PT-2021-10: Possibility of authorization in the file password mechanism using the password hash value in the FX5U(C) CPU and FX5UJ CPU modules FX5U(C) CPU and FX5UJ CPU modulesSeverity level Severity level: High Impact: Possibility of authorization in the file password mechanism using the password hash value in the FX5U(C) CPU and FX5UJ CPU modules Access Vector: Remote CVSS v3.0 Base Score: 7,4 Vector: (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N) CVE-2022-25157 Vulnerability description:The vulnerability of the FX5U(C) CPU and FX5UJ CPU modules of Mitsubishi Electric FA products is associated with the possibility of using a password hash instead of a password for authentication. Exploiting the vulnerability may allow an attacker who knows the hash value of the password to perform authorization in the file password mechanism using password hash. Advisory status 15.12.2021 - Vendor gets vulnerability details 31.03.2022 - Security advisory publication date (https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-031_en.pdf ) Credits The vulnerability was detected by Anton Dorfman (Positive Technologies)