PT-2021-11: Possibility to access file 00000001.SYP with file password mechanism enabled in the FX5U(C) CPU and FX5UJ CPU modules FX5U(C) CPU and FX5UJ CPU modules Severity level Severity level: High Impact: Possibility to access file 00000001.SYP with file password mechanism enabled in the FX5U(C) CPU and FX5UJ CPU modules Access Vector: Remote CVSS v3.0 Base Score: 7,4 Vector: (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N) CVE-2022-25158 Vulnerability description:The vulnerability of the FX5U(C) CPU and FX5UJ CPU modules of Mitsubishi Electric FA products is associated with the storage of sensitive information in open form. Exploiting the vulnerability may allow an attacker, provided that the file password mechanism is enabled, to gain access to file 00000001.SYP firmware PLC. Advisory status 15.12.2021 - Vendor gets vulnerability details 31.03.2022 - Security advisory publication date (https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-031_en.pdf ) Credits The vulnerability was detected by Anton Dorfman and Iliya Rogachev (Positive Technologies)