PT-2021-11: Possibility to access file 00000001.SYP with file password mechanism enabled in the FX5U(C) CPU and FX5UJ CPU modules

HIGH

(7.4) CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

THREATSCAPE

Analytics articles

26 December 2024
Trending vulnerability digest November 2024
10 December 2024
Artificial intelligence in cyberattacks
9 December 2024
A look at India through the dark web: what hackers are after

What are the security threats on your network?

Check your traffic-for free

Request pilot

Vulnerable software

FX5U(C) CPU and FX5UJ CPU modules

Severity level

Severity level: High
Impact: Possibility to access file 00000001.SYP with file password mechanism enabled in the FX5U(C) CPU and FX5UJ CPU modules
Access Vector: Remote

CVSS v3.0
Base Score: 7,4
Vector: (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)

CVE-2022-25158

Vulnerability description:

The vulnerability of the FX5U(C) CPU and FX5UJ CPU modules of Mitsubishi Electric FA products is associated with the storage of sensitive information in open form. Exploiting the vulnerability may allow an attacker, provided that the file password mechanism is enabled, to gain access to file 00000001.SYP firmware PLC.

Advisory status

15.12.2021 - Vendor gets vulnerability details
31.03.2022 - Security advisory publication date (https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-031_en.pdf )

Credits

The vulnerability was detected by Anton Dorfman and Iliya Rogachev (Positive Technologies)

Identifier:

CVE-2022-25158

Vendor:

Mitsubishi Electric

Vulnerable product:

FX5U(C) CPU and FX5UJ CPU modules

Get in touch

Fill in the form and our specialists
will contact you shortly

General
questions

We're happy to answer any questions you may have.

Partnership

Join us in making the world a safer place.

Pilot
application

Test drive our solutions with a customized pilot program.