CVE-2022-24296

Use of a Broken or Risky Cryptographic Algorithm vulnerability in Air Conditioning System G-150AD Ver. 3.21 and prior, Air Conditioning System AG-150A-A Ver. 3.21 and prior, Air Conditioning System AG-150A-J Ver. 3.21 and prior, Air Conditioning System GB-50AD Ver. 3.21 and prior, Air Conditioning System GB-50ADA-A Ver. 3.21 and prior, Air Conditioning System GB-50ADA-J Ver. 3.21 and prior, Air Conditioning System EB-50GU-A Ver. 7.10 and prior, Air Conditioning System EB-50GU-J Ver. 7.10 and prior, Air Conditioning System AE-200J Ver. 7.97 and prior, Air Conditioning System AE-200A Ver. 7.97 and prior, Air Conditioning System AE-200E Ver. 7.97 and prior, Air Conditioning System AE-50J Ver. 7.97 and prior, Air Conditioning System AE-50A Ver. 7.97 and prior, Air Conditioning System AE-50E Ver. 7.97 and prior, Air Conditioning System EW-50J Ver. 7.97 and prior, Air Conditioning System EW-50A Ver. 7.97 and prior, Air Conditioning System EW-50E Ver. 7.97 and prior, Air Conditioning System TE-200A Ver. 7.97 and prior, Air Conditioning System TE-50A Ver. 7.97 and prior and Air Conditioning System TW-50A Ver. 7.97 and prior allows a remote unauthenticated attacker to cause a disclosure of encrypted message of the air conditioning systems by sniffing encrypted communications.

CVSS v3 7.5 HIGH
CVSS v2.0 5.0 MEDIUM

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://jvn.jp/vu/JVNVU95298925/index.html	Third Party Advisory
https://www.mee.co.jp/psirt/vulnerability/pdf/2022-001.pdf	Third Party Advisory
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-005_en.pdf	Vendor Advisory
https://jvn.jp/vu/JVNVU95298925/index.html	Third Party Advisory
https://www.mee.co.jp/psirt/vulnerability/pdf/2022-001.pdf	Third Party Advisory
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-005_en.pdf	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:mitsubishi:ae-200a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishi:ae-200a:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:mitsubishi:ae-200e_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishi:ae-200e:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:mitsubishi:ae-200j_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishi:ae-200j:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:mitsubishi:ae-50a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishi:ae-50a:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:mitsubishi:ae-50e_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishi:ae-50e:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:mitsubishi:ae-50j_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishi:ae-50j:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:mitsubishi:ag-150a-a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishi:ag-150a-a:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:mitsubishi:ag-150a-j_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishi:ag-150a-j:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:mitsubishi:eb-50gu-a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishi:eb-50gu-a:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:mitsubishi:eb-50gu-j_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishi:eb-50gu-j:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:mitsubishi:ew-50a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishi:ew-50a:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:mitsubishi:ew-50e_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishi:ew-50e:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:mitsubishi:ew-50j_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishi:ew-50j:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:mitsubishi:g-150ad_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishi:g-150ad:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:mitsubishi:gb-50a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishi:gb-50a:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:mitsubishi:gb-50ada-a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishi:gb-50ada-a:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:mitsubishi:gb-50ada-j_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishi:gb-50ada-j:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND

cpe:2.3:o:mitsubishi:te-200a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishi:te-200a:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND

cpe:2.3:o:mitsubishi:te-50a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishi:te-50a:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND

cpe:2.3:o:mitsubishi:tw-50a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishi:tw-50a:-:*:*:*:*:*:*:*

History

21 Nov 2024, 06:50

Type	Values Removed	Values Added
References	~~() https://jvn.jp/vu/JVNVU95298925/index.html - Third Party Advisory~~	() https://jvn.jp/vu/JVNVU95298925/index.html - Third Party Advisory
References	~~() https://www.mee.co.jp/psirt/vulnerability/pdf/2022-001.pdf - Third Party Advisory~~	() https://www.mee.co.jp/psirt/vulnerability/pdf/2022-001.pdf - Third Party Advisory
References	~~() https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-005_en.pdf - Vendor Advisory~~	() https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-005_en.pdf - Vendor Advisory

Information

Published : 2022-06-08 15:15

Updated : 2024-11-21 06:50

NVD link : CVE-2022-24296

Mitre link : CVE-2022-24296

CVE.ORG link : CVE-2022-24296

JSON object : View

Products Affected

mitsubishi

ae-200j_firmware
te-50a
ae-200a
ew-50a
g-150ad
eb-50gu-j_firmware
ae-50j
ag-150a-a_firmware
ag-150a-j_firmware
ae-200e_firmware
ag-150a-a
gb-50ada-j
ae-50e
eb-50gu-j
tw-50a_firmware
ag-150a-j
ew-50e_firmware
ae-50j_firmware
g-150ad_firmware
gb-50ada-j_firmware
ae-50a
ew-50a_firmware
ew-50j_firmware
ae-200a_firmware
gb-50ada-a
ew-50j
tw-50a
ae-200e
ae-200j
gb-50a
ae-50e_firmware
te-200a_firmware
eb-50gu-a_firmware
ew-50e
eb-50gu-a
te-200a
te-50a_firmware
ae-50a_firmware
gb-50a_firmware
gb-50ada-a_firmware

CWE

CWE-327

Use of a Broken or Risky Cryptographic Algorithm

7.5 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

5.0 /10

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

JSON object

Attach tags to CVE-2022-24296

7.5^/10

5.0^/10

Attach tags to `CVE-2022-24296`