CVE-2021-20595

{"id": "CVE-2021-20595", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 8.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 7.8, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 4.2, "exploitabilityScore": 3.9}]}, "published": "2021-07-13T11:15:09.327", "references": [{"url": "https://jvn.jp/vu/JVNVU93086468/index.html", "tags": ["Third Party Advisory"], "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp"}, {"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-005_en.pdf", "tags": ["Vendor Advisory"], "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp"}, {"url": "https://jvn.jp/vu/JVNVU93086468/index.html", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-005_en.pdf", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-611"}]}], "descriptions": [{"lang": "en", "value": "Improper Restriction of XML External Entity Reference vulnerability in Mitsubishi Electric Air Conditioning System/Centralized Controllers (G-50A Ver.3.35 and prior, GB-50A Ver.3.35 and prior, GB-24A Ver.9.11 and prior, AG-150A-A Ver.3.20 and prior, AG-150A-J Ver.3.20 and prior, GB-50ADA-A Ver.3.20 and prior, GB-50ADA-J Ver.3.20 and prior, EB-50GU-A Ver 7.09 and prior, EB-50GU-J Ver 7.09 and prior, AE-200A Ver 7.93 and prior, AE-200E Ver 7.93 and prior, AE-50A Ver 7.93 and prior, AE-50E Ver 7.93 and prior, EW-50A Ver 7.93 and prior, EW-50E Ver 7.93 and prior, TE-200A Ver 7.93 and prior, TE-50A Ver 7.93 and prior, TW-50A Ver 7.93 and prior, CMS-RMD-J Ver.1.30 and prior), Air Conditioning System/Expansion Controllers (PAC-YG50ECA Ver.2.20 and prior) and Air Conditioning System/BM adapter(BAC-HD150 Ver.2.21 and prior) allows a remote unauthenticated attacker to disclose some of data in the air conditioning system or cause a DoS condition by sending specially crafted packets."}, {"lang": "es", "value": "Una vulnerabilidad de restricci\u00f3n inapropiada de referencia de tipo XML External Entity en Mitsubishi Electric Air Conditioning System/Centralized Controllers versiones: (G-50A Ver.3.35 y anteriores, GB-50A Ver.3.35 y anteriores, GB-24A Ver.9.11 y anteriores, AG-150A-A Ver.3.20 y anteriores, AG-150A-J Ver.3.20 y anteriores, GB-50ADA-A Ver.3.20 y anteriores, GB-50ADA-J Ver.3 .20 y anteriores, EB-50GU-A Ver 7.09 y anteriores, EB-50GU-J Ver 7.09 y anteriores, AE-200A Ver 7.93 y anteriores, AE-200E Ver 7.93 y anteriores, AE-50A Ver 7.93 y anteriores, AE-50E Ver 7.93 y anteriores, EW-50A Ver 7.93 y anteriores, EW-50E Ver 7.93 y anteriores, TE-200A Ver 7.93 y anteriores, TE-50A Ver 7.93 y anteriores, TW-50A Ver 7.93 y anteriores, CMS-RMD-J Ver.1 .30 y anteriores), Air Conditioning System/Expansion Controllers (PAC-YG50ECA Ver.2.20 y anteriores) y Sistema de Aire Acondicionado/Adaptador BM (BAC-HD150 Ver.2.21 y anteriores) permite a un atacante remoto no autenticado divulgar algunos de los datos del sistema de aire acondicionado o causar una condici\u00f3n de DoS mediante el env\u00edo de paquetes especialmente dise\u00f1ados"}], "lastModified": "2024-11-21T05:46:50.793", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:mitsubishi:g-50a_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "590E5BE8-3A41-4AAE-831E-8D01C2E4296F", "versionEndIncluding": "3.35", "versionStartIncluding": "2.50"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:mitsubishi:g-50a:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "DD839297-7BB1-4447-B781-86A501682648"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:mitsubishi:gb-50a_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C24DC7AC-ACF3-4B4F-8605-60ABBC91F723", "versionEndIncluding": "3.35", "versionStartIncluding": "2.50"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:mitsubishi:gb-50a:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "CF1DA319-3B4E-4255-8B09-D4CA82F4CEDD"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:mitsubishi:ag-150a-a_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A59BEA50-00EF-4958-97D3-D13599FDB02E", "versionEndIncluding": "3.20"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:mitsubishi:ag-150a-a:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2E37278D-F466-4D02-A3D2-C784D579156B"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:mitsubishi:ag-150a-j_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "66F1FEF1-1896-4ABD-A69B-789AF83B5D17", "versionEndIncluding": "3.20"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:mitsubishi:ag-150a-j:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A95212E0-241E-4AD9-97A4-1F75DF382115"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:mitsubishi:gb-50ada-a_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2714AD39-85DB-4A82-91F4-AF1E1AD7732B", "versionEndIncluding": "3.20"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:mitsubishi:gb-50ada-a:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "4F3A0876-AAC8-48B2-9081-F0989CBCF3C0"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:mitsubishi:gb-50ada-j_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2175EE52-FE97-490D-A52F-2775C84E2577", "versionEndIncluding": "3.20"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:mitsubishi:gb-50ada-j:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "006B9E46-F48B-483B-A909-35A7E5A5A76B"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:mitsubishi:eb-50gu-a_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0750A08B-856A-456E-926F-1EBDB90A6608", "versionEndIncluding": "7.09"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:mitsubishi:eb-50gu-a:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "4BC98F5E-1FE9-4C5D-80B5-E90852A9BE0C"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:mitsubishi:eb-50gu-j_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "84227253-E377-41F7-B515-C890F28F271B", "versionEndIncluding": "7.09"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:mitsubishi:eb-50gu-j:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "4575CA5F-5B1F-46AF-BD08-7A6C37E7D2F9"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:mitsubishi:ae-200a_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "70AC9C1D-4AE3-430F-98F0-6A4944725B58", "versionEndIncluding": "7.93"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:mitsubishi:ae-200a:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "208B2720-7090-41FB-99EF-20D4BBF07685"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:mitsubishi:ae-200e_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "125ED867-F47D-4532-98F5-FDC99819D37C", "versionEndIncluding": "7.93"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:mitsubishi:ae-200e:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "222E1D60-FB10-477A-A21E-EAC902CCC1EF"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:mitsubishi:ae-50a_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8AEC0B91-9928-404E-9991-6FE8560E4A94", "versionEndIncluding": "7.93"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:mitsubishi:ae-50a:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3BC7EF0E-9DC4-4126-BA84-990FDE5EC5EA"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:mitsubishi:ae-50e_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A13BC506-5437-4FB5-9FA6-666B9785D774", "versionEndIncluding": "7.93"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:mitsubishi:ae-50e:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5E2F0B95-8905-4CBD-A50D-DD11C3B1639E"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:mitsubishi:ew-50a_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7BA4C2EB-96FD-416E-BB0F-6390516904E5", "versionEndIncluding": "7.93"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:mitsubishi:ew-50a:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1A55E519-0E2B-4809-9453-3D240949AF25"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:mitsubishi:ew-50e_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BA6DCE61-57D2-4011-AF5B-6A5A8D180491", "versionEndIncluding": "7.93"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:mitsubishi:ew-50e:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "36D3BD0B-F2C0-4DD7-9EC7-A0ADD2001833"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:mitsubishi:te-200a_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2454711C-B053-4071-996A-CF2F90FCC27D", "versionEndIncluding": "7.93"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:mitsubishi:te-200a:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "15CCCC0A-AFBE-4C9B-A92C-8E0C5CF2A055"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:mitsubishi:te-50a_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E5CD0C0A-7EFE-4435-A6DE-A0AEF6F1CA09", "versionEndIncluding": "7.93"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:mitsubishi:te-50a:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C556A4B8-4351-43AD-9E85-D8736D3799E7"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:mitsubishi:tw-50a_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D9B2E089-A079-448D-A0AB-B92828747504", "versionEndIncluding": "7.93"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:mitsubishi:tw-50a:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2625668C-2AB6-4610-A609-D2B299EA9B53"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:mitsubishi:cms-rmd-j_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E55ABCF2-4170-40F6-8D75-C6EFA7EA4802", "versionEndIncluding": "1.30"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:mitsubishi:cms-rmd-j:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7F93ABCC-1DD4-4202-831C-AD1E5D04FD31"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:mitsubishi:pac-yg50eca_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "89CEB979-0C82-41BB-9371-F860EE9C635E", "versionEndIncluding": "2.20"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:mitsubishi:pac-yg50eca:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "32415898-51D3-4925-8AD1-84D9A3276181"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp"}