Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-40267

Predictable Seed in Pseudo-Random Number Generator (PRNG) vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-xMy/z (x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) with serial number 17X**** or later, and versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-xMy/z (x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) with serial number 179**** and prior, and versions 1.074 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-xMy/z (x=32,64,96, y=T, z=D,DSS)) with serial number 17X**** or later, and versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-xMy/z (x=32,64,96, y=T, z=D,DSS)) with serial number 179**** and prior, and versions 1.074 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-32MT/DS-TS versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-32MT/DSS-TS versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-xMy/z (x=24,40,60, y=T,R, z=ES,ESS) versions 1.042 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-xMy/ES-A (x=24,40,60, y=T,R) versions 1.043 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5S-xMy/z (x=30,40,60,80, y=T,R, z=ES,ESS) versions 1.003 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-32MR/DS-TS versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R00/01/02CPU versions 33 and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120(EN)CPU versions 66 and prior allows a remote unauthenticated attacker to access the Web server function by guessing the random numbers used for authentication from several used random numbers.

Security Impact Summary

This vulnerability carries a MEDIUM severity rating with a CVSS v3.1 score of 5.9, indicating it can be exploited remotely over the network but requires specific conditions to be met without requiring user interaction and does not require pre-existing privileges . The vulnerability impacts integrity (unauthorized modifications), for affected systems. Impacting 106 products from mitsubishielectric, from mitsubishielectric, from mitsubishielectric and 103 others, organizations running these solutions should prioritize assessment and patching.

Historical Context

Reported in 2023, this vulnerability emerged during an era marked by increased sophistication in supply chain attacks, cloud infrastructure vulnerabilities, and software-as-a-service (SaaS) security challenges. Security practices during this period emphasized zero-trust architectures, container security, and API protection.

Published

2023-01-20T08:15:11.373

Last Modified

2024-11-21T07:21:09.770

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.9 (MEDIUM)

Weaknesses

Type: Secondary
CWE-337
Type: Primary
CWE-335

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	mitsubishielectric	fx5u-80mt\/ess_firmware	-	Yes
Hardware	mitsubishielectric	fx5u-80mt\/ess	-	No
Operating System	mitsubishielectric	fx5u-32mt\/dss_firmware	-	Yes
Hardware	mitsubishielectric	fx5u-32mt\/dss	-	No
Operating System	mitsubishielectric	fx5u-64mt\/dss_firmware	-	Yes
Hardware	mitsubishielectric	fx5u-64mt\/dss	-	No
Operating System	mitsubishielectric	fx5u-80mt\/dss_firmware	-	Yes
Hardware	mitsubishielectric	fx5u-80mt\/dss	-	No
Operating System	mitsubishielectric	fx5uc-32mt\/d_firmware	-	Yes
Hardware	mitsubishielectric	fx5uc-32mt\/d	-	No
Operating System	mitsubishielectric	fx5uc-64mt\/d_firmware	-	Yes
Hardware	mitsubishielectric	fx5uc-64mt\/d	-	No
Operating System	mitsubishielectric	fx5uc-96mt\/d_firmware	-	Yes
Hardware	mitsubishielectric	fx5uc-96mt\/d	-	No
Operating System	mitsubishielectric	fx5uc-32mt\/dss_firmware	-	Yes
Hardware	mitsubishielectric	fx5uc-32mt\/dss	-	No
Operating System	mitsubishielectric	fx5uc-64mt\/dss_firmware	-	Yes
Hardware	mitsubishielectric	fx5uc-64mt\/dss	-	No
Operating System	mitsubishielectric	fx5uc-96mt\/dss_firmware	-	Yes
Hardware	mitsubishielectric	fx5uc-96mt\/dss	-	No
Operating System	mitsubishielectric	fx5uc-32mt\/ds-ts_firmware	< 1.280	Yes
Hardware	mitsubishielectric	fx5uc-32mt\/ds-ts	-	No
Operating System	mitsubishielectric	fx5uc-32mt\/dss-ts_firmware	< 1.280	Yes
Hardware	mitsubishielectric	fx5uc-32mt\/dss-ts	-	No
Operating System	mitsubishielectric	fx5uc-32mr\/ds-ts_firmware	< 1.280	Yes
Hardware	mitsubishielectric	fx5uc-32mr\/ds-ts	-	No
Operating System	mitsubishielectric	r00cpu_firmware	-	Yes
Hardware	mitsubishielectric	r00cpu	-	No
Operating System	mitsubishielectric	r01cpu_firmware	-	Yes
Hardware	mitsubishielectric	r01cpu	-	No
Operating System	mitsubishielectric	r02cpu_firmware	-	Yes
Hardware	mitsubishielectric	r02cpu	-	No
Operating System	mitsubishielectric	r04cpu_firmware	-	Yes
Hardware	mitsubishielectric	r04cpu	-	No
Operating System	mitsubishielectric	r08cpu_firmware	-	Yes
Hardware	mitsubishielectric	r08cpu	-	No
Operating System	mitsubishielectric	r16cpu_firmware	-	Yes
Hardware	mitsubishielectric	r16cpu	-	No
Operating System	mitsubishielectric	r32cpu_firmware	-	Yes
Hardware	mitsubishielectric	r32cpu	-	No
Operating System	mitsubishielectric	r120cpu_firmware	-	Yes
Hardware	mitsubishielectric	r120cpu	-	No
Operating System	mitsubishielectric	r04encpu_firmware	-	Yes
Hardware	mitsubishielectric	r04encpu	-	No
Operating System	mitsubishielectric	r08encpu_firmware	-	Yes
Hardware	mitsubishielectric	r08encpu	-	No
Operating System	mitsubishielectric	r16encpu_firmware	-	Yes
Hardware	mitsubishielectric	r16encpu	-	No
Operating System	mitsubishielectric	r32encpu_firmware	-	Yes
Hardware	mitsubishielectric	r32encpu	-	No
Operating System	mitsubishielectric	r120encpu_firmware	-	Yes
Hardware	mitsubishielectric	r120encpu	-	No
Operating System	mitsubishielectric	fx5uj-24mt\/es_firmware	< 1.042	Yes
Hardware	mitsubishielectric	fx5uj-24mt\/es	-	No
Operating System	mitsubishielectric	fx5uj-40mt\/es_firmware	< 1.042	Yes
Hardware	mitsubishielectric	fx5uj-40mt\/es	-	No
Operating System	mitsubishielectric	fx5uj-60mt\/es_firmware	< 1.042	Yes
Hardware	mitsubishielectric	fx5uj-60mt\/es	-	No
Operating System	mitsubishielectric	fx5uj-24mr\/es_firmware	< 1.042	Yes
Hardware	mitsubishielectric	fx5uj-24mr\/es	-	No
Operating System	mitsubishielectric	fx5uj-40mr\/es_firmware	< 1.042	Yes
Hardware	mitsubishielectric	fx5uj-40mr\/es	-	No
Operating System	mitsubishielectric	fx5uj-60mr\/es_firmware	< 1.042	Yes
Hardware	mitsubishielectric	fx5uj-60mr\/es	-	No
Operating System	mitsubishielectric	fx5uj-24mt\/ess_firmware	< 1.042	Yes
Hardware	mitsubishielectric	fx5uj-24mt\/ess	-	No
Operating System	mitsubishielectric	fx5uj-40mt\/ess_firmware	< 1.042	Yes
Hardware	mitsubishielectric	fx5uj-40mt\/ess	-	No
Operating System	mitsubishielectric	fx5uj-60mt\/ess_firmware	< 1.042	Yes
Hardware	mitsubishielectric	fx5uj-60mt\/ess	-	No
Operating System	mitsubishielectric	fx5uj-24mt\/es-a_firmware	< 1.043	Yes
Hardware	mitsubishielectric	fx5uj-24mt\/es-a	-	No
Operating System	mitsubishielectric	fx5uj-40mt\/es-a_firmware	< 1.043	Yes
Hardware	mitsubishielectric	fx5uj-40mt\/es-a	-	No
Operating System	mitsubishielectric	fx5uj-60mt\/es-a_firmware	< 1.043	Yes
Hardware	mitsubishielectric	fx5uj-60mt\/es-a	-	No
Operating System	mitsubishielectric	fx5uj-24mr\/es-a_firmware	< 1.043	Yes
Hardware	mitsubishielectric	fx5uj-24mr\/es-a	-	No
Operating System	mitsubishielectric	fx5uj-40mr\/es-a_firmware	< 1.043	Yes
Hardware	mitsubishielectric	fx5uj-40mr\/es-a	-	No
Operating System	mitsubishielectric	fx5uj-60mr\/es-a_firmware	< 1.043	Yes
Hardware	mitsubishielectric	fx5uj-60mr\/es-a	-	No
Operating System	mitsubishielectric	fx5s-30mt\/es_firmware	< 1.003	Yes
Hardware	mitsubishielectric	fx5s-30mt\/es	-	No
Operating System	mitsubishielectric	fx5s-40mt\/es_firmware	< 1.003	Yes
Hardware	mitsubishielectric	fx5s-40mt\/es	-	No
Operating System	mitsubishielectric	fx5s-60mt\/es_firmware	< 1.003	Yes
Hardware	mitsubishielectric	fx5s-60mt\/es	-	No
Operating System	mitsubishielectric	fx5s-80mt\/es_firmware	< 1.003	Yes
Hardware	mitsubishielectric	fx5s-80mt\/es	-	No
Operating System	mitsubishielectric	fx5s-30mr\/es_firmware	< 1.003	Yes
Hardware	mitsubishielectric	fx5s-30mr\/es	-	No
Operating System	mitsubishielectric	fx5s-40mr\/es_firmware	< 1.003	Yes
Hardware	mitsubishielectric	fx5s-40mr\/es	-	No
Operating System	mitsubishielectric	fx5s-60mr\/es_firmware	< 1.003	Yes
Hardware	mitsubishielectric	fx5s-60mr\/es	-	No
Operating System	mitsubishielectric	fx5s-80mr\/es_firmware	< 1.003	Yes
Hardware	mitsubishielectric	fx5s-80mr\/es	-	No
Operating System	mitsubishielectric	fx5s-30mt\/ess_firmware	< 1.003	Yes
Hardware	mitsubishielectric	fx5s-30mt\/ess	-	No
Operating System	mitsubishielectric	fx5s-40mt\/ess_firmware	< 1.003	Yes
Hardware	mitsubishielectric	fx5s-40mt\/ess	-	No
Operating System	mitsubishielectric	fx5s-60mt\/ess_firmware	< 1.003	Yes
Hardware	mitsubishielectric	fx5s-60mt\/ess	-	No
Operating System	mitsubishielectric	fx5s-80mt\/ess_firmware	< 1.003	Yes
Hardware	mitsubishielectric	fx5s-80mt\/ess	-	No

References

https://jvn.jp/vu/JVNVU99673580/index.html Mitigation, Third Party Advisory ([email protected])
https://www.cisa.gov/uscert/ics/advisories/icsa-23-017-02 Mitigation, Third Party Advisory, US Government Resource ([email protected])
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-019_en.pdf Mitigation, Vendor Advisory ([email protected])
https://jvn.jp/vu/JVNVU99673580/index.html Mitigation, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/uscert/ics/advisories/icsa-23-017-02 Mitigation, Third Party Advisory, US Government Resource (af854a3a-2127-422b-91ae-364da2661108)
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-019_en.pdf Mitigation, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1646 (af854a3a-2127-422b-91ae-364da2661108)

How SecUtils Interprets This CVE

SecUtils normalizes and enriches National Vulnerability Database (NVD) records by standardizing vendor and product identifiers, aggregating vulnerability metadata from both NVD and MITRE sources, and providing structured context for security teams. For mitsubishielectric's affected products, we extract Common Platform Enumeration (CPE) data, Common Weakness Enumeration (CWE) classifications, CVSS severity metrics, and reference data to enable rapid vulnerability prioritization and asset correlation. This record contains no exploit code, proof-of-concept instructions, or attack methodologies—only defensive intelligence necessary for patch management, risk assessment, and security operations.