PT-2021-13: Access to sensitive PLC information in FX5U(C) CPU and FX5UJ CPU modules

MEDIUM
(6.8) CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N

Vulnerable software

FX5U(C) CPU and FX5UJ CPU modules

Severity level

Severity level: Medium
Impact: Access to sensitive PLC information in FX5U(C) CPU and FX5UJ CPU modules
Access Vector: Remote

CVSS v3.0
Base Score: 6,8
Vector: (AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N)

CVE-2022-25160

Vulnerability description:

The vulnerability of the FX5U(C) CPU and FX5UJ CPU modules of Mitsubishi Electric FA products is associated with the possibility of access to sensitive PLC information. Exploiting the vulnerability may allow an attacker who has access to the project file to obtain the values of the parameters of the key security mechanism, which are stored in the clear.

Advisory status

15.12.2021 - Vendor gets vulnerability details
31.03.2022 - Security advisory publication date (https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-031_en.pdf )

Credits

The vulnerability was detected by Anton Dorfman and Artur Akhatov (Positive Technologies)

Identifier:
CVE-2022-25160
Vendor:
Mitsubishi Electric
Vulnerable product:
FX5U(C) CPU and FX5UJ CPU modules

Get in touch

Fill in the form and our specialists
will contact you shortly