What is the severity of CVE-2016-8370?

CVE-2016-8370 is rated as a medium severity vulnerability due to the transmission of weakly encrypted passwords.

What is the impact of CVE-2016-8370?

The impact of CVE-2016-8370 is that attackers could potentially intercept and decipher weakly encrypted passwords, leading to unauthorized access.

Is there a workaround for CVE-2016-8370?

Currently, the recommended workaround for CVE-2016-8370 is to disable remote access to the affected modules when possible until the firmware is updated.

Vulnerability/
CVE-2016-8370

high

7.5

CWE

327 326

13/2/2017

20/4/2025

CVE-2016-8370: Weak Encryption

First published: Mon Feb 13 2017(Updated: )

An issue was discovered in Mitsubishi Electric Automation MELSEC-Q series Ethernet interface modules QJ71E71-100, all versions, QJ71E71-B5, all versions, and QJ71E71-B2, all versions. Weakly encrypted passwords are transmitted to a MELSEC-Q PLC.

Credit: ics-cert@hq.dhs.gov

Affected Software	Affected Version	How to fix
Mitsubishi Electric QJ71E71-100 Firmware
Mitsubishi Electric QJ71E71-100 Firmware
Mitsubishi Electric QJ71E71-B5
Mitsubishi Electric QJ71E71-B5
Mitsubishi Electric QJ71E71-B2 Firmware
Mitsubishi Electric QJ71E71-B2 Firmware
All of
Mitsubishi Electric QJ71E71-100 Firmware
Mitsubishi Electric QJ71E71-100 Firmware
All of
Mitsubishi Electric QJ71E71-B5
Mitsubishi Electric QJ71E71-B5
All of
Mitsubishi Electric QJ71E71-B2 Firmware
Mitsubishi Electric QJ71E71-B2 Firmware

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2016-8370?
CVE-2016-8370 is rated as a medium severity vulnerability due to the transmission of weakly encrypted passwords.
How do I fix CVE-2016-8370?
To mitigate CVE-2016-8370, update the firmware of the affected Mitsubishi Electric Automation MELSEC-Q series Ethernet interface modules to the latest version that addresses the issue.
What devices are affected by CVE-2016-8370?
CVE-2016-8370 affects the Mitsubishi Electric Automation MELSEC-Q series Ethernet interface modules QJ71E71-100, QJ71E71-B5, and QJ71E71-B2.
What is the impact of CVE-2016-8370?
The impact of CVE-2016-8370 is that attackers could potentially intercept and decipher weakly encrypted passwords, leading to unauthorized access.
Is there a workaround for CVE-2016-8370?
Currently, the recommended workaround for CVE-2016-8370 is to disable remote access to the affected modules when possible until the firmware is updated.

agent/references
agent/type
collector/mitre-cve
source/MITRE
agent/severity
agent/weakness
agent/author
agent/description
agent/first-publish-date
collector/nvd-index
agent/software-canonical-lookup-request
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/last-modified-date
agent/source
agent/softwarecombine
agent/tags
agent/event
vendor/mitsubishielectric
canonical/mitsubishi electric qj71e71-100 firmware
canonical/mitsubishi electric qj71e71-b5
canonical/mitsubishi electric qj71e71-b2 firmware

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.