medium
5.9
CWE
312
Advisory Published
Updated

CVE-2022-25160

First published: Fri Apr 01 2022(Updated: )

Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions, Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU all versions, Mitsubishi Electric MELSEC iQ-R series R16/32/64MTCPU all versions, Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4) all versions, Mitsubishi Electric MELSEC iQ-R series RJ71EN71 all versions, Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2 all versions, Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU all versions, Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4) all versions and Mitsubishi Electric MELSEC Q series QJ71E71-100 all versions allows a remote unauthenticated attacker to disclose a file in a legitimate user's product by using previously eavesdropped cleartext information and to counterfeit a legitimate user’s system.

Credit: Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp

Affected SoftwareAffected VersionHow to fix
Mitsubishielectric Fx5uc Firmware
Mitsubishielectric Fx5uc
Mitsubishielectric Fx5uc-32mr\/ds-ts Firmware
Mitsubishielectric Fx5uc-32mr\/ds-ts
Mitsubishielectric Fx5uc-32mt\/d Firmware
Mitsubishielectric Fx5uc-32mt\/d
Mitsubishielectric Fx5uc-32mt\/dss Firmware
Mitsubishielectric Fx5uc-32mt\/dss
Mitsubishielectric Fx5uj-24mr\/es Firmware
Mitsubishielectric Fx5uj-24mr\/es
Mitsubishielectric Fx5uj-24mt\/es Firmware
Mitsubishielectric Fx5uj-24mt\/es
Mitsubishielectric Fx5uj-24mt\/ess Firmware
Mitsubishielectric Fx5uj-24mt\/ess
Mitsubishielectric Fx5uj-40mr\/es Firmware
Mitsubishielectric Fx5uj-40mr\/es
Mitsubishielectric Fx5uj-40mt\/es Firmware
Mitsubishielectric Fx5uj-40mt\/es
Mitsubishielectric Fx5uj-40mt\/ess Firmware
Mitsubishielectric Fx5uj-40mt\/ess
Mitsubishielectric Fx5uj-60mr\/es Firmware
Mitsubishielectric Fx5uj-60mr\/es
Mitsubishielectric Fx5uj-60mt\/es Firmware
Mitsubishielectric Fx5uj-60mt\/es
Mitsubishielectric Fx5uj-60mt\/ess Firmware
Mitsubishielectric Fx5uj-60mt\/ess
Mitsubishielectric Fx5uc-32mt\/dss-ts Firmware
Mitsubishielectric Fx5uc-32mt\/dss-ts
Mitsubishielectric Fx5uc-32mt\/ds-ts Firmware
Mitsubishielectric Fx5uc-32mt\/ds-ts
Mitsubishielectric Fx5uj Firmware
Mitsubishielectric Fx5uj

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is CVE-2022-25160?

    CVE-2022-25160 is a vulnerability that allows the storage of sensitive information in cleartext in certain versions of Mitsubishi Electric MELSEC iQ-F and iQ-R series CPU firmware.

  • How does CVE-2022-25160 affect Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU?

    CVE-2022-25160 affects all versions of Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU by allowing cleartext storage of sensitive information.

  • How does CVE-2022-25160 affect Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU?

    CVE-2022-25160 affects all versions of Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU by allowing cleartext storage of sensitive information.

  • How severe is CVE-2022-25160?

    CVE-2022-25160 has a severity rating of medium (5.9) according to the Common Vulnerability Scoring System (CVSS).

  • How can I fix CVE-2022-25160?

    To fix CVE-2022-25160, users should update to the latest firmware version provided by Mitsubishi Electric MELSEC and follow the recommended security practices outlined in the official advisory.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203