CVE-2021-20593
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Incorrect Implementation of Authentication Algorithm in Mitsubishi Electric Air Conditioning System/Centralized Controllers (G-50A Ver.2.50 to Ver. 3.35, GB-50A Ver.2.50 to Ver. 3.35, AG-150A-A Ver.3.20 and prior, AG-150A-J Ver.3.20 and prior, GB-50ADA-A Ver.3.20 and prior, GB-50ADA-J Ver.3.20 and prior, EB-50GU-A Ver 7.09 and prior, EB-50GU-J Ver 7.09 and prior, AE-200A Ver 7.93 and prior, AE-200E Ver 7.93 and prior, AE-50A Ver 7.93 and prior, AE-50E Ver 7.93 and prior, EW-50A Ver 7.93 and prior, EW-50E Ver 7.93 and prior, TE-200A Ver 7.93 and prior, TE-50A Ver 7.93 and prior, TW-50A Ver 7.93 and prior, CMS-RMD-J Ver.1.30 and prior) and Air Conditioning System/Expansion Controllers (PAC-YG50ECA Ver.2.20 and prior) allows a remote authenticated attacker to impersonate administrators to disclose configuration information of the air conditioning system and tamper information (e.g. operation information and configuration of air conditioning system) by exploiting this vulnerability.
Una Implementación Incorrecta del Algoritmo de Autenticación en Mitsubishi Electric Air Conditioning System/Centralized Controllers versiones: (G-50A Versiones.2.50 hasta Versiones. 3.35, GB-50A Versiones.2.50 hasta Versiones. 3.35, AG-150A-A Ver.3.20 y anteriores, AG-150A-J Ver.3.20 y anteriores, GB-50ADA-A Versiones.3.20 y anteriores, GB-50ADA-J Versiones.3 .20 y anteriores, EB-50GU-A Versiones 7.09 y anteriores, EB-50GU-J Versiones 7.09 y anteriores, AE-200A Versiones 7.93 y anteriores, AE-200E Versiones 7.93 y anteriores, AE-50A Versiones 7.93 y anteriores, AE-50E Versiones 7.93 y anteriores, EW-50A Versiones 7.93 y anteriores, EW-50E Versiones 7.93 y anteriores, TE-200A Versiones 7.93 y anteriores, TE-50A Versiones 7.93 y anteriores, TW-50A Versiones 7.93 y anteriores, CMS-RMD-J Versiones.1 .30 y anteriores) y los Controladores del Air Conditioning System/Expansion (PAC-YG50ECA Versiones .2.20 y anteriores) permiten a un atacante remoto autenticado hacerse pasar por administrador para divulgar información de configuración del sistema de aire acondicionado e información de manipulación (por ejemplo, información de funcionamiento y configuración del sistema de aire acondicionado) al explotar esta vulnerabilidad
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-12-17 CVE Reserved
- 2021-07-13 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-287: Improper Authentication
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://jvn.jp/vu/JVNVU96046575/index.html | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-004_en.pdf | 2021-08-05 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Mitsubishi Search vendor "Mitsubishi" | G-50a Firmware Search vendor "Mitsubishi" for product "G-50a Firmware" | >= 2.50 <= 3.35 Search vendor "Mitsubishi" for product "G-50a Firmware" and version " >= 2.50 <= 3.35" | - |
Affected
| in | Mitsubishi Search vendor "Mitsubishi" | G-50a Search vendor "Mitsubishi" for product "G-50a" | - | - |
Safe
|
| Mitsubishi Search vendor "Mitsubishi" | Gb-50a Firmware Search vendor "Mitsubishi" for product "Gb-50a Firmware" | >= 2.50 <= 3.35 Search vendor "Mitsubishi" for product "Gb-50a Firmware" and version " >= 2.50 <= 3.35" | - |
Affected
| in | Mitsubishi Search vendor "Mitsubishi" | Gb-50a Search vendor "Mitsubishi" for product "Gb-50a" | - | - |
Safe
|
| Mitsubishi Search vendor "Mitsubishi" | Ag-150a-a Firmware Search vendor "Mitsubishi" for product "Ag-150a-a Firmware" | <= 3.20 Search vendor "Mitsubishi" for product "Ag-150a-a Firmware" and version " <= 3.20" | - |
Affected
| in | Mitsubishi Search vendor "Mitsubishi" | Ag-150a-a Search vendor "Mitsubishi" for product "Ag-150a-a" | - | - |
Safe
|
| Mitsubishi Search vendor "Mitsubishi" | Ag-150a-j Firmware Search vendor "Mitsubishi" for product "Ag-150a-j Firmware" | <= 3.20 Search vendor "Mitsubishi" for product "Ag-150a-j Firmware" and version " <= 3.20" | - |
Affected
| in | Mitsubishi Search vendor "Mitsubishi" | Ag-150a-j Search vendor "Mitsubishi" for product "Ag-150a-j" | - | - |
Safe
|
| Mitsubishi Search vendor "Mitsubishi" | Gb-50ada-a Firmware Search vendor "Mitsubishi" for product "Gb-50ada-a Firmware" | <= 3.20 Search vendor "Mitsubishi" for product "Gb-50ada-a Firmware" and version " <= 3.20" | - |
Affected
| in | Mitsubishi Search vendor "Mitsubishi" | Gb-50ada-a Search vendor "Mitsubishi" for product "Gb-50ada-a" | - | - |
Safe
|
| Mitsubishi Search vendor "Mitsubishi" | Gb-50ada-j Firmware Search vendor "Mitsubishi" for product "Gb-50ada-j Firmware" | <= 3.20 Search vendor "Mitsubishi" for product "Gb-50ada-j Firmware" and version " <= 3.20" | - |
Affected
| in | Mitsubishi Search vendor "Mitsubishi" | Gb-50ada-j Search vendor "Mitsubishi" for product "Gb-50ada-j" | - | - |
Safe
|
| Mitsubishi Search vendor "Mitsubishi" | Eb-50gu-a Firmware Search vendor "Mitsubishi" for product "Eb-50gu-a Firmware" | <= 7.09 Search vendor "Mitsubishi" for product "Eb-50gu-a Firmware" and version " <= 7.09" | - |
Affected
| in | Mitsubishi Search vendor "Mitsubishi" | Eb-50gu-a Search vendor "Mitsubishi" for product "Eb-50gu-a" | - | - |
Safe
|
| Mitsubishi Search vendor "Mitsubishi" | Eb-50gu-j Firmware Search vendor "Mitsubishi" for product "Eb-50gu-j Firmware" | <= 7.09 Search vendor "Mitsubishi" for product "Eb-50gu-j Firmware" and version " <= 7.09" | - |
Affected
| in | Mitsubishi Search vendor "Mitsubishi" | Eb-50gu-j Search vendor "Mitsubishi" for product "Eb-50gu-j" | - | - |
Safe
|
| Mitsubishi Search vendor "Mitsubishi" | Ae-200a Firmware Search vendor "Mitsubishi" for product "Ae-200a Firmware" | <= 7.93 Search vendor "Mitsubishi" for product "Ae-200a Firmware" and version " <= 7.93" | - |
Affected
| in | Mitsubishi Search vendor "Mitsubishi" | Ae-200a Search vendor "Mitsubishi" for product "Ae-200a" | - | - |
Safe
|
| Mitsubishi Search vendor "Mitsubishi" | Ae-200e Firmware Search vendor "Mitsubishi" for product "Ae-200e Firmware" | <= 7.93 Search vendor "Mitsubishi" for product "Ae-200e Firmware" and version " <= 7.93" | - |
Affected
| in | Mitsubishi Search vendor "Mitsubishi" | Ae-200e Search vendor "Mitsubishi" for product "Ae-200e" | - | - |
Safe
|
| Mitsubishi Search vendor "Mitsubishi" | Ae-50a Firmware Search vendor "Mitsubishi" for product "Ae-50a Firmware" | <= 7.93 Search vendor "Mitsubishi" for product "Ae-50a Firmware" and version " <= 7.93" | - |
Affected
| in | Mitsubishi Search vendor "Mitsubishi" | Ae-50a Search vendor "Mitsubishi" for product "Ae-50a" | - | - |
Safe
|
| Mitsubishi Search vendor "Mitsubishi" | Ae-50e Firmware Search vendor "Mitsubishi" for product "Ae-50e Firmware" | <= 7.93 Search vendor "Mitsubishi" for product "Ae-50e Firmware" and version " <= 7.93" | - |
Affected
| in | Mitsubishi Search vendor "Mitsubishi" | Ae-50e Search vendor "Mitsubishi" for product "Ae-50e" | - | - |
Safe
|
| Mitsubishi Search vendor "Mitsubishi" | Ew-50a Firmware Search vendor "Mitsubishi" for product "Ew-50a Firmware" | <= 7.93 Search vendor "Mitsubishi" for product "Ew-50a Firmware" and version " <= 7.93" | - |
Affected
| in | Mitsubishi Search vendor "Mitsubishi" | Ew-50a Search vendor "Mitsubishi" for product "Ew-50a" | - | - |
Safe
|
| Mitsubishi Search vendor "Mitsubishi" | Ew-50e Firmware Search vendor "Mitsubishi" for product "Ew-50e Firmware" | <= 7.93 Search vendor "Mitsubishi" for product "Ew-50e Firmware" and version " <= 7.93" | - |
Affected
| in | Mitsubishi Search vendor "Mitsubishi" | Ew-50e Search vendor "Mitsubishi" for product "Ew-50e" | - | - |
Safe
|
| Mitsubishi Search vendor "Mitsubishi" | Te-200a Firmware Search vendor "Mitsubishi" for product "Te-200a Firmware" | <= 7.93 Search vendor "Mitsubishi" for product "Te-200a Firmware" and version " <= 7.93" | - |
Affected
| in | Mitsubishi Search vendor "Mitsubishi" | Te-200a Search vendor "Mitsubishi" for product "Te-200a" | - | - |
Safe
|
| Mitsubishi Search vendor "Mitsubishi" | Te-50a Firmware Search vendor "Mitsubishi" for product "Te-50a Firmware" | <= 7.93 Search vendor "Mitsubishi" for product "Te-50a Firmware" and version " <= 7.93" | - |
Affected
| in | Mitsubishi Search vendor "Mitsubishi" | Te-50a Search vendor "Mitsubishi" for product "Te-50a" | - | - |
Safe
|
| Mitsubishi Search vendor "Mitsubishi" | Tw-50a Firmware Search vendor "Mitsubishi" for product "Tw-50a Firmware" | <= 7.93 Search vendor "Mitsubishi" for product "Tw-50a Firmware" and version " <= 7.93" | - |
Affected
| in | Mitsubishi Search vendor "Mitsubishi" | Tw-50a Search vendor "Mitsubishi" for product "Tw-50a" | - | - |
Safe
|
| Mitsubishi Search vendor "Mitsubishi" | Cms-rmd-j Firmware Search vendor "Mitsubishi" for product "Cms-rmd-j Firmware" | <= 1.30 Search vendor "Mitsubishi" for product "Cms-rmd-j Firmware" and version " <= 1.30" | - |
Affected
| in | Mitsubishi Search vendor "Mitsubishi" | Cms-rmd-j Search vendor "Mitsubishi" for product "Cms-rmd-j" | - | - |
Safe
|
| Mitsubishi Search vendor "Mitsubishi" | Pac-yg50eca Firmware Search vendor "Mitsubishi" for product "Pac-yg50eca Firmware" | <= 2.20 Search vendor "Mitsubishi" for product "Pac-yg50eca Firmware" and version " <= 2.20" | - |
Affected
| in | Mitsubishi Search vendor "Mitsubishi" | Pac-yg50eca Search vendor "Mitsubishi" for product "Pac-yg50eca" | - | - |
Safe
|