CVE-2022-24296
First published: Wed Jun 08 2022(Updated: )
Use of a Broken or Risky Cryptographic Algorithm vulnerability in Air Conditioning System G-150AD Ver. 3.21 and prior, Air Conditioning System AG-150A-A Ver. 3.21 and prior, Air Conditioning System AG-150A-J Ver. 3.21 and prior, Air Conditioning System GB-50AD Ver. 3.21 and prior, Air Conditioning System GB-50ADA-A Ver. 3.21 and prior, Air Conditioning System GB-50ADA-J Ver. 3.21 and prior, Air Conditioning System EB-50GU-A Ver. 7.10 and prior, Air Conditioning System EB-50GU-J Ver. 7.10 and prior, Air Conditioning System AE-200J Ver. 7.97 and prior, Air Conditioning System AE-200A Ver. 7.97 and prior, Air Conditioning System AE-200E Ver. 7.97 and prior, Air Conditioning System AE-50J Ver. 7.97 and prior, Air Conditioning System AE-50A Ver. 7.97 and prior, Air Conditioning System AE-50E Ver. 7.97 and prior, Air Conditioning System EW-50J Ver. 7.97 and prior, Air Conditioning System EW-50A Ver. 7.97 and prior, Air Conditioning System EW-50E Ver. 7.97 and prior, Air Conditioning System TE-200A Ver. 7.97 and prior, Air Conditioning System TE-50A Ver. 7.97 and prior and Air Conditioning System TW-50A Ver. 7.97 and prior allows a remote unauthenticated attacker to cause a disclosure of encrypted message of the air conditioning systems by sniffing encrypted communications.
Credit: Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mitsubishi Te-200a | <=7.97 | |
| Mitsubishi Ae-200a Firmware | ||
| Mitsubishi Ae-200e | <=7.97 | |
| Mitsubishi Ae-200e Firmware | ||
| Mitsubishi Te-200a | <=7.97 | |
| Mitsubishi Ae-200j Firmware | ||
| Mitsubishi Ae-50a | <=7.97 | |
| Mitsubishi G-50a Firmware | ||
| Mitsubishi Ae-50a | <=7.97 | |
| Mitsubishi Ae-50e Firmware | ||
| Mitsubishi Ae-50a | <=7.97 | |
| Mitsubishi Ae-50j Firmware | ||
| Mitsubishi Ag-150a-a | <=3.21 | |
| Mitsubishi Ag-150a-a Firmware | ||
| Mitsubishi AG-150A-J | <=3.21 | |
| Mitsubishi AG-150A-J | ||
| Mitsubishi Eb-50gu-a | <=7.10 | |
| Mitsubishi Eb-50gu-a Firmware | ||
| Mitsubishi Eb-50gu-j | <=7.10 | |
| Mitsubishi Eb-50gu-j Firmware | ||
| Mitsubishi Ew-50a Firmware | <=7.97 | |
| Mitsubishi Ew-50a Firmware | ||
| Mitsubishi Ew-50e | <=7.97 | |
| Mitsubishi Ew-50e Firmware | ||
| Mitsubishi Ew-50j | <=7.97 | |
| Mitsubishi Ew-50j Firmware | ||
| Mitsubishi G-150ad | <=3.21 | |
| Mitsubishi G-150ad Firmware | ||
| Mitsubishi GB-50A | <=3.21 | |
| Mitsubishi GB-50A | ||
| Mitsubishi Gb-50ada-a | <=3.21 | |
| Mitsubishi Gb-50ada-a Firmware | ||
| Mitsubishi Gb-50ada-j Firmware | <=3.21 | |
| Mitsubishi Gb-50ada-j Firmware | ||
| Mitsubishi Te-200a | <=7.97 | |
| Mitsubishi Te-200a Firmware | ||
| Mitsubishi Te-200a | <=7.97 | |
| Mitsubishi Te-50a Firmware | ||
| Mitsubishi Tw-50a Firmware | <=7.97 | |
| Mitsubishi Tw-50a Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for the Use of a Broken or Risky Cryptographic Algorithm vulnerability in the Air Conditioning System?
The vulnerability ID for this issue is CVE-2022-24296.
What is the severity rating of CVE-2022-24296?
CVE-2022-24296 has a severity rating of 7.5 (High).
Which software versions are affected by CVE-2022-24296?
Air Conditioning System G-150AD Ver. 3.21 and prior, Air Conditioning System AG-150A-A Ver. 3.21 and prior, Air Conditioning System AG-150A-J Ver. 3.21 and prior, Air Conditioning System GB-50AD Ver. 3.21 and prior are affected by CVE-2022-24296.
How can I fix the Use of a Broken or Risky Cryptographic Algorithm vulnerability (CVE-2022-24296) in Mitsubishi Air Conditioning Systems?
To fix CVE-2022-24296, you should update the firmware of the affected Mitsubishi Air Conditioning Systems to a version beyond 3.21.
Where can I find more information about CVE-2022-24296?
You can find more information about CVE-2022-24296 in the following references: [link1], [link2], [link3].
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/references
- agent/last-modified-date
- agent/severity
- agent/author
- agent/event
- agent/description
- agent/first-publish-date
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/mitsubishi
- canonical/mitsubishi te-200a
- version/mitsubishi te-200a/7.97
- canonical/mitsubishi ae-200a firmware
- canonical/mitsubishi ae-200e
- version/mitsubishi ae-200e/7.97
- canonical/mitsubishi ae-200e firmware
- canonical/mitsubishi ae-200j firmware
- canonical/mitsubishi ae-50a
- version/mitsubishi ae-50a/7.97
- canonical/mitsubishi g-50a firmware
- canonical/mitsubishi ae-50e firmware
- canonical/mitsubishi ae-50j firmware
- canonical/mitsubishi ag-150a-a
- version/mitsubishi ag-150a-a/3.21
- canonical/mitsubishi ag-150a-a firmware
- canonical/mitsubishi ag-150a-j
- version/mitsubishi ag-150a-j/3.21
- canonical/mitsubishi eb-50gu-a
- version/mitsubishi eb-50gu-a/7.10
- canonical/mitsubishi eb-50gu-a firmware
- canonical/mitsubishi eb-50gu-j
- version/mitsubishi eb-50gu-j/7.10
- canonical/mitsubishi eb-50gu-j firmware
- canonical/mitsubishi ew-50a firmware
- version/mitsubishi ew-50a firmware/7.97
- canonical/mitsubishi ew-50e
- version/mitsubishi ew-50e/7.97
- canonical/mitsubishi ew-50e firmware
- canonical/mitsubishi ew-50j
- version/mitsubishi ew-50j/7.97
- canonical/mitsubishi ew-50j firmware
- canonical/mitsubishi g-150ad
- version/mitsubishi g-150ad/3.21
- canonical/mitsubishi g-150ad firmware
- canonical/mitsubishi gb-50a
- version/mitsubishi gb-50a/3.21
- canonical/mitsubishi gb-50ada-a
- version/mitsubishi gb-50ada-a/3.21
- canonical/mitsubishi gb-50ada-a firmware
- canonical/mitsubishi gb-50ada-j firmware
- version/mitsubishi gb-50ada-j firmware/3.21
- canonical/mitsubishi te-200a firmware
- canonical/mitsubishi te-50a firmware
- canonical/mitsubishi tw-50a firmware
- version/mitsubishi tw-50a firmware/7.97