high
7.5
CWE
327
Advisory Published
Updated

CVE-2022-24296

First published: Wed Jun 08 2022(Updated: )

Use of a Broken or Risky Cryptographic Algorithm vulnerability in Air Conditioning System G-150AD Ver. 3.21 and prior, Air Conditioning System AG-150A-A Ver. 3.21 and prior, Air Conditioning System AG-150A-J Ver. 3.21 and prior, Air Conditioning System GB-50AD Ver. 3.21 and prior, Air Conditioning System GB-50ADA-A Ver. 3.21 and prior, Air Conditioning System GB-50ADA-J Ver. 3.21 and prior, Air Conditioning System EB-50GU-A Ver. 7.10 and prior, Air Conditioning System EB-50GU-J Ver. 7.10 and prior, Air Conditioning System AE-200J Ver. 7.97 and prior, Air Conditioning System AE-200A Ver. 7.97 and prior, Air Conditioning System AE-200E Ver. 7.97 and prior, Air Conditioning System AE-50J Ver. 7.97 and prior, Air Conditioning System AE-50A Ver. 7.97 and prior, Air Conditioning System AE-50E Ver. 7.97 and prior, Air Conditioning System EW-50J Ver. 7.97 and prior, Air Conditioning System EW-50A Ver. 7.97 and prior, Air Conditioning System EW-50E Ver. 7.97 and prior, Air Conditioning System TE-200A Ver. 7.97 and prior, Air Conditioning System TE-50A Ver. 7.97 and prior and Air Conditioning System TW-50A Ver. 7.97 and prior allows a remote unauthenticated attacker to cause a disclosure of encrypted message of the air conditioning systems by sniffing encrypted communications.

Credit: Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp

Affected SoftwareAffected VersionHow to fix
Mitsubishi Ae-200a Firmware<=7.97
Mitsubishi Ae-200a
Mitsubishi Ae-200e Firmware<=7.97
Mitsubishi Ae-200e
Mitsubishi Ae-200j Firmware<=7.97
Mitsubishi Ae-200j
Mitsubishi Ae-50a Firmware<=7.97
Mitsubishi Ae-50a
Mitsubishi Ae-50e Firmware<=7.97
Mitsubishi Ae-50e
Mitsubishi Ae-50j Firmware<=7.97
Mitsubishi Ae-50j
Mitsubishi Ag-150a-a Firmware<=3.21
Mitsubishi Ag-150a-a
Mitsubishi Ag-150a-j Firmware<=3.21
Mitsubishi Ag-150a-j
Mitsubishi Eb-50gu-a Firmware<=7.10
Mitsubishi Eb-50gu-a
Mitsubishi Eb-50gu-j Firmware<=7.10
Mitsubishi Eb-50gu-j
Mitsubishi Ew-50a Firmware<=7.97
Mitsubishi Ew-50a
Mitsubishi Ew-50e Firmware<=7.97
Mitsubishi Ew-50e
Mitsubishi Ew-50j Firmware<=7.97
Mitsubishi Ew-50j
Mitsubishi G-150ad Firmware<=3.21
Mitsubishi G-150ad
Mitsubishi Gb-50a Firmware<=3.21
Mitsubishi Gb-50a
Mitsubishi Gb-50ada-a Firmware<=3.21
Mitsubishi Gb-50ada-a
Mitsubishi Gb-50ada-j Firmware<=3.21
Mitsubishi Gb-50ada-j
Mitsubishi Te-200a Firmware<=7.97
Mitsubishi Te-200a
Mitsubishi Te-50a Firmware<=7.97
Mitsubishi Te-50a
Mitsubishi Tw-50a Firmware<=7.97
Mitsubishi Tw-50a

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the vulnerability ID for the Use of a Broken or Risky Cryptographic Algorithm vulnerability in the Air Conditioning System?

    The vulnerability ID for this issue is CVE-2022-24296.

  • What is the severity rating of CVE-2022-24296?

    CVE-2022-24296 has a severity rating of 7.5 (High).

  • Which software versions are affected by CVE-2022-24296?

    Air Conditioning System G-150AD Ver. 3.21 and prior, Air Conditioning System AG-150A-A Ver. 3.21 and prior, Air Conditioning System AG-150A-J Ver. 3.21 and prior, Air Conditioning System GB-50AD Ver. 3.21 and prior are affected by CVE-2022-24296.

  • How can I fix the Use of a Broken or Risky Cryptographic Algorithm vulnerability (CVE-2022-24296) in Mitsubishi Air Conditioning Systems?

    To fix CVE-2022-24296, you should update the firmware of the affected Mitsubishi Air Conditioning Systems to a version beyond 3.21.

  • Where can I find more information about CVE-2022-24296?

    You can find more information about CVE-2022-24296 in the following references: [link1], [link2], [link3].

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203