CVE-2022-40269

02.02.2023, 08:15

Authentication Bypass by Spoofing vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT27 model versions 01.14.000 to 01.47.000, Mitsubishi Electric Corporation GOT2000 Series GT25 model versions 01.14.000 to 01.47.000 and Mitsubishi Electric Corporation GT SoftGOT2000 versions 1.265B to 1.285X allows a remote unauthenticated attacker to disclose sensitive information from users' browsers or spoof legitimate users by abusing inappropriate HTML attributes.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	6.8 MEDIUM	NETWORK	HIGH	NONE	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
Mitsubishi	CNA	6.8 MEDIUM	NETWORK	HIGH	NONE	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
CVE	ADP	---				---
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 36%

Vendor	Product	Version
mitsubishielectric	gt_softgot2000	1.265b ≤ 𝑥 < 1.290c
mitsubishielectric	gt27_firmware	01.14.000 ≤ 𝑥 < 01.48.000
mitsubishielectric	gt25_firmware	01.14.000 ≤ 𝑥 < 01.48.000

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-290 - Authentication Bypass by Spoofing
This attack-focused weakness is caused by improperly implemented authentication schemes that are subject to spoofing attacks.

References

https://jvn.jp/vu/JVNVU91222434/index.html

https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-021_en.pdf

https://jvn.jp/vu/JVNVU91222434/index.html

https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-021_en.pdf