CVE-2022-23128
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Incomplete List of Disallowed Inputs vulnerability in Mitsubishi Electric MC Works64 versions 4.00A (10.95.201.23) to 4.04E (10.95.210.01), ICONICS GENESIS64 versions 10.95.3 to 10.97, ICONICS Hyper Historian versions 10.95.3 to 10.97, ICONICS AnalytiX versions 10.95.3 to 10.97 and ICONICS MobileHMI versions 10.95.3 to 10.97 allows a remote unauthenticated attacker to bypass the authentication of MC Works64, GENESIS64, Hyper Historian, AnalytiX and MobileHMI, and gain unauthorized access to the products, by sending specially crafted WebSocket packets to FrameWorX server, one of the functions of the products.
Una vulnerabilidad "Incomplete List of Disallowed Inputs" en Mitsubishi Electric MC Works64 versiones 4.00A (10.95.201.23) a 4.04E (10.95.210.01), ICONICS GENESIS64 versiones 10.95.3 a 10.97, ICONICS Hyper Historian versiones 10.95.3 a 10.97, ICONICS AnalytiX versiones 10.95.3 a 10.97 e ICONICS MobileHMI versiones 10. 95.3 a 10.97 permite a un atacante remoto no autenticado omitir la autenticación de MC Works64, GENESIS64, Hyper Historian, AnalytiX y MobileHMI, y conseguir acceso no autorizado a los productos, mediante el envío de paquetes WebSocket especialmente diseñados al servidor FrameWorX, una de las funciones de los productos
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-01-11 CVE Reserved
- 2022-01-21 CVE Published
- 2024-08-03 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| https://jvn.jp/vu/JVNVU95403720/index.html | Mitigation | |
| https://www.cisa.gov/uscert/ics/advisories/icsa-22-020-01 | Mitigation |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-026_en.pdf | 2022-01-27 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Iconics Search vendor "Iconics" | Analytix Search vendor "Iconics" for product "Analytix" | >= 10.95.3 <= 10.97 Search vendor "Iconics" for product "Analytix" and version " >= 10.95.3 <= 10.97" | - |
Affected
| ||||||
| Iconics Search vendor "Iconics" | Genesis64 Search vendor "Iconics" for product "Genesis64" | >= 10.95.3 <= 10.97 Search vendor "Iconics" for product "Genesis64" and version " >= 10.95.3 <= 10.97" | - |
Affected
| ||||||
| Iconics Search vendor "Iconics" | Hyper Historian Search vendor "Iconics" for product "Hyper Historian" | >= 10.95.3 <= 10.97 Search vendor "Iconics" for product "Hyper Historian" and version " >= 10.95.3 <= 10.97" | - |
Affected
| ||||||
| Iconics Search vendor "Iconics" | Mobilehmi Search vendor "Iconics" for product "Mobilehmi" | >= 10.95.3 <= 10.97 Search vendor "Iconics" for product "Mobilehmi" and version " >= 10.95.3 <= 10.97" | - |
Affected
| ||||||
| Mitsubishielectric Search vendor "Mitsubishielectric" | Mc Works64 Search vendor "Mitsubishielectric" for product "Mc Works64" | >= 10.95.201.23 <= 10.95.210.01 Search vendor "Mitsubishielectric" for product "Mc Works64" and version " >= 10.95.201.23 <= 10.95.210.01" | - |
Affected
| ||||||