤ 35.00
mitsubishielectricmsz-ef22\/25\/35\/42\/50vgkw-a1_firmware
𝑥
≤ 35.00
mitsubishielectricmsz-ef22\/25\/35\/42\/50vgkb-a1_firmware
𝑥
≤ 35.00
mitsubishielectricmsz-ef22\/25\/35\/42\/50vgks-a1_firmware
𝑥
≤ 35.00
mitsubishielectricmsz-ln25\/35\/50\/60vg2v-a2_firmware
𝑥
≤ 35.00
mitsubishielectricmsz-ln25\/35\/50\/60vg2b-a2_firmware
𝑥
≤ 35.00
mitsubishielectricmsz-ln25\/35\/50\/60vg2r-a2_firmware
𝑥
≤ 35.00
mitsubishielectricmfz-gxt50\/60\/73vfk_firmware
𝑥
≤ 35.00
mitsubishielectricmfz-xt50\/60vfk_firmware
𝑥
≤ 35.00
mitsubishielectricmsz-eza09\/12vak_firmware
𝑥
≤ 35.00
mitsubishielectricmsz-exa09\/12vak_firmware
𝑥
≤ 35.00
mitsubishielectricmsz-gzy09\/12\/18vfk_firmware
𝑥
≤ 35.00
mitsubishielectricmsz-ky09\/12\/18vfk_firmware
𝑥
≤ 35.00
mitsubishielectricmsz-wx18\/20\/25vfk_firmware
𝑥
≤ 35.00
mitsubishielectricmsz-zy09\/12\/18vfk_firmware
𝑥
≤ 35.00
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://jvn.jp/vu/JVNVU96767562/index.html
https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2022-010.pdf
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-010_en.pdf
https://jvn.jp/vu/JVNVU96767562/index.html
https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2022-010.pdf
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-010_en.pdf