CVE-2022-24296

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2022-24296
Use of a Broken or Risky Cryptographic Algorithm vulnerability in Air Conditioning System G-150AD Ver. 3.21 and prior, Air Conditioning System AG-150A-A Ver. 3.21 and prior, Air Conditioning System AG-150A-J Ver. 3.21 and prior, Air Conditioning System GB-50AD Ver. 3.21 and prior, Air Conditioning System GB-50ADA-A Ver. 3.21 and prior, Air Conditioning System GB-50ADA-J Ver. 3.21 and prior, Air Conditioning System EB-50GU-A Ver. 7.10 and prior, Air Conditioning System EB-50GU-J Ver. 7.10 and prior, Air Conditioning System AE-200J Ver. 7.97 and prior, Air Conditioning System AE-200A Ver. 7.97 and prior, Air Conditioning System AE-200E Ver. 7.97 and prior, Air Conditioning System AE-50J Ver. 7.97 and prior, Air Conditioning System AE-50A Ver. 7.97 and prior, Air Conditioning System AE-50E Ver. 7.97 and prior, Air Conditioning System EW-50J Ver. 7.97 and prior, Air Conditioning System EW-50A Ver. 7.97 and prior, Air Conditioning System EW-50E Ver. 7.97 and prior, Air Conditioning System TE-200A Ver. 7.97 and prior, Air Conditioning System TE-50A Ver. 7.97 and prior and Air Conditioning System TW-50A Ver. 7.97 and prior allows a remote unauthenticated attacker to cause a disclosure of encrypted message of the air conditioning systems by sniffing encrypted communications.

7.5 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

5.0 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References
Link Resource
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-005_en.pdf Vendor Advisory
https://jvn.jp/vu/JVNVU95298925/index.html Third Party Advisory
https://www.mee.co.jp/psirt/vulnerability/pdf/2022-001.pdf Third Party Advisory
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:mitsubishi:ae-200a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishi:ae-200a:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:mitsubishi:ae-200e_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishi:ae-200e:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:mitsubishi:ae-200j_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishi:ae-200j:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:mitsubishi:ae-50a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishi:ae-50a:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:mitsubishi:ae-50e_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishi:ae-50e:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:mitsubishi:ae-50j_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishi:ae-50j:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:mitsubishi:ag-150a-a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishi:ag-150a-a:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:mitsubishi:ag-150a-j_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishi:ag-150a-j:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:mitsubishi:eb-50gu-a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishi:eb-50gu-a:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:mitsubishi:eb-50gu-j_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishi:eb-50gu-j:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:mitsubishi:ew-50a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishi:ew-50a:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:mitsubishi:ew-50e_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishi:ew-50e:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:mitsubishi:ew-50j_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishi:ew-50j:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:mitsubishi:g-150ad_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishi:g-150ad:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:mitsubishi:gb-50a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishi:gb-50a:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
cpe:2.3:o:mitsubishi:gb-50ada-a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishi:gb-50ada-a:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND
cpe:2.3:o:mitsubishi:gb-50ada-j_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishi:gb-50ada-j:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND
cpe:2.3:o:mitsubishi:te-200a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishi:te-200a:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND
cpe:2.3:o:mitsubishi:te-50a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishi:te-50a:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND
cpe:2.3:o:mitsubishi:tw-50a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishi:tw-50a:-:*:*:*:*:*:*:*
Information

Published : 2022-06-08 08:15

Updated : 2022-06-17 08:36

NVD link : CVE-2022-24296

Mitre link : CVE-2022-24296

JSON object : View

CWE
CWE-327

Use of a Broken or Risky Cryptographic Algorithm

Advertisement

dedicated server usa
Products Affected

mitsubishi

  • ae-50a
  • ae-200e
  • ae-50e
  • gb-50ada-j_firmware
  • gb-50ada-j
  • te-200a_firmware
  • g-150ad
  • gb-50a_firmware
  • ew-50e_firmware
  • gb-50ada-a
  • te-200a
  • g-150ad_firmware
  • tw-50a
  • ae-200j
  • gb-50a
  • ae-50a_firmware
  • ew-50a
  • eb-50gu-a
  • ew-50a_firmware
  • eb-50gu-a_firmware
  • ew-50j_firmware
  • eb-50gu-j_firmware
  • ag-150a-j
  • ae-200a_firmware
  • ae-200j_firmware
  • ae-200a
  • ag-150a-a_firmware
  • te-50a
  • ag-150a-j_firmware
  • te-50a_firmware
  • tw-50a_firmware
  • ae-50j
  • ew-50j
  • gb-50ada-a_firmware
  • ag-150a-a
  • ae-200e_firmware
  • ae-50e_firmware
  • eb-50gu-j
  • ae-50j_firmware
  • ew-50e