Unrated severityNVD Advisory· Published Jan 21, 2022· Updated Aug 3, 2024
CVE-2022-23128
CVE-2022-23128
Description
Incomplete List of Disallowed Inputs vulnerability in Mitsubishi Electric MC Works64 versions 4.00A (10.95.201.23) to 4.04E (10.95.210.01), ICONICS GENESIS64 versions 10.95.3 to 10.97, ICONICS Hyper Historian versions 10.95.3 to 10.97, ICONICS AnalytiX versions 10.95.3 to 10.97 and ICONICS MobileHMI versions 10.95.3 to 10.97 allows a remote unauthenticated attacker to bypass the authentication of MC Works64, GENESIS64, Hyper Historian, AnalytiX and MobileHMI, and gain unauthorized access to the products, by sending specially crafted WebSocket packets to FrameWorX server, one of the functions of the products.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4- Mitsubishi Electric/MC Works64description
- Range: 10.95.3 to 10.97
- Range: 10.95.3 to 10.97
- Range: 4.00A (10.95.201.23) to 4.04E (10.95.210.01)
Patches
Vulnerability mechanics
References
3- jvn.jp/vu/JVNVU95403720/index.htmlmitrex_refsource_MISC
- www.cisa.gov/uscert/ics/advisories/icsa-22-020-01mitrex_refsource_MISC
- www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-026_en.pdfmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.