critical
9.1
CWE
312
Advisory Published
Updated

CVE-2022-25158

First published: Fri Apr 01 2022(Updated: )

Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions, Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU all versions, Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4) all versions, Mitsubishi Electric MELSEC iQ-R series RJ71EN71 all versions, Mitsubishi Electric MELSEC iQ-R series RJ71GF11-T2 all versions, Mitsubishi Electric MELSEC iQ-R series RJ71GP21(S)-SX all versions, Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2 all versions, Mitsubishi Electric MELSEC Q series Q03UDECPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/10/13/20/26/50/100UDEHCPU all versions, Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU all versions, Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4) all versions, Mitsubishi Electric MELSEC Q series QJ71E71-100 all versions, Mitsubishi Electric MELSEC L series L02/06/26CPU(-P) all versions, Mitsubishi Electric MELSEC L series L26CPU-(P)BT all versions, Mitsubishi Electric MELSEC L series LJ71C24(-R2) all versions, Mitsubishi Electric MELSEC L series LJ71E71-100 all versions and Mitsubishi Electric MELSEC L series LJ72GF15-T2 all versions allows a remote attacker to disclose or tamper with a file in which password hash is saved in cleartext.

Credit: Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp

Affected SoftwareAffected VersionHow to fix
Mitsubishielectric Fx5uc Firmware
Mitsubishielectric Fx5uc
Mitsubishielectric Fx5uc-32mr\/ds-ts Firmware
Mitsubishielectric Fx5uc-32mr\/ds-ts
Mitsubishielectric Fx5uc-32mt\/d Firmware
Mitsubishielectric Fx5uc-32mt\/d
Mitsubishielectric Fx5uc-32mt\/dss Firmware
Mitsubishielectric Fx5uc-32mt\/dss
Mitsubishielectric Fx5uj-24mr\/es Firmware
Mitsubishielectric Fx5uj-24mr\/es
Mitsubishielectric Fx5uj-24mt\/es Firmware
Mitsubishielectric Fx5uj-24mt\/es
Mitsubishielectric Fx5uj-24mt\/ess Firmware
Mitsubishielectric Fx5uj-24mt\/ess
Mitsubishielectric Fx5uj-40mr\/es Firmware
Mitsubishielectric Fx5uj-40mr\/es
Mitsubishielectric Fx5uj-40mt\/es Firmware
Mitsubishielectric Fx5uj-40mt\/es
Mitsubishielectric Fx5uj-40mt\/ess Firmware
Mitsubishielectric Fx5uj-40mt\/ess
Mitsubishielectric Fx5uj-60mr\/es Firmware
Mitsubishielectric Fx5uj-60mr\/es
Mitsubishielectric Fx5uj-60mt\/es Firmware
Mitsubishielectric Fx5uj-60mt\/es
Mitsubishielectric Fx5uj-60mt\/ess Firmware
Mitsubishielectric Fx5uj-60mt\/ess
Mitsubishielectric Fx5uc-32mt\/dss-ts Firmware
Mitsubishielectric Fx5uc-32mt\/dss-ts
Mitsubishielectric Fx5uc-32mt\/ds-ts Firmware
Mitsubishielectric Fx5uc-32mt\/ds-ts
Mitsubishielectric Fx5uj Firmware
Mitsubishielectric Fx5uj
Mitsubishi Electric MELSEC iQ-F Series FX5U(C) CPU modules, All models
Mitsubishi Electric MELSEC iQ-F Series FX5UJ CPU modules, All models

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Frequently Asked Questions

  • What is the vulnerability ID for this vulnerability?

    The vulnerability ID for this vulnerability is CVE-2022-25158.

  • What is the severity of CVE-2022-25158?

    The severity of CVE-2022-25158 is critical with a CVSS score of 9.1.

  • Which Mitsubishi Electric MELSEC iQ-F series CPUs are affected by CVE-2022-25158?

    CVE-2022-25158 affects Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU and iQ-R series R00/01/02CPU.

  • What is the recommended solution for CVE-2022-25158?

    There is no known solution for CVE-2022-25158 at the moment. Please refer to the vendor's advisory for updates.

  • Where can I find more information about CVE-2022-25158?

    You can find more information about CVE-2022-25158 on the JVN, CISA, and Mitsubishi Electric websites using the provided references.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203