Search criteria
6 vulnerabilities found for ae-50a_firmware by mitsubishi
CVE-2022-24296 (GCVE-0-2022-24296)
Vulnerability from nvd – Published: 2022-06-08 14:11 – Updated: 2024-08-03 04:07
VLAI?
Summary
Use of a Broken or Risky Cryptographic Algorithm vulnerability in Air Conditioning System G-150AD Ver. 3.21 and prior, Air Conditioning System AG-150A-A Ver. 3.21 and prior, Air Conditioning System AG-150A-J Ver. 3.21 and prior, Air Conditioning System GB-50AD Ver. 3.21 and prior, Air Conditioning System GB-50ADA-A Ver. 3.21 and prior, Air Conditioning System GB-50ADA-J Ver. 3.21 and prior, Air Conditioning System EB-50GU-A Ver. 7.10 and prior, Air Conditioning System EB-50GU-J Ver. 7.10 and prior, Air Conditioning System AE-200J Ver. 7.97 and prior, Air Conditioning System AE-200A Ver. 7.97 and prior, Air Conditioning System AE-200E Ver. 7.97 and prior, Air Conditioning System AE-50J Ver. 7.97 and prior, Air Conditioning System AE-50A Ver. 7.97 and prior, Air Conditioning System AE-50E Ver. 7.97 and prior, Air Conditioning System EW-50J Ver. 7.97 and prior, Air Conditioning System EW-50A Ver. 7.97 and prior, Air Conditioning System EW-50E Ver. 7.97 and prior, Air Conditioning System TE-200A Ver. 7.97 and prior, Air Conditioning System TE-50A Ver. 7.97 and prior and Air Conditioning System TW-50A Ver. 7.97 and prior allows a remote unauthenticated attacker to cause a disclosure of encrypted message of the air conditioning systems by sniffing encrypted communications.
Severity ?
No CVSS data available.
CWE
- Use of a Broken or Risky Cryptographic Algorithm
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Air Conditioning System G-150AD; Air Conditioning System AG-150A-A; Air Conditioning System AG-150A-J; Air Conditioning System GB-50AD; Air Conditioning System GB-50ADA-A; Air Conditioning System GB-50ADA-J; Air Conditioning System EB-50GU-A; Air Conditioning System EB-50GU-J; Air Conditioning System AE-200J; Air Conditioning System AE-200A; Air Conditioning System AE-200E; Air Conditioning System AE-50J; Air Conditioning System AE-50A; Air Conditioning System AE-50E; Air Conditioning System EW-50J; Air Conditioning System EW-50A; Air Conditioning System EW-50E; Air Conditioning System TE-200A; Air Conditioning System TE-50A; Air Conditioning System TW-50A |
Affected:
Air Conditioning System G-150AD Ver. 3.21 and prior
Affected: Air Conditioning System AG-150A-A Ver. 3.21 and prior Affected: Air Conditioning System AG-150A-J Ver. 3.21 and prior Affected: Air Conditioning System GB-50AD Ver. 3.21 and prior Affected: Air Conditioning System GB-50ADA-A Ver. 3.21 and prior Affected: Air Conditioning System GB-50ADA-J Ver. 3.21 and prior Affected: Air Conditioning System EB-50GU-A Ver. 7.10 and prior Affected: Air Conditioning System EB-50GU-J Ver. 7.10 and prior Affected: Air Conditioning System AE-200J Ver. 7.97 and prior Affected: Air Conditioning System AE-200A Ver. 7.97 and prior Affected: Air Conditioning System AE-200E Ver. 7.97 and prior Affected: Air Conditioning System AE-50J Ver. 7.97 and prior Affected: Air Conditioning System AE-50A Ver. 7.97 and prior Affected: Air Conditioning System AE-50E Ver. 7.97 and prior Affected: Air Conditioning System EW-50J Ver. 7.97 and prior Affected: Air Conditioning System EW-50A Ver. 7.97 and prior Affected: Air Conditioning System EW-50E Ver. 7.97 and prior Affected: Air Conditioning System TE-200A Ver. 7.97 and prior Affected: Air Conditioning System TE-50A Ver. 7.97 and prior Affected: Air Conditioning System TW-50A Ver. 7.97 and prior |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:07:02.409Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-005_en.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mee.co.jp/psirt/vulnerability/pdf/2022-001.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/vu/JVNVU95298925/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Air Conditioning System G-150AD; Air Conditioning System AG-150A-A; Air Conditioning System AG-150A-J; Air Conditioning System GB-50AD; Air Conditioning System GB-50ADA-A; Air Conditioning System GB-50ADA-J; Air Conditioning System EB-50GU-A; Air Conditioning System EB-50GU-J; Air Conditioning System AE-200J; Air Conditioning System AE-200A; Air Conditioning System AE-200E; Air Conditioning System AE-50J; Air Conditioning System AE-50A; Air Conditioning System AE-50E; Air Conditioning System EW-50J; Air Conditioning System EW-50A; Air Conditioning System EW-50E; Air Conditioning System TE-200A; Air Conditioning System TE-50A; Air Conditioning System TW-50A",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Air Conditioning System G-150AD Ver. 3.21 and prior"
},
{
"status": "affected",
"version": "Air Conditioning System AG-150A-A Ver. 3.21 and prior"
},
{
"status": "affected",
"version": "Air Conditioning System AG-150A-J Ver. 3.21 and prior"
},
{
"status": "affected",
"version": "Air Conditioning System GB-50AD Ver. 3.21 and prior"
},
{
"status": "affected",
"version": "Air Conditioning System GB-50ADA-A Ver. 3.21 and prior"
},
{
"status": "affected",
"version": "Air Conditioning System GB-50ADA-J Ver. 3.21 and prior"
},
{
"status": "affected",
"version": "Air Conditioning System EB-50GU-A Ver. 7.10 and prior"
},
{
"status": "affected",
"version": "Air Conditioning System EB-50GU-J Ver. 7.10 and prior"
},
{
"status": "affected",
"version": "Air Conditioning System AE-200J Ver. 7.97 and prior"
},
{
"status": "affected",
"version": "Air Conditioning System AE-200A Ver. 7.97 and prior"
},
{
"status": "affected",
"version": "Air Conditioning System AE-200E Ver. 7.97 and prior"
},
{
"status": "affected",
"version": "Air Conditioning System AE-50J Ver. 7.97 and prior"
},
{
"status": "affected",
"version": "Air Conditioning System AE-50A Ver. 7.97 and prior"
},
{
"status": "affected",
"version": "Air Conditioning System AE-50E Ver. 7.97 and prior"
},
{
"status": "affected",
"version": "Air Conditioning System EW-50J Ver. 7.97 and prior"
},
{
"status": "affected",
"version": "Air Conditioning System EW-50A Ver. 7.97 and prior"
},
{
"status": "affected",
"version": "Air Conditioning System EW-50E Ver. 7.97 and prior"
},
{
"status": "affected",
"version": "Air Conditioning System TE-200A Ver. 7.97 and prior"
},
{
"status": "affected",
"version": "Air Conditioning System TE-50A Ver. 7.97 and prior"
},
{
"status": "affected",
"version": "Air Conditioning System TW-50A Ver. 7.97 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use of a Broken or Risky Cryptographic Algorithm vulnerability in Air Conditioning System G-150AD Ver. 3.21 and prior, Air Conditioning System AG-150A-A Ver. 3.21 and prior, Air Conditioning System AG-150A-J Ver. 3.21 and prior, Air Conditioning System GB-50AD Ver. 3.21 and prior, Air Conditioning System GB-50ADA-A Ver. 3.21 and prior, Air Conditioning System GB-50ADA-J Ver. 3.21 and prior, Air Conditioning System EB-50GU-A Ver. 7.10 and prior, Air Conditioning System EB-50GU-J Ver. 7.10 and prior, Air Conditioning System AE-200J Ver. 7.97 and prior, Air Conditioning System AE-200A Ver. 7.97 and prior, Air Conditioning System AE-200E Ver. 7.97 and prior, Air Conditioning System AE-50J Ver. 7.97 and prior, Air Conditioning System AE-50A Ver. 7.97 and prior, Air Conditioning System AE-50E Ver. 7.97 and prior, Air Conditioning System EW-50J Ver. 7.97 and prior, Air Conditioning System EW-50A Ver. 7.97 and prior, Air Conditioning System EW-50E Ver. 7.97 and prior, Air Conditioning System TE-200A Ver. 7.97 and prior, Air Conditioning System TE-50A Ver. 7.97 and prior and Air Conditioning System TW-50A Ver. 7.97 and prior allows a remote unauthenticated attacker to cause a disclosure of encrypted message of the air conditioning systems by sniffing encrypted communications."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use of a Broken or Risky Cryptographic Algorithm",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-08T14:11:50",
"orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
"shortName": "Mitsubishi"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-005_en.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mee.co.jp/psirt/vulnerability/pdf/2022-001.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/vu/JVNVU95298925/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"ID": "CVE-2022-24296",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Air Conditioning System G-150AD; Air Conditioning System AG-150A-A; Air Conditioning System AG-150A-J; Air Conditioning System GB-50AD; Air Conditioning System GB-50ADA-A; Air Conditioning System GB-50ADA-J; Air Conditioning System EB-50GU-A; Air Conditioning System EB-50GU-J; Air Conditioning System AE-200J; Air Conditioning System AE-200A; Air Conditioning System AE-200E; Air Conditioning System AE-50J; Air Conditioning System AE-50A; Air Conditioning System AE-50E; Air Conditioning System EW-50J; Air Conditioning System EW-50A; Air Conditioning System EW-50E; Air Conditioning System TE-200A; Air Conditioning System TE-50A; Air Conditioning System TW-50A",
"version": {
"version_data": [
{
"version_value": "Air Conditioning System G-150AD Ver. 3.21 and prior"
},
{
"version_value": "Air Conditioning System AG-150A-A Ver. 3.21 and prior"
},
{
"version_value": "Air Conditioning System AG-150A-J Ver. 3.21 and prior"
},
{
"version_value": "Air Conditioning System GB-50AD Ver. 3.21 and prior"
},
{
"version_value": "Air Conditioning System GB-50ADA-A Ver. 3.21 and prior"
},
{
"version_value": "Air Conditioning System GB-50ADA-J Ver. 3.21 and prior"
},
{
"version_value": "Air Conditioning System EB-50GU-A Ver. 7.10 and prior"
},
{
"version_value": "Air Conditioning System EB-50GU-J Ver. 7.10 and prior"
},
{
"version_value": "Air Conditioning System AE-200J Ver. 7.97 and prior"
},
{
"version_value": "Air Conditioning System AE-200A Ver. 7.97 and prior"
},
{
"version_value": "Air Conditioning System AE-200E Ver. 7.97 and prior"
},
{
"version_value": "Air Conditioning System AE-50J Ver. 7.97 and prior"
},
{
"version_value": "Air Conditioning System AE-50A Ver. 7.97 and prior"
},
{
"version_value": "Air Conditioning System AE-50E Ver. 7.97 and prior"
},
{
"version_value": "Air Conditioning System EW-50J Ver. 7.97 and prior"
},
{
"version_value": "Air Conditioning System EW-50A Ver. 7.97 and prior"
},
{
"version_value": "Air Conditioning System EW-50E Ver. 7.97 and prior"
},
{
"version_value": "Air Conditioning System TE-200A Ver. 7.97 and prior"
},
{
"version_value": "Air Conditioning System TE-50A Ver. 7.97 and prior"
},
{
"version_value": "Air Conditioning System TW-50A Ver. 7.97 and prior"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use of a Broken or Risky Cryptographic Algorithm vulnerability in Air Conditioning System G-150AD Ver. 3.21 and prior, Air Conditioning System AG-150A-A Ver. 3.21 and prior, Air Conditioning System AG-150A-J Ver. 3.21 and prior, Air Conditioning System GB-50AD Ver. 3.21 and prior, Air Conditioning System GB-50ADA-A Ver. 3.21 and prior, Air Conditioning System GB-50ADA-J Ver. 3.21 and prior, Air Conditioning System EB-50GU-A Ver. 7.10 and prior, Air Conditioning System EB-50GU-J Ver. 7.10 and prior, Air Conditioning System AE-200J Ver. 7.97 and prior, Air Conditioning System AE-200A Ver. 7.97 and prior, Air Conditioning System AE-200E Ver. 7.97 and prior, Air Conditioning System AE-50J Ver. 7.97 and prior, Air Conditioning System AE-50A Ver. 7.97 and prior, Air Conditioning System AE-50E Ver. 7.97 and prior, Air Conditioning System EW-50J Ver. 7.97 and prior, Air Conditioning System EW-50A Ver. 7.97 and prior, Air Conditioning System EW-50E Ver. 7.97 and prior, Air Conditioning System TE-200A Ver. 7.97 and prior, Air Conditioning System TE-50A Ver. 7.97 and prior and Air Conditioning System TW-50A Ver. 7.97 and prior allows a remote unauthenticated attacker to cause a disclosure of encrypted message of the air conditioning systems by sniffing encrypted communications."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use of a Broken or Risky Cryptographic Algorithm"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-005_en.pdf",
"refsource": "MISC",
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-005_en.pdf"
},
{
"name": "https://www.mee.co.jp/psirt/vulnerability/pdf/2022-001.pdf",
"refsource": "MISC",
"url": "https://www.mee.co.jp/psirt/vulnerability/pdf/2022-001.pdf"
},
{
"name": "https://jvn.jp/vu/JVNVU95298925/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/vu/JVNVU95298925/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
"assignerShortName": "Mitsubishi",
"cveId": "CVE-2022-24296",
"datePublished": "2022-06-08T14:11:50",
"dateReserved": "2022-02-01T00:00:00",
"dateUpdated": "2024-08-03T04:07:02.409Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20593 (GCVE-0-2021-20593)
Vulnerability from nvd – Published: 2021-07-13 13:30 – Updated: 2024-08-03 17:45
VLAI?
Summary
Incorrect Implementation of Authentication Algorithm in Mitsubishi Electric Air Conditioning System/Centralized Controllers (G-50A Ver.2.50 to Ver. 3.35, GB-50A Ver.2.50 to Ver. 3.35, AG-150A-A Ver.3.20 and prior, AG-150A-J Ver.3.20 and prior, GB-50ADA-A Ver.3.20 and prior, GB-50ADA-J Ver.3.20 and prior, EB-50GU-A Ver 7.09 and prior, EB-50GU-J Ver 7.09 and prior, AE-200A Ver 7.93 and prior, AE-200E Ver 7.93 and prior, AE-50A Ver 7.93 and prior, AE-50E Ver 7.93 and prior, EW-50A Ver 7.93 and prior, EW-50E Ver 7.93 and prior, TE-200A Ver 7.93 and prior, TE-50A Ver 7.93 and prior, TW-50A Ver 7.93 and prior, CMS-RMD-J Ver.1.30 and prior) and Air Conditioning System/Expansion Controllers (PAC-YG50ECA Ver.2.20 and prior) allows a remote authenticated attacker to impersonate administrators to disclose configuration information of the air conditioning system and tamper information (e.g. operation information and configuration of air conditioning system) by exploiting this vulnerability.
Severity ?
No CVSS data available.
CWE
- Incorrect Implementation of Authentication Algorithm
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Air Conditioning System/Centralized Controllers G-50A; GB-50A; AG-150A-A; AG-150A-J; GB-50ADA-A; GB-50ADA-J; EB-50GU-A; EB-50GU-J; AE-200A; AE-200E; AE-50A; AE-50E; EW-50A; EW-50E; TE-200A; TE-50A; TW-50A; CMS-RMD-J; Air Conditioning System/Expansion Controllers PAC-YG50ECA |
Affected:
Ver.2.50 to Ver.3.35
Affected: Ver.3.20 and prior Affected: Ver 7.09 and prior Affected: Ver 7.93 and prior Affected: Ver.1.30 and prior Affected: Ver.2.20 and prior |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:45:44.715Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-004_en.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/vu/JVNVU96046575/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Air Conditioning System/Centralized Controllers G-50A; GB-50A; AG-150A-A; AG-150A-J; GB-50ADA-A; GB-50ADA-J; EB-50GU-A; EB-50GU-J; AE-200A; AE-200E; AE-50A; AE-50E; EW-50A; EW-50E; TE-200A; TE-50A; TW-50A; CMS-RMD-J; Air Conditioning System/Expansion Controllers PAC-YG50ECA",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Ver.2.50 to Ver.3.35"
},
{
"status": "affected",
"version": "Ver.3.20 and prior"
},
{
"status": "affected",
"version": "Ver 7.09 and prior"
},
{
"status": "affected",
"version": "Ver 7.93 and prior"
},
{
"status": "affected",
"version": "Ver.1.30 and prior"
},
{
"status": "affected",
"version": "Ver.2.20 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Incorrect Implementation of Authentication Algorithm in Mitsubishi Electric Air Conditioning System/Centralized Controllers (G-50A Ver.2.50 to Ver. 3.35, GB-50A Ver.2.50 to Ver. 3.35, AG-150A-A Ver.3.20 and prior, AG-150A-J Ver.3.20 and prior, GB-50ADA-A Ver.3.20 and prior, GB-50ADA-J Ver.3.20 and prior, EB-50GU-A Ver 7.09 and prior, EB-50GU-J Ver 7.09 and prior, AE-200A Ver 7.93 and prior, AE-200E Ver 7.93 and prior, AE-50A Ver 7.93 and prior, AE-50E Ver 7.93 and prior, EW-50A Ver 7.93 and prior, EW-50E Ver 7.93 and prior, TE-200A Ver 7.93 and prior, TE-50A Ver 7.93 and prior, TW-50A Ver 7.93 and prior, CMS-RMD-J Ver.1.30 and prior) and Air Conditioning System/Expansion Controllers (PAC-YG50ECA Ver.2.20 and prior) allows a remote authenticated attacker to impersonate administrators to disclose configuration information of the air conditioning system and tamper information (e.g. operation information and configuration of air conditioning system) by exploiting this vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Incorrect Implementation of Authentication Algorithm",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-13T13:30:59",
"orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
"shortName": "Mitsubishi"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-004_en.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/vu/JVNVU96046575/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"ID": "CVE-2021-20593",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Air Conditioning System/Centralized Controllers G-50A; GB-50A; AG-150A-A; AG-150A-J; GB-50ADA-A; GB-50ADA-J; EB-50GU-A; EB-50GU-J; AE-200A; AE-200E; AE-50A; AE-50E; EW-50A; EW-50E; TE-200A; TE-50A; TW-50A; CMS-RMD-J; Air Conditioning System/Expansion Controllers PAC-YG50ECA",
"version": {
"version_data": [
{
"version_value": "Ver.2.50 to Ver.3.35"
},
{
"version_value": "Ver.2.50 to Ver.3.35"
},
{
"version_value": "Ver.3.20 and prior"
},
{
"version_value": "Ver.3.20 and prior"
},
{
"version_value": "Ver.3.20 and prior"
},
{
"version_value": "Ver.3.20 and prior"
},
{
"version_value": "Ver 7.09 and prior"
},
{
"version_value": "Ver 7.09 and prior"
},
{
"version_value": "Ver 7.93 and prior"
},
{
"version_value": "Ver 7.93 and prior"
},
{
"version_value": "Ver 7.93 and prior"
},
{
"version_value": "Ver 7.93 and prior"
},
{
"version_value": "Ver 7.93 and prior"
},
{
"version_value": "Ver 7.93 and prior"
},
{
"version_value": "Ver 7.93 and prior"
},
{
"version_value": "Ver 7.93 and prior"
},
{
"version_value": "Ver 7.93 and prior"
},
{
"version_value": "Ver.1.30 and prior"
},
{
"version_value": "Ver.2.20 and prior"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incorrect Implementation of Authentication Algorithm in Mitsubishi Electric Air Conditioning System/Centralized Controllers (G-50A Ver.2.50 to Ver. 3.35, GB-50A Ver.2.50 to Ver. 3.35, AG-150A-A Ver.3.20 and prior, AG-150A-J Ver.3.20 and prior, GB-50ADA-A Ver.3.20 and prior, GB-50ADA-J Ver.3.20 and prior, EB-50GU-A Ver 7.09 and prior, EB-50GU-J Ver 7.09 and prior, AE-200A Ver 7.93 and prior, AE-200E Ver 7.93 and prior, AE-50A Ver 7.93 and prior, AE-50E Ver 7.93 and prior, EW-50A Ver 7.93 and prior, EW-50E Ver 7.93 and prior, TE-200A Ver 7.93 and prior, TE-50A Ver 7.93 and prior, TW-50A Ver 7.93 and prior, CMS-RMD-J Ver.1.30 and prior) and Air Conditioning System/Expansion Controllers (PAC-YG50ECA Ver.2.20 and prior) allows a remote authenticated attacker to impersonate administrators to disclose configuration information of the air conditioning system and tamper information (e.g. operation information and configuration of air conditioning system) by exploiting this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Incorrect Implementation of Authentication Algorithm"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-004_en.pdf",
"refsource": "MISC",
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-004_en.pdf"
},
{
"name": "https://jvn.jp/vu/JVNVU96046575/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/vu/JVNVU96046575/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
"assignerShortName": "Mitsubishi",
"cveId": "CVE-2021-20593",
"datePublished": "2021-07-13T13:30:59",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:45:44.715Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20595 (GCVE-0-2021-20595)
Vulnerability from nvd – Published: 2021-07-13 10:54 – Updated: 2024-08-03 17:45
VLAI?
Summary
Improper Restriction of XML External Entity Reference vulnerability in Mitsubishi Electric Air Conditioning System/Centralized Controllers (G-50A Ver.3.35 and prior, GB-50A Ver.3.35 and prior, GB-24A Ver.9.11 and prior, AG-150A-A Ver.3.20 and prior, AG-150A-J Ver.3.20 and prior, GB-50ADA-A Ver.3.20 and prior, GB-50ADA-J Ver.3.20 and prior, EB-50GU-A Ver 7.09 and prior, EB-50GU-J Ver 7.09 and prior, AE-200A Ver 7.93 and prior, AE-200E Ver 7.93 and prior, AE-50A Ver 7.93 and prior, AE-50E Ver 7.93 and prior, EW-50A Ver 7.93 and prior, EW-50E Ver 7.93 and prior, TE-200A Ver 7.93 and prior, TE-50A Ver 7.93 and prior, TW-50A Ver 7.93 and prior, CMS-RMD-J Ver.1.30 and prior), Air Conditioning System/Expansion Controllers (PAC-YG50ECA Ver.2.20 and prior) and Air Conditioning System/BM adapter(BAC-HD150 Ver.2.21 and prior) allows a remote unauthenticated attacker to disclose some of data in the air conditioning system or cause a DoS condition by sending specially crafted packets.
Severity ?
No CVSS data available.
CWE
- Improper Restriction of XML External Entity Reference
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Air Conditioning System/Centralized Controllers G-50A; GB-50A; GB-24A; AG-150A-A; AG-150A-J; GB-50ADA-A; GB-50ADA-J; EB-50GU-A; EB-50GU-J; AE-200A; AE-200E; AE-50A; AE-50E; EW-50A; EW-50E; TE-200A; TE-50A; TW-50A; CMS-RMD-J; Air Conditioning System/Expansion Controllers PAC-YG50ECA; Air Conditioning System/BM adapter BAC-HD150 |
Affected:
Ver.3.35 and prior
Affected: Ver.9.11 and prior Affected: Ver.3.20 and prior Affected: Ver 7.09 and prior Affected: Ver 7.93 and prior Affected: Ver.1.30 and prior Affected: Ver.2.20 and prior Affected: Ver.2.21 and prior |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:45:44.715Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-005_en.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/vu/JVNVU93086468/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Air Conditioning System/Centralized Controllers G-50A; GB-50A; GB-24A; AG-150A-A; AG-150A-J; GB-50ADA-A; GB-50ADA-J; EB-50GU-A; EB-50GU-J; AE-200A; AE-200E; AE-50A; AE-50E; EW-50A; EW-50E; TE-200A; TE-50A; TW-50A; CMS-RMD-J; Air Conditioning System/Expansion Controllers PAC-YG50ECA; Air Conditioning System/BM adapter BAC-HD150",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Ver.3.35 and prior"
},
{
"status": "affected",
"version": "Ver.9.11 and prior"
},
{
"status": "affected",
"version": "Ver.3.20 and prior"
},
{
"status": "affected",
"version": "Ver 7.09 and prior"
},
{
"status": "affected",
"version": "Ver 7.93 and prior"
},
{
"status": "affected",
"version": "Ver.1.30 and prior"
},
{
"status": "affected",
"version": "Ver.2.20 and prior"
},
{
"status": "affected",
"version": "Ver.2.21 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Restriction of XML External Entity Reference vulnerability in Mitsubishi Electric Air Conditioning System/Centralized Controllers (G-50A Ver.3.35 and prior, GB-50A Ver.3.35 and prior, GB-24A Ver.9.11 and prior, AG-150A-A Ver.3.20 and prior, AG-150A-J Ver.3.20 and prior, GB-50ADA-A Ver.3.20 and prior, GB-50ADA-J Ver.3.20 and prior, EB-50GU-A Ver 7.09 and prior, EB-50GU-J Ver 7.09 and prior, AE-200A Ver 7.93 and prior, AE-200E Ver 7.93 and prior, AE-50A Ver 7.93 and prior, AE-50E Ver 7.93 and prior, EW-50A Ver 7.93 and prior, EW-50E Ver 7.93 and prior, TE-200A Ver 7.93 and prior, TE-50A Ver 7.93 and prior, TW-50A Ver 7.93 and prior, CMS-RMD-J Ver.1.30 and prior), Air Conditioning System/Expansion Controllers (PAC-YG50ECA Ver.2.20 and prior) and Air Conditioning System/BM adapter(BAC-HD150 Ver.2.21 and prior) allows a remote unauthenticated attacker to disclose some of data in the air conditioning system or cause a DoS condition by sending specially crafted packets."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Restriction of XML External Entity Reference",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-13T10:54:01",
"orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
"shortName": "Mitsubishi"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-005_en.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/vu/JVNVU93086468/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"ID": "CVE-2021-20595",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Air Conditioning System/Centralized Controllers G-50A; GB-50A; GB-24A; AG-150A-A; AG-150A-J; GB-50ADA-A; GB-50ADA-J; EB-50GU-A; EB-50GU-J; AE-200A; AE-200E; AE-50A; AE-50E; EW-50A; EW-50E; TE-200A; TE-50A; TW-50A; CMS-RMD-J; Air Conditioning System/Expansion Controllers PAC-YG50ECA; Air Conditioning System/BM adapter BAC-HD150",
"version": {
"version_data": [
{
"version_value": "Ver.3.35 and prior"
},
{
"version_value": "Ver.3.35 and prior"
},
{
"version_value": "Ver.9.11 and prior"
},
{
"version_value": "Ver.3.20 and prior"
},
{
"version_value": "Ver.3.20 and prior"
},
{
"version_value": "Ver.3.20 and prior"
},
{
"version_value": "Ver.3.20 and prior"
},
{
"version_value": "Ver 7.09 and prior"
},
{
"version_value": "Ver 7.09 and prior"
},
{
"version_value": "Ver 7.93 and prior"
},
{
"version_value": "Ver 7.93 and prior"
},
{
"version_value": "Ver 7.93 and prior"
},
{
"version_value": "Ver 7.93 and prior"
},
{
"version_value": "Ver 7.93 and prior"
},
{
"version_value": "Ver 7.93 and prior"
},
{
"version_value": "Ver 7.93 and prior"
},
{
"version_value": "Ver 7.93 and prior"
},
{
"version_value": "Ver 7.93 and prior"
},
{
"version_value": "Ver.1.30 and prior"
},
{
"version_value": "Ver.2.20 and prior"
},
{
"version_value": "Ver.2.21 and prior"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Restriction of XML External Entity Reference vulnerability in Mitsubishi Electric Air Conditioning System/Centralized Controllers (G-50A Ver.3.35 and prior, GB-50A Ver.3.35 and prior, GB-24A Ver.9.11 and prior, AG-150A-A Ver.3.20 and prior, AG-150A-J Ver.3.20 and prior, GB-50ADA-A Ver.3.20 and prior, GB-50ADA-J Ver.3.20 and prior, EB-50GU-A Ver 7.09 and prior, EB-50GU-J Ver 7.09 and prior, AE-200A Ver 7.93 and prior, AE-200E Ver 7.93 and prior, AE-50A Ver 7.93 and prior, AE-50E Ver 7.93 and prior, EW-50A Ver 7.93 and prior, EW-50E Ver 7.93 and prior, TE-200A Ver 7.93 and prior, TE-50A Ver 7.93 and prior, TW-50A Ver 7.93 and prior, CMS-RMD-J Ver.1.30 and prior), Air Conditioning System/Expansion Controllers (PAC-YG50ECA Ver.2.20 and prior) and Air Conditioning System/BM adapter(BAC-HD150 Ver.2.21 and prior) allows a remote unauthenticated attacker to disclose some of data in the air conditioning system or cause a DoS condition by sending specially crafted packets."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Restriction of XML External Entity Reference"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-005_en.pdf",
"refsource": "MISC",
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-005_en.pdf"
},
{
"name": "https://jvn.jp/vu/JVNVU93086468/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/vu/JVNVU93086468/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
"assignerShortName": "Mitsubishi",
"cveId": "CVE-2021-20595",
"datePublished": "2021-07-13T10:54:01",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:45:44.715Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-24296 (GCVE-0-2022-24296)
Vulnerability from cvelistv5 – Published: 2022-06-08 14:11 – Updated: 2024-08-03 04:07
VLAI?
Summary
Use of a Broken or Risky Cryptographic Algorithm vulnerability in Air Conditioning System G-150AD Ver. 3.21 and prior, Air Conditioning System AG-150A-A Ver. 3.21 and prior, Air Conditioning System AG-150A-J Ver. 3.21 and prior, Air Conditioning System GB-50AD Ver. 3.21 and prior, Air Conditioning System GB-50ADA-A Ver. 3.21 and prior, Air Conditioning System GB-50ADA-J Ver. 3.21 and prior, Air Conditioning System EB-50GU-A Ver. 7.10 and prior, Air Conditioning System EB-50GU-J Ver. 7.10 and prior, Air Conditioning System AE-200J Ver. 7.97 and prior, Air Conditioning System AE-200A Ver. 7.97 and prior, Air Conditioning System AE-200E Ver. 7.97 and prior, Air Conditioning System AE-50J Ver. 7.97 and prior, Air Conditioning System AE-50A Ver. 7.97 and prior, Air Conditioning System AE-50E Ver. 7.97 and prior, Air Conditioning System EW-50J Ver. 7.97 and prior, Air Conditioning System EW-50A Ver. 7.97 and prior, Air Conditioning System EW-50E Ver. 7.97 and prior, Air Conditioning System TE-200A Ver. 7.97 and prior, Air Conditioning System TE-50A Ver. 7.97 and prior and Air Conditioning System TW-50A Ver. 7.97 and prior allows a remote unauthenticated attacker to cause a disclosure of encrypted message of the air conditioning systems by sniffing encrypted communications.
Severity ?
No CVSS data available.
CWE
- Use of a Broken or Risky Cryptographic Algorithm
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Air Conditioning System G-150AD; Air Conditioning System AG-150A-A; Air Conditioning System AG-150A-J; Air Conditioning System GB-50AD; Air Conditioning System GB-50ADA-A; Air Conditioning System GB-50ADA-J; Air Conditioning System EB-50GU-A; Air Conditioning System EB-50GU-J; Air Conditioning System AE-200J; Air Conditioning System AE-200A; Air Conditioning System AE-200E; Air Conditioning System AE-50J; Air Conditioning System AE-50A; Air Conditioning System AE-50E; Air Conditioning System EW-50J; Air Conditioning System EW-50A; Air Conditioning System EW-50E; Air Conditioning System TE-200A; Air Conditioning System TE-50A; Air Conditioning System TW-50A |
Affected:
Air Conditioning System G-150AD Ver. 3.21 and prior
Affected: Air Conditioning System AG-150A-A Ver. 3.21 and prior Affected: Air Conditioning System AG-150A-J Ver. 3.21 and prior Affected: Air Conditioning System GB-50AD Ver. 3.21 and prior Affected: Air Conditioning System GB-50ADA-A Ver. 3.21 and prior Affected: Air Conditioning System GB-50ADA-J Ver. 3.21 and prior Affected: Air Conditioning System EB-50GU-A Ver. 7.10 and prior Affected: Air Conditioning System EB-50GU-J Ver. 7.10 and prior Affected: Air Conditioning System AE-200J Ver. 7.97 and prior Affected: Air Conditioning System AE-200A Ver. 7.97 and prior Affected: Air Conditioning System AE-200E Ver. 7.97 and prior Affected: Air Conditioning System AE-50J Ver. 7.97 and prior Affected: Air Conditioning System AE-50A Ver. 7.97 and prior Affected: Air Conditioning System AE-50E Ver. 7.97 and prior Affected: Air Conditioning System EW-50J Ver. 7.97 and prior Affected: Air Conditioning System EW-50A Ver. 7.97 and prior Affected: Air Conditioning System EW-50E Ver. 7.97 and prior Affected: Air Conditioning System TE-200A Ver. 7.97 and prior Affected: Air Conditioning System TE-50A Ver. 7.97 and prior Affected: Air Conditioning System TW-50A Ver. 7.97 and prior |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:07:02.409Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-005_en.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mee.co.jp/psirt/vulnerability/pdf/2022-001.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/vu/JVNVU95298925/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Air Conditioning System G-150AD; Air Conditioning System AG-150A-A; Air Conditioning System AG-150A-J; Air Conditioning System GB-50AD; Air Conditioning System GB-50ADA-A; Air Conditioning System GB-50ADA-J; Air Conditioning System EB-50GU-A; Air Conditioning System EB-50GU-J; Air Conditioning System AE-200J; Air Conditioning System AE-200A; Air Conditioning System AE-200E; Air Conditioning System AE-50J; Air Conditioning System AE-50A; Air Conditioning System AE-50E; Air Conditioning System EW-50J; Air Conditioning System EW-50A; Air Conditioning System EW-50E; Air Conditioning System TE-200A; Air Conditioning System TE-50A; Air Conditioning System TW-50A",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Air Conditioning System G-150AD Ver. 3.21 and prior"
},
{
"status": "affected",
"version": "Air Conditioning System AG-150A-A Ver. 3.21 and prior"
},
{
"status": "affected",
"version": "Air Conditioning System AG-150A-J Ver. 3.21 and prior"
},
{
"status": "affected",
"version": "Air Conditioning System GB-50AD Ver. 3.21 and prior"
},
{
"status": "affected",
"version": "Air Conditioning System GB-50ADA-A Ver. 3.21 and prior"
},
{
"status": "affected",
"version": "Air Conditioning System GB-50ADA-J Ver. 3.21 and prior"
},
{
"status": "affected",
"version": "Air Conditioning System EB-50GU-A Ver. 7.10 and prior"
},
{
"status": "affected",
"version": "Air Conditioning System EB-50GU-J Ver. 7.10 and prior"
},
{
"status": "affected",
"version": "Air Conditioning System AE-200J Ver. 7.97 and prior"
},
{
"status": "affected",
"version": "Air Conditioning System AE-200A Ver. 7.97 and prior"
},
{
"status": "affected",
"version": "Air Conditioning System AE-200E Ver. 7.97 and prior"
},
{
"status": "affected",
"version": "Air Conditioning System AE-50J Ver. 7.97 and prior"
},
{
"status": "affected",
"version": "Air Conditioning System AE-50A Ver. 7.97 and prior"
},
{
"status": "affected",
"version": "Air Conditioning System AE-50E Ver. 7.97 and prior"
},
{
"status": "affected",
"version": "Air Conditioning System EW-50J Ver. 7.97 and prior"
},
{
"status": "affected",
"version": "Air Conditioning System EW-50A Ver. 7.97 and prior"
},
{
"status": "affected",
"version": "Air Conditioning System EW-50E Ver. 7.97 and prior"
},
{
"status": "affected",
"version": "Air Conditioning System TE-200A Ver. 7.97 and prior"
},
{
"status": "affected",
"version": "Air Conditioning System TE-50A Ver. 7.97 and prior"
},
{
"status": "affected",
"version": "Air Conditioning System TW-50A Ver. 7.97 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use of a Broken or Risky Cryptographic Algorithm vulnerability in Air Conditioning System G-150AD Ver. 3.21 and prior, Air Conditioning System AG-150A-A Ver. 3.21 and prior, Air Conditioning System AG-150A-J Ver. 3.21 and prior, Air Conditioning System GB-50AD Ver. 3.21 and prior, Air Conditioning System GB-50ADA-A Ver. 3.21 and prior, Air Conditioning System GB-50ADA-J Ver. 3.21 and prior, Air Conditioning System EB-50GU-A Ver. 7.10 and prior, Air Conditioning System EB-50GU-J Ver. 7.10 and prior, Air Conditioning System AE-200J Ver. 7.97 and prior, Air Conditioning System AE-200A Ver. 7.97 and prior, Air Conditioning System AE-200E Ver. 7.97 and prior, Air Conditioning System AE-50J Ver. 7.97 and prior, Air Conditioning System AE-50A Ver. 7.97 and prior, Air Conditioning System AE-50E Ver. 7.97 and prior, Air Conditioning System EW-50J Ver. 7.97 and prior, Air Conditioning System EW-50A Ver. 7.97 and prior, Air Conditioning System EW-50E Ver. 7.97 and prior, Air Conditioning System TE-200A Ver. 7.97 and prior, Air Conditioning System TE-50A Ver. 7.97 and prior and Air Conditioning System TW-50A Ver. 7.97 and prior allows a remote unauthenticated attacker to cause a disclosure of encrypted message of the air conditioning systems by sniffing encrypted communications."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use of a Broken or Risky Cryptographic Algorithm",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-08T14:11:50",
"orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
"shortName": "Mitsubishi"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-005_en.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mee.co.jp/psirt/vulnerability/pdf/2022-001.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/vu/JVNVU95298925/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"ID": "CVE-2022-24296",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Air Conditioning System G-150AD; Air Conditioning System AG-150A-A; Air Conditioning System AG-150A-J; Air Conditioning System GB-50AD; Air Conditioning System GB-50ADA-A; Air Conditioning System GB-50ADA-J; Air Conditioning System EB-50GU-A; Air Conditioning System EB-50GU-J; Air Conditioning System AE-200J; Air Conditioning System AE-200A; Air Conditioning System AE-200E; Air Conditioning System AE-50J; Air Conditioning System AE-50A; Air Conditioning System AE-50E; Air Conditioning System EW-50J; Air Conditioning System EW-50A; Air Conditioning System EW-50E; Air Conditioning System TE-200A; Air Conditioning System TE-50A; Air Conditioning System TW-50A",
"version": {
"version_data": [
{
"version_value": "Air Conditioning System G-150AD Ver. 3.21 and prior"
},
{
"version_value": "Air Conditioning System AG-150A-A Ver. 3.21 and prior"
},
{
"version_value": "Air Conditioning System AG-150A-J Ver. 3.21 and prior"
},
{
"version_value": "Air Conditioning System GB-50AD Ver. 3.21 and prior"
},
{
"version_value": "Air Conditioning System GB-50ADA-A Ver. 3.21 and prior"
},
{
"version_value": "Air Conditioning System GB-50ADA-J Ver. 3.21 and prior"
},
{
"version_value": "Air Conditioning System EB-50GU-A Ver. 7.10 and prior"
},
{
"version_value": "Air Conditioning System EB-50GU-J Ver. 7.10 and prior"
},
{
"version_value": "Air Conditioning System AE-200J Ver. 7.97 and prior"
},
{
"version_value": "Air Conditioning System AE-200A Ver. 7.97 and prior"
},
{
"version_value": "Air Conditioning System AE-200E Ver. 7.97 and prior"
},
{
"version_value": "Air Conditioning System AE-50J Ver. 7.97 and prior"
},
{
"version_value": "Air Conditioning System AE-50A Ver. 7.97 and prior"
},
{
"version_value": "Air Conditioning System AE-50E Ver. 7.97 and prior"
},
{
"version_value": "Air Conditioning System EW-50J Ver. 7.97 and prior"
},
{
"version_value": "Air Conditioning System EW-50A Ver. 7.97 and prior"
},
{
"version_value": "Air Conditioning System EW-50E Ver. 7.97 and prior"
},
{
"version_value": "Air Conditioning System TE-200A Ver. 7.97 and prior"
},
{
"version_value": "Air Conditioning System TE-50A Ver. 7.97 and prior"
},
{
"version_value": "Air Conditioning System TW-50A Ver. 7.97 and prior"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use of a Broken or Risky Cryptographic Algorithm vulnerability in Air Conditioning System G-150AD Ver. 3.21 and prior, Air Conditioning System AG-150A-A Ver. 3.21 and prior, Air Conditioning System AG-150A-J Ver. 3.21 and prior, Air Conditioning System GB-50AD Ver. 3.21 and prior, Air Conditioning System GB-50ADA-A Ver. 3.21 and prior, Air Conditioning System GB-50ADA-J Ver. 3.21 and prior, Air Conditioning System EB-50GU-A Ver. 7.10 and prior, Air Conditioning System EB-50GU-J Ver. 7.10 and prior, Air Conditioning System AE-200J Ver. 7.97 and prior, Air Conditioning System AE-200A Ver. 7.97 and prior, Air Conditioning System AE-200E Ver. 7.97 and prior, Air Conditioning System AE-50J Ver. 7.97 and prior, Air Conditioning System AE-50A Ver. 7.97 and prior, Air Conditioning System AE-50E Ver. 7.97 and prior, Air Conditioning System EW-50J Ver. 7.97 and prior, Air Conditioning System EW-50A Ver. 7.97 and prior, Air Conditioning System EW-50E Ver. 7.97 and prior, Air Conditioning System TE-200A Ver. 7.97 and prior, Air Conditioning System TE-50A Ver. 7.97 and prior and Air Conditioning System TW-50A Ver. 7.97 and prior allows a remote unauthenticated attacker to cause a disclosure of encrypted message of the air conditioning systems by sniffing encrypted communications."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use of a Broken or Risky Cryptographic Algorithm"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-005_en.pdf",
"refsource": "MISC",
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-005_en.pdf"
},
{
"name": "https://www.mee.co.jp/psirt/vulnerability/pdf/2022-001.pdf",
"refsource": "MISC",
"url": "https://www.mee.co.jp/psirt/vulnerability/pdf/2022-001.pdf"
},
{
"name": "https://jvn.jp/vu/JVNVU95298925/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/vu/JVNVU95298925/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
"assignerShortName": "Mitsubishi",
"cveId": "CVE-2022-24296",
"datePublished": "2022-06-08T14:11:50",
"dateReserved": "2022-02-01T00:00:00",
"dateUpdated": "2024-08-03T04:07:02.409Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20593 (GCVE-0-2021-20593)
Vulnerability from cvelistv5 – Published: 2021-07-13 13:30 – Updated: 2024-08-03 17:45
VLAI?
Summary
Incorrect Implementation of Authentication Algorithm in Mitsubishi Electric Air Conditioning System/Centralized Controllers (G-50A Ver.2.50 to Ver. 3.35, GB-50A Ver.2.50 to Ver. 3.35, AG-150A-A Ver.3.20 and prior, AG-150A-J Ver.3.20 and prior, GB-50ADA-A Ver.3.20 and prior, GB-50ADA-J Ver.3.20 and prior, EB-50GU-A Ver 7.09 and prior, EB-50GU-J Ver 7.09 and prior, AE-200A Ver 7.93 and prior, AE-200E Ver 7.93 and prior, AE-50A Ver 7.93 and prior, AE-50E Ver 7.93 and prior, EW-50A Ver 7.93 and prior, EW-50E Ver 7.93 and prior, TE-200A Ver 7.93 and prior, TE-50A Ver 7.93 and prior, TW-50A Ver 7.93 and prior, CMS-RMD-J Ver.1.30 and prior) and Air Conditioning System/Expansion Controllers (PAC-YG50ECA Ver.2.20 and prior) allows a remote authenticated attacker to impersonate administrators to disclose configuration information of the air conditioning system and tamper information (e.g. operation information and configuration of air conditioning system) by exploiting this vulnerability.
Severity ?
No CVSS data available.
CWE
- Incorrect Implementation of Authentication Algorithm
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Air Conditioning System/Centralized Controllers G-50A; GB-50A; AG-150A-A; AG-150A-J; GB-50ADA-A; GB-50ADA-J; EB-50GU-A; EB-50GU-J; AE-200A; AE-200E; AE-50A; AE-50E; EW-50A; EW-50E; TE-200A; TE-50A; TW-50A; CMS-RMD-J; Air Conditioning System/Expansion Controllers PAC-YG50ECA |
Affected:
Ver.2.50 to Ver.3.35
Affected: Ver.3.20 and prior Affected: Ver 7.09 and prior Affected: Ver 7.93 and prior Affected: Ver.1.30 and prior Affected: Ver.2.20 and prior |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:45:44.715Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-004_en.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/vu/JVNVU96046575/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Air Conditioning System/Centralized Controllers G-50A; GB-50A; AG-150A-A; AG-150A-J; GB-50ADA-A; GB-50ADA-J; EB-50GU-A; EB-50GU-J; AE-200A; AE-200E; AE-50A; AE-50E; EW-50A; EW-50E; TE-200A; TE-50A; TW-50A; CMS-RMD-J; Air Conditioning System/Expansion Controllers PAC-YG50ECA",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Ver.2.50 to Ver.3.35"
},
{
"status": "affected",
"version": "Ver.3.20 and prior"
},
{
"status": "affected",
"version": "Ver 7.09 and prior"
},
{
"status": "affected",
"version": "Ver 7.93 and prior"
},
{
"status": "affected",
"version": "Ver.1.30 and prior"
},
{
"status": "affected",
"version": "Ver.2.20 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Incorrect Implementation of Authentication Algorithm in Mitsubishi Electric Air Conditioning System/Centralized Controllers (G-50A Ver.2.50 to Ver. 3.35, GB-50A Ver.2.50 to Ver. 3.35, AG-150A-A Ver.3.20 and prior, AG-150A-J Ver.3.20 and prior, GB-50ADA-A Ver.3.20 and prior, GB-50ADA-J Ver.3.20 and prior, EB-50GU-A Ver 7.09 and prior, EB-50GU-J Ver 7.09 and prior, AE-200A Ver 7.93 and prior, AE-200E Ver 7.93 and prior, AE-50A Ver 7.93 and prior, AE-50E Ver 7.93 and prior, EW-50A Ver 7.93 and prior, EW-50E Ver 7.93 and prior, TE-200A Ver 7.93 and prior, TE-50A Ver 7.93 and prior, TW-50A Ver 7.93 and prior, CMS-RMD-J Ver.1.30 and prior) and Air Conditioning System/Expansion Controllers (PAC-YG50ECA Ver.2.20 and prior) allows a remote authenticated attacker to impersonate administrators to disclose configuration information of the air conditioning system and tamper information (e.g. operation information and configuration of air conditioning system) by exploiting this vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Incorrect Implementation of Authentication Algorithm",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-13T13:30:59",
"orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
"shortName": "Mitsubishi"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-004_en.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/vu/JVNVU96046575/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"ID": "CVE-2021-20593",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Air Conditioning System/Centralized Controllers G-50A; GB-50A; AG-150A-A; AG-150A-J; GB-50ADA-A; GB-50ADA-J; EB-50GU-A; EB-50GU-J; AE-200A; AE-200E; AE-50A; AE-50E; EW-50A; EW-50E; TE-200A; TE-50A; TW-50A; CMS-RMD-J; Air Conditioning System/Expansion Controllers PAC-YG50ECA",
"version": {
"version_data": [
{
"version_value": "Ver.2.50 to Ver.3.35"
},
{
"version_value": "Ver.2.50 to Ver.3.35"
},
{
"version_value": "Ver.3.20 and prior"
},
{
"version_value": "Ver.3.20 and prior"
},
{
"version_value": "Ver.3.20 and prior"
},
{
"version_value": "Ver.3.20 and prior"
},
{
"version_value": "Ver 7.09 and prior"
},
{
"version_value": "Ver 7.09 and prior"
},
{
"version_value": "Ver 7.93 and prior"
},
{
"version_value": "Ver 7.93 and prior"
},
{
"version_value": "Ver 7.93 and prior"
},
{
"version_value": "Ver 7.93 and prior"
},
{
"version_value": "Ver 7.93 and prior"
},
{
"version_value": "Ver 7.93 and prior"
},
{
"version_value": "Ver 7.93 and prior"
},
{
"version_value": "Ver 7.93 and prior"
},
{
"version_value": "Ver 7.93 and prior"
},
{
"version_value": "Ver.1.30 and prior"
},
{
"version_value": "Ver.2.20 and prior"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incorrect Implementation of Authentication Algorithm in Mitsubishi Electric Air Conditioning System/Centralized Controllers (G-50A Ver.2.50 to Ver. 3.35, GB-50A Ver.2.50 to Ver. 3.35, AG-150A-A Ver.3.20 and prior, AG-150A-J Ver.3.20 and prior, GB-50ADA-A Ver.3.20 and prior, GB-50ADA-J Ver.3.20 and prior, EB-50GU-A Ver 7.09 and prior, EB-50GU-J Ver 7.09 and prior, AE-200A Ver 7.93 and prior, AE-200E Ver 7.93 and prior, AE-50A Ver 7.93 and prior, AE-50E Ver 7.93 and prior, EW-50A Ver 7.93 and prior, EW-50E Ver 7.93 and prior, TE-200A Ver 7.93 and prior, TE-50A Ver 7.93 and prior, TW-50A Ver 7.93 and prior, CMS-RMD-J Ver.1.30 and prior) and Air Conditioning System/Expansion Controllers (PAC-YG50ECA Ver.2.20 and prior) allows a remote authenticated attacker to impersonate administrators to disclose configuration information of the air conditioning system and tamper information (e.g. operation information and configuration of air conditioning system) by exploiting this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Incorrect Implementation of Authentication Algorithm"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-004_en.pdf",
"refsource": "MISC",
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-004_en.pdf"
},
{
"name": "https://jvn.jp/vu/JVNVU96046575/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/vu/JVNVU96046575/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
"assignerShortName": "Mitsubishi",
"cveId": "CVE-2021-20593",
"datePublished": "2021-07-13T13:30:59",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:45:44.715Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20595 (GCVE-0-2021-20595)
Vulnerability from cvelistv5 – Published: 2021-07-13 10:54 – Updated: 2024-08-03 17:45
VLAI?
Summary
Improper Restriction of XML External Entity Reference vulnerability in Mitsubishi Electric Air Conditioning System/Centralized Controllers (G-50A Ver.3.35 and prior, GB-50A Ver.3.35 and prior, GB-24A Ver.9.11 and prior, AG-150A-A Ver.3.20 and prior, AG-150A-J Ver.3.20 and prior, GB-50ADA-A Ver.3.20 and prior, GB-50ADA-J Ver.3.20 and prior, EB-50GU-A Ver 7.09 and prior, EB-50GU-J Ver 7.09 and prior, AE-200A Ver 7.93 and prior, AE-200E Ver 7.93 and prior, AE-50A Ver 7.93 and prior, AE-50E Ver 7.93 and prior, EW-50A Ver 7.93 and prior, EW-50E Ver 7.93 and prior, TE-200A Ver 7.93 and prior, TE-50A Ver 7.93 and prior, TW-50A Ver 7.93 and prior, CMS-RMD-J Ver.1.30 and prior), Air Conditioning System/Expansion Controllers (PAC-YG50ECA Ver.2.20 and prior) and Air Conditioning System/BM adapter(BAC-HD150 Ver.2.21 and prior) allows a remote unauthenticated attacker to disclose some of data in the air conditioning system or cause a DoS condition by sending specially crafted packets.
Severity ?
No CVSS data available.
CWE
- Improper Restriction of XML External Entity Reference
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Air Conditioning System/Centralized Controllers G-50A; GB-50A; GB-24A; AG-150A-A; AG-150A-J; GB-50ADA-A; GB-50ADA-J; EB-50GU-A; EB-50GU-J; AE-200A; AE-200E; AE-50A; AE-50E; EW-50A; EW-50E; TE-200A; TE-50A; TW-50A; CMS-RMD-J; Air Conditioning System/Expansion Controllers PAC-YG50ECA; Air Conditioning System/BM adapter BAC-HD150 |
Affected:
Ver.3.35 and prior
Affected: Ver.9.11 and prior Affected: Ver.3.20 and prior Affected: Ver 7.09 and prior Affected: Ver 7.93 and prior Affected: Ver.1.30 and prior Affected: Ver.2.20 and prior Affected: Ver.2.21 and prior |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:45:44.715Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-005_en.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/vu/JVNVU93086468/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Air Conditioning System/Centralized Controllers G-50A; GB-50A; GB-24A; AG-150A-A; AG-150A-J; GB-50ADA-A; GB-50ADA-J; EB-50GU-A; EB-50GU-J; AE-200A; AE-200E; AE-50A; AE-50E; EW-50A; EW-50E; TE-200A; TE-50A; TW-50A; CMS-RMD-J; Air Conditioning System/Expansion Controllers PAC-YG50ECA; Air Conditioning System/BM adapter BAC-HD150",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Ver.3.35 and prior"
},
{
"status": "affected",
"version": "Ver.9.11 and prior"
},
{
"status": "affected",
"version": "Ver.3.20 and prior"
},
{
"status": "affected",
"version": "Ver 7.09 and prior"
},
{
"status": "affected",
"version": "Ver 7.93 and prior"
},
{
"status": "affected",
"version": "Ver.1.30 and prior"
},
{
"status": "affected",
"version": "Ver.2.20 and prior"
},
{
"status": "affected",
"version": "Ver.2.21 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Restriction of XML External Entity Reference vulnerability in Mitsubishi Electric Air Conditioning System/Centralized Controllers (G-50A Ver.3.35 and prior, GB-50A Ver.3.35 and prior, GB-24A Ver.9.11 and prior, AG-150A-A Ver.3.20 and prior, AG-150A-J Ver.3.20 and prior, GB-50ADA-A Ver.3.20 and prior, GB-50ADA-J Ver.3.20 and prior, EB-50GU-A Ver 7.09 and prior, EB-50GU-J Ver 7.09 and prior, AE-200A Ver 7.93 and prior, AE-200E Ver 7.93 and prior, AE-50A Ver 7.93 and prior, AE-50E Ver 7.93 and prior, EW-50A Ver 7.93 and prior, EW-50E Ver 7.93 and prior, TE-200A Ver 7.93 and prior, TE-50A Ver 7.93 and prior, TW-50A Ver 7.93 and prior, CMS-RMD-J Ver.1.30 and prior), Air Conditioning System/Expansion Controllers (PAC-YG50ECA Ver.2.20 and prior) and Air Conditioning System/BM adapter(BAC-HD150 Ver.2.21 and prior) allows a remote unauthenticated attacker to disclose some of data in the air conditioning system or cause a DoS condition by sending specially crafted packets."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Restriction of XML External Entity Reference",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-13T10:54:01",
"orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
"shortName": "Mitsubishi"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-005_en.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/vu/JVNVU93086468/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"ID": "CVE-2021-20595",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Air Conditioning System/Centralized Controllers G-50A; GB-50A; GB-24A; AG-150A-A; AG-150A-J; GB-50ADA-A; GB-50ADA-J; EB-50GU-A; EB-50GU-J; AE-200A; AE-200E; AE-50A; AE-50E; EW-50A; EW-50E; TE-200A; TE-50A; TW-50A; CMS-RMD-J; Air Conditioning System/Expansion Controllers PAC-YG50ECA; Air Conditioning System/BM adapter BAC-HD150",
"version": {
"version_data": [
{
"version_value": "Ver.3.35 and prior"
},
{
"version_value": "Ver.3.35 and prior"
},
{
"version_value": "Ver.9.11 and prior"
},
{
"version_value": "Ver.3.20 and prior"
},
{
"version_value": "Ver.3.20 and prior"
},
{
"version_value": "Ver.3.20 and prior"
},
{
"version_value": "Ver.3.20 and prior"
},
{
"version_value": "Ver 7.09 and prior"
},
{
"version_value": "Ver 7.09 and prior"
},
{
"version_value": "Ver 7.93 and prior"
},
{
"version_value": "Ver 7.93 and prior"
},
{
"version_value": "Ver 7.93 and prior"
},
{
"version_value": "Ver 7.93 and prior"
},
{
"version_value": "Ver 7.93 and prior"
},
{
"version_value": "Ver 7.93 and prior"
},
{
"version_value": "Ver 7.93 and prior"
},
{
"version_value": "Ver 7.93 and prior"
},
{
"version_value": "Ver 7.93 and prior"
},
{
"version_value": "Ver.1.30 and prior"
},
{
"version_value": "Ver.2.20 and prior"
},
{
"version_value": "Ver.2.21 and prior"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Restriction of XML External Entity Reference vulnerability in Mitsubishi Electric Air Conditioning System/Centralized Controllers (G-50A Ver.3.35 and prior, GB-50A Ver.3.35 and prior, GB-24A Ver.9.11 and prior, AG-150A-A Ver.3.20 and prior, AG-150A-J Ver.3.20 and prior, GB-50ADA-A Ver.3.20 and prior, GB-50ADA-J Ver.3.20 and prior, EB-50GU-A Ver 7.09 and prior, EB-50GU-J Ver 7.09 and prior, AE-200A Ver 7.93 and prior, AE-200E Ver 7.93 and prior, AE-50A Ver 7.93 and prior, AE-50E Ver 7.93 and prior, EW-50A Ver 7.93 and prior, EW-50E Ver 7.93 and prior, TE-200A Ver 7.93 and prior, TE-50A Ver 7.93 and prior, TW-50A Ver 7.93 and prior, CMS-RMD-J Ver.1.30 and prior), Air Conditioning System/Expansion Controllers (PAC-YG50ECA Ver.2.20 and prior) and Air Conditioning System/BM adapter(BAC-HD150 Ver.2.21 and prior) allows a remote unauthenticated attacker to disclose some of data in the air conditioning system or cause a DoS condition by sending specially crafted packets."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Restriction of XML External Entity Reference"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-005_en.pdf",
"refsource": "MISC",
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-005_en.pdf"
},
{
"name": "https://jvn.jp/vu/JVNVU93086468/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/vu/JVNVU93086468/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
"assignerShortName": "Mitsubishi",
"cveId": "CVE-2021-20595",
"datePublished": "2021-07-13T10:54:01",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:45:44.715Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}