CVE-2022-33322

Name: CVE-2022-33322
Creator: NVD / NIST
Published: 2022-11-08T20:15:11.017+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

MEDIUMCVSS 6.1/10EPSS 0.84%

Last modified Jun 17, 2026

CVE-2022-33322 is a medium-severity vulnerability rated 6.1/10 on the CVSS scale. Cross-site scripting vulnerability in Mitsubishi Electric consumer electronics products (Air Conditioning, Wi-Fi Interface, Refrigerator, HEMS adapter, Remote control with Wi-Fi Interface, BATHROOM THERMO VENTILATOR, Rice cooker, Mitsubishi Electric HEMS control adapter, Energy Recovery Ventilator, Smart Switch and Air Purifier) allows a remote unauthenticated attacker to execute an malicious script on a user's browser to disclose information, etc. The wide range of models/versions of Mitsubishi Electric consumer electronics products are affected by this vulnerability. EPSS estimates a 0.84% chance of exploitation in the next 30 days.

Description

Cross-site scripting vulnerability in Mitsubishi Electric consumer electronics products (Air Conditioning, Wi-Fi Interface, Refrigerator, HEMS adapter, Remote control with Wi-Fi Interface, BATHROOM THERMO VENTILATOR, Rice cooker, Mitsubishi Electric HEMS control adapter, Energy Recovery Ventilator, Smart Switch and Air Purifier) allows a remote unauthenticated attacker to execute an malicious script on a user's browser to disclose information, etc. The wide range of models/versions of Mitsubishi Electric consumer electronics products are affected by this vulnerability. As for the affected product models/versions, see the Mitsubishi Electric's advisory which is listed in [References] section.

Metrics

CVSS 3.1

6.1/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS Probability

0.84%

53.1th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Mitsubishielectric	Mac-587if-E Firmware	<= 35.00
Mitsubishielectric	Mac-587if2-E Firmware	<= 35.00
Mitsubishielectric	Mac-507if-E Firmware	<= 35.00
Mitsubishielectric	Mac-588if-E Firmware	<= 35.00
Mitsubishielectric	S-Mac-002if Firmware	<= 35.00
Mitsubishielectric	Ma-Ew85s-E Firmware	<= 80.00
Mitsubishielectric	Ma-Ew85s-Uk Firmware	<= 80.00
Mitsubishielectric	Mfz-Gxt50\/60\/73vfk Firmware	<= 35.00
Mitsubishielectric	Mfz-Xt50\/60vfk Firmware	<= 35.00
Mitsubishielectric	Msxy-Fp05\/07\/10\/13\/18\/20\/24vgk-Sg1 Firmware	<= 35.00
Mitsubishielectric	Msy-Gp10\/13\/15\/18\/20\/24vfk-Sg1 Firmware	<= 35.00
Mitsubishielectric	Msz-Ap15\/20\/25\/35\/42\/50\/60\/71vgk-E2 Firmware	<= 35.00
Mitsubishielectric	Msz-Ap15\/20\/25\/35\/42\/50\/60\/71vgk-Er2 Firmware	<= 35.00
Mitsubishielectric	Msz-Ap15\/20\/25\/35\/42\/50\/60\/71vgk-Et2 Firmware	<= 35.00
Mitsubishielectric	Msz-Ap22\/25\/35\/42\/50\/60\/71\/80vgkd-A2 Firmware	<= 35.00
Mitsubishielectric	Msz-Ap22\/25\/35\/42\/50\/61\/70\/80vgkd-A1 Firmware	<= 35.00
Mitsubishielectric	Msz-Ap25\/35\/42\/50\/60\/71vgk-E3 Firmware	<= 35.00
Mitsubishielectric	Msz-Ap25\/35\/42\/50\/60\/71vgk-Er3 Firmware	<= 35.00
Mitsubishielectric	Msz-Ap25\/35\/42\/50\/60\/71vgk-Et3 Firmware	<= 35.00
Mitsubishielectric	Msz-Ap25\/35\/42\/50vgk-E1 Firmware	<= 35.00
Mitsubishielectric	Msz-Ap25\/35\/42\/50vgk-E7 Firmware	<= 35.00
Mitsubishielectric	Msz-Ap25\/35\/42\/50vgk-E8 Firmware	<= 35.00
Mitsubishielectric	Msz-Ap25\/35\/42\/50vgk-En1 Firmware	<= 35.00
Mitsubishielectric	Msz-Ap25\/35\/42\/50vgk-En2 Firmware	<= 35.00
Mitsubishielectric	Msz-Ap25\/35\/42\/50vgk-En3 Firmware	<= 35.00
Mitsubishielectric	Msz-Ap25\/35\/42\/50vgk-Er1 Firmware	<= 35.00
Mitsubishielectric	Msz-Ap25\/35\/42\/50vgk-Et1 Firmware	<= 35.00
Mitsubishielectric	Msz-Ay25\/35\/42\/50vgk-E1 Firmware	<= 35.00
Mitsubishielectric	Msz-Ay25\/35\/42\/50vgk-E6 Firmware	<= 35.00
Mitsubishielectric	Msz-Ay25\/35\/42\/50vgk-Er1 Firmware	<= 35.00
Mitsubishielectric	Msz-Ay25\/35\/42\/50vgk-Et1 Firmware	<= 35.00
Mitsubishielectric	Msz-Ay25\/35\/42\/50vgk-Sc1 Firmware	<= 35.00
Mitsubishielectric	Msz-Ay25\/35\/42\/50vgkp-E6 Firmware	<= 35.00
Mitsubishielectric	Msz-Ay25\/35\/42\/50vgkp-Er1 Firmware	<= 35.00
Mitsubishielectric	Msz-Ay25\/35\/42\/50vgkp-Et1 Firmware	<= 35.00
Mitsubishielectric	Msz-Ay25\/35\/42\/50vgkp-Sc1 Firmware	<= 35.00
Mitsubishielectric	Msz-Bt20\/25\/35\/50vgk-E1 Firmware	<= 35.00
Mitsubishielectric	Msz-Bt20\/25\/35\/50vgk-E2 Firmware	<= 35.00
Mitsubishielectric	Msz-Bt20\/25\/35\/50vgk-E3 Firmware	<= 35.00
Mitsubishielectric	Msz-Bt20\/25\/35\/50vgk-Er1 Firmware	<= 35.00
Mitsubishielectric	Msz-Bt20\/25\/35\/50vgk-Er2 Firmware	<= 35.00
Mitsubishielectric	Msz-Bt20\/25\/35\/50vgk-Et1 Firmware	<= 35.00
Mitsubishielectric	Msz-Bt20\/25\/35\/50vgk-Et2 Firmware	<= 35.00
Mitsubishielectric	Msz-Bt20\/25\/35\/50vgk-Et3 Firmware	<= 35.00
Mitsubishielectric	Msz-Ef18\/22\/25\/35\/42\/50vgkb-E1 Firmware	<= 35.00
Mitsubishielectric	Msz-Ef18\/22\/25\/35\/42\/50vgkb-E2 Firmware	<= 35.00
Mitsubishielectric	Msz-Ef18\/22\/25\/35\/42\/50vgks-E1 Firmware	<= 35.00
Mitsubishielectric	Msz-Ef18\/22\/25\/35\/42\/50vgks-E2 Firmware	<= 35.00
Mitsubishielectric	Msz-Ef18\/22\/25\/35\/42\/50vgkw-E1 Firmware	<= 35.00
Mitsubishielectric	Msz-Ef18\/22\/25\/35\/42\/50vgkw-E2 Firmware	<= 35.00

Showing 50 of 119 affected configurations. See NVD for the full list.

References

https://jvn.jp/vu/JVNVU96767562/index.htmlThird Party Advisory, VDB Entry
https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2022-011.pdfMitigation, Vendor Advisory
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-011_en.pdfMitigation, Vendor Advisory
https://jvn.jp/vu/JVNVU96767562/index.htmlThird Party Advisory, VDB Entry
https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2022-011.pdfMitigation, Vendor Advisory
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-011_en.pdfMitigation, Vendor Advisory

Timeline

Published: Nov 8, 2022
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2022-33322?

How severe is CVE-2022-33322?

CVE-2022-33322 has a CVSS score of 6.1/10 (MEDIUM severity). The EPSS model estimates a 0.84% probability of exploitation in the next 30 days.

How do I fix CVE-2022-33322?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2022-33322?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST