Strix
26.1K

CVE-2022-33323

HIGHCVSS 7.5/10EPSS 1.14%

Last modified

CVE-2022-33323 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. Active Debug Code vulnerability in robot controller of Mitsubishi Electric Corporation industrial robot MELFA SD/SQ Series and MELFA F-Series allows a remote unauthenticated attacker to gain unauthorized access by authentication bypass through an unauthorized telnet login. As for the affected model names, controller types and firmware versions, see the Mitsubishi Electric's advisory which is listed in [References] section.. EPSS estimates a 1.14% chance of exploitation in the next 30 days.

Description

Active Debug Code vulnerability in robot controller of Mitsubishi Electric Corporation industrial robot MELFA SD/SQ Series and MELFA F-Series allows a remote unauthenticated attacker to gain unauthorized access by authentication bypass through an unauthorized telnet login. As for the affected model names, controller types and firmware versions, see the Mitsubishi Electric's advisory which is listed in [References] section.

Metrics

CVSS 3.1
7.5/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS Probability
1.14%

62.7th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
MitsubishielectricRh-12sdh55 FirmwareAll versions
MitsubishielectricRh-12sdh70 FirmwareAll versions
MitsubishielectricRh-12sdh85 FirmwareAll versions
MitsubishielectricRh-12sqh55 FirmwareAll versions
MitsubishielectricRh-12sqh70 FirmwareAll versions
MitsubishielectricRh-12sqh85 FirmwareAll versions
MitsubishielectricRh-20sdh100 FirmwareAll versions
MitsubishielectricRh-20sdh85 FirmwareAll versions
MitsubishielectricRh-20sqh85 FirmwareAll versions
MitsubishielectricRh-3sdhr FirmwareAll versions
MitsubishielectricRh-3sqhr FirmwareAll versions
MitsubishielectricRh-6sdh35 FirmwareAll versions
MitsubishielectricRh-6sdh45 FirmwareAll versions
MitsubishielectricRh-6sdh55 FirmwareAll versions
MitsubishielectricRh-6sqh35 FirmwareAll versions
MitsubishielectricRh-6sqh45 FirmwareAll versions
MitsubishielectricRh-6sqh55 FirmwareAll versions
MitsubishielectricRv-12sd FirmwareAll versions
MitsubishielectricRv-12sdl FirmwareAll versions
MitsubishielectricRv-12sq FirmwareAll versions
MitsubishielectricRv-12sql FirmwareAll versions
MitsubishielectricRv-2sdb FirmwareAll versions
MitsubishielectricRv-2sqb FirmwareAll versions
MitsubishielectricRv-3sd FirmwareAll versions
MitsubishielectricRv-3sdj FirmwareAll versions
MitsubishielectricRv-3sq FirmwareAll versions
MitsubishielectricRv-3sqj FirmwareAll versions
MitsubishielectricRv-6sd FirmwareAll versions
MitsubishielectricRv-6sdl FirmwareAll versions
MitsubishielectricRv-6sq FirmwareAll versions
MitsubishielectricRv-6sql FirmwareAll versions
MitsubishielectricRh-12fh55 FirmwareAll versions
MitsubishielectricRh-12fh70 FirmwareAll versions
MitsubishielectricRh-12fh85 FirmwareAll versions
MitsubishielectricRh-20fh100 FirmwareAll versions
MitsubishielectricRh-20fh85 FirmwareAll versions
MitsubishielectricRh-3fh35 FirmwareAll versions
MitsubishielectricRh-3fh45 FirmwareAll versions
MitsubishielectricRh-3fh55 FirmwareAll versions
MitsubishielectricRh-6fh35 FirmwareAll versions
MitsubishielectricRh-6fh45 FirmwareAll versions
MitsubishielectricRh-6fh55 FirmwareAll versions
MitsubishielectricRv-13f FirmwareAll versions
MitsubishielectricRv-13fl FirmwareAll versions
MitsubishielectricRv-20f FirmwareAll versions
MitsubishielectricRv-2f FirmwareAll versions
MitsubishielectricRv-4f FirmwareAll versions
MitsubishielectricRv-4fl FirmwareAll versions
MitsubishielectricRv-7f FirmwareAll versions
MitsubishielectricRv-7fl FirmwareAll versions

Showing 50 of 51 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2022-33323?
Active Debug Code vulnerability in robot controller of Mitsubishi Electric Corporation industrial robot MELFA SD/SQ Series and MELFA F-Series allows a remote unauthenticated attacker to gain unauthorized access by authentication bypass through an unauthorized telnet login. As for the affected model names, controller types and firmware versions, see the Mitsubishi Electric's advisory which is listed in [References] section.
How severe is CVE-2022-33323?
CVE-2022-33323 has a CVSS score of 7.5/10 (HIGH severity). The EPSS model estimates a 1.14% probability of exploitation in the next 30 days.
How do I fix CVE-2022-33323?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2022-33323?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST