What is the severity of CVE-2022-33323?

CVE-2022-33323 has been classified as a critical vulnerability due to its ability to allow unauthorized remote access.

How do I fix CVE-2022-33323?

To mitigate CVE-2022-33323, update the affected Mitsubishi Electric firmware to the latest version provided by the vendor.

Which devices are affected by CVE-2022-33323?

CVE-2022-33323 affects various models in the Mitsubishi Electric MELFA SD/SQ Series and MELFA F-Series with specific firmware versions.

Can CVE-2022-33323 be exploited remotely?

Yes, CVE-2022-33323 can be exploited remotely by an unauthenticated attacker through an unauthorized telnet login.

What impact does CVE-2022-33323 have on industrial control systems?

The impact of CVE-2022-33323 on industrial control systems includes potential unauthorized access, leading to disruption or manipulation of robotic operations.

Vulnerability/
CVE-2022-33323

high

7.5

CWE

489

2/2/2023

26/3/2025

CVE-2022-33323: Authentication Bypass Vulnerability in Robot Controller of MELFA SD/SQ series and F-series

First published: Thu Feb 02 2023(Updated: )

Active Debug Code vulnerability in robot controller of Mitsubishi Electric Corporation industrial robot MELFA SD/SQ Series and MELFA F-Series allows a remote unauthenticated attacker to gain unauthorized access by authentication bypass through an unauthorized telnet login. As for the affected model names, controller types and firmware versions, see the Mitsubishi Electric's advisory which is listed in [References] section.

Credit: Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp

Affected Software	Affected Version	How to fix
Mitsubishi Electric Corporation MELFA SD/SQ Series
Mitsubishi Electric MELFA SD/SQ Series
Mitsubishi Electric MELFA F-Series
Mitsubishi Electric MELFA F-Series
Mitsubishi Electric Rh-12sdh55 Firmware
Mitsubishielectric Rh-12sdh55 Firmware
Mitsubishi Electric Rh-12sdh70 Firmware
Mitsubishi Electric Rh-12sdh70 Firmware
Mitsubishi Electric RH-12SDH85 Firmware
Mitsubishielectric Rh-12sdh85 Firmware
Mitsubishi Electric RH-12SQH55 Firmware
Mitsubishi Electric RH-12SQH55 Firmware
Mitsubishi Electric Rh-12sqh70 Firmware
Mitsubishi Electric Rh-12sqh70 Firmware
Mitsubishi Electric Rh-12sqh85 Firmware
Mitsubishi Electric Rh-12sqh85
Mitsubishi Electric RH-20SDH100 Firmware
Mitsubishi Electric RH-20SDH100
Mitsubishi Electric Rh-20sdh85 Firmware
Mitsubishi Electric RH-20SDH85
Mitsubishi Electric RH-20SQH85
Mitsubishi Electric RH-20SQH85
Mitsubishielectric Rh-3sdhr
Mitsubishi Electric RH-3SDHR
Mitsubishi Electric RH-3SQHR
Mitsubishi Electric RH-3SQHR
Mitsubishi Electric RH-6SDH35 Firmware
Mitsubishi Electric RH-6SDH35 Firmware
Mitsubishi Electric RH-6SDH45 Firmware
Mitsubishi Electric RH-6SDH45 Firmware
Mitsubishi Electric RH-6SDH55
Mitsubishi Electric RH-6SDH55
Mitsubishi Electric RH-6SQH35 Firmware
Mitsubishi Electric RH-6SQH35
Mitsubishi Electric RH-6SQH45 Firmware
Mitsubishi Electric RH-6SQH45 Firmware
Mitsubishi Electric RH-12SQH55
Mitsubishi Electric RH-6SQH55
Mitsubishi Electric RV-12SD Firmware
Mitsubishi Electric RV-12SD
Mitsubishi Electric RV-12SDL Firmware
Mitsubishi Electric RV-12SDL Firmware
Mitsubishi Electric RV-12SQ Firmware
Mitsubishi Electric RV-12SQ
Mitsubishi Electric RV-12SQL Firmware
Mitsubishi Electric RV-12SQL Firmware
Mitsubishi Electric RV-2SDB Firmware
Mitsubishi Electric RV-2SDB Firmware
Mitsubishi Electric RV-2SQB
Mitsubishielectric Rv-2sqb Firmware
Mitsubishi Electric RV-3SD
Mitsubishi Electric RV-3SD
Mitsubishi Electric RV-3SDJ Firmware
Mitsubishi Electric RV-3SDJ
Mitsubishi Electric RV-3SQ Firmware
Mitsubishi Electric RV-3SQ Firmware
Mitsubishielectric Rv-3sqj Firmware
Mitsubishielectric Rv-3sqj Firmware
Mitsubishi Electric RV-6SD Firmware
Mitsubishielectric Rv-6sd Firmware
Mitsubishi Electric RV-12SDL Firmware
Mitsubishi Electric RV-6SDL
Mitsubishi Electric RV-6SQ Firmware
Mitsubishi Electric RV-6SQ Firmware
Mitsubishi Electric RV-6SQL
Mitsubishi Electric RV-6SQL
Mitsubishi Electric Rh-12FH55
Mitsubishi Electric Rh-12FH55
Mitsubishi Electric Rh-12fh70 Firmware
Mitsubishi Electric RH-12FH70
Mitsubishi Electric Rh-12fh85 Firmware
Mitsubishi Electric Rh-12fh85 Firmware
Mitsubishi Electric RH20FRH100
Mitsubishi Electric RH-20FH100
Mitsubishi Electric Rh-20fh85 Firmware
Mitsubishi Electric RH-20FH85
Mitsubishi Electric RH-3FH35 Firmware
Mitsubishi Electric RH3FRH35
Mitsubishielectric Rh-3fh45 Firmware
Mitsubishi Electric RH-3FH45
Mitsubishi Electric RH-3FH55 Firmware
Mitsubishielectric Rh-3fh55 Firmware
Mitsubishielectric Rh-6fh35
Mitsubishi Electric RH-6FH35
Mitsubishi Electric Rh-6fh45
Mitsubishi Electric Rh-6fh45
Mitsubishi Electric RH6FRH55 Firmware
Mitsubishielectric Rh-6fh55 Firmware
Mitsubishi Electric RV-13F
Mitsubishi Electric RV-13F
Mitsubishi Electric RV-13FL Firmware
Mitsubishi Electric RV-13FL Firmware
Mitsubishi Electric RV-20F Firmware
Mitsubishi Electric RV-20F Firmware
Mitsubishi Electric RV-2F Firmware
Mitsubishi Electric RV-2F
Mitsubishi Electric RV-4F Firmware
Mitsubishi Electric RV-4F
Mitsubishi Electric RV-4FL
Mitsubishi Electric RV-4FL
Mitsubishi Electric RV-7F Firmware
Mitsubishi Electric RV-7F
Mitsubishi Electric RV-7FL Firmware
Mitsubishi Electric RV-7FL Firmware
Mitsubishi Electric RV-7FLL Firmware
Mitsubishi Electric RV-7FLL Firmware

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

ICSA-23-026-05

Frequently Asked Questions

What is the severity of CVE-2022-33323?
CVE-2022-33323 has been classified as a critical vulnerability due to its ability to allow unauthorized remote access.
How do I fix CVE-2022-33323?
To mitigate CVE-2022-33323, update the affected Mitsubishi Electric firmware to the latest version provided by the vendor.
Which devices are affected by CVE-2022-33323?
CVE-2022-33323 affects various models in the Mitsubishi Electric MELFA SD/SQ Series and MELFA F-Series with specific firmware versions.
Can CVE-2022-33323 be exploited remotely?
Yes, CVE-2022-33323 can be exploited remotely by an unauthenticated attacker through an unauthorized telnet login.
What impact does CVE-2022-33323 have on industrial control systems?
The impact of CVE-2022-33323 on industrial control systems includes potential unauthorized access, leading to disruption or manipulation of robotic operations.