PT-2021-08: Possibility of authorization in Remote Password mechanism using password hash in FX5U(C) CPU and FX5UJ CPU modules
FX5U(C) CPU and FX5UJ CPU modules
Severity level
Severity level: Medium
Impact: Possibility of authorization in Remote Password mechanism using password hash
Access Vector: Remote
CVSS v3.0
Base Score: 5,9
Vector: (AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)
CVE-2022-25155
Vulnerability description:
Exploiting the vulnerability of the FX5U(C) CPU and FX5U CPU modules of Mitsubishi Electric FA products may allow an attacker to perform authorization in Remote Password mechanism using password hash
Advisory status
15.12.2021 - Vendor gets vulnerability details
31.03.2022 - Security advisory publication date (https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-031_en.pdf )
Credits
The vulnerability was detected by Anton Dorfman (Positive Technologies)