Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for cms-rmd-j_firmware by mitsubishi

    CVE-2021-20593 (GCVE-0-2021-20593)

    Vulnerability from nvd – Published: 2021-07-13 13:30 – Updated: 2024-08-03 17:45
    VLAI
    Summary
    Incorrect Implementation of Authentication Algorithm in Mitsubishi Electric Air Conditioning System/Centralized Controllers (G-50A Ver.2.50 to Ver. 3.35, GB-50A Ver.2.50 to Ver. 3.35, AG-150A-A Ver.3.20 and prior, AG-150A-J Ver.3.20 and prior, GB-50ADA-A Ver.3.20 and prior, GB-50ADA-J Ver.3.20 and prior, EB-50GU-A Ver 7.09 and prior, EB-50GU-J Ver 7.09 and prior, AE-200A Ver 7.93 and prior, AE-200E Ver 7.93 and prior, AE-50A Ver 7.93 and prior, AE-50E Ver 7.93 and prior, EW-50A Ver 7.93 and prior, EW-50E Ver 7.93 and prior, TE-200A Ver 7.93 and prior, TE-50A Ver 7.93 and prior, TW-50A Ver 7.93 and prior, CMS-RMD-J Ver.1.30 and prior) and Air Conditioning System/Expansion Controllers (PAC-YG50ECA Ver.2.20 and prior) allows a remote authenticated attacker to impersonate administrators to disclose configuration information of the air conditioning system and tamper information (e.g. operation information and configuration of air conditioning system) by exploiting this vulnerability.
    Severity
    No CVSS data available.
    CWE
    • Incorrect Implementation of Authentication Algorithm
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Air Conditioning System/Centralized Controllers G-50A; GB-50A; AG-150A-A; AG-150A-J; GB-50ADA-A; GB-50ADA-J; EB-50GU-A; EB-50GU-J; AE-200A; AE-200E; AE-50A; AE-50E; EW-50A; EW-50E; TE-200A; TE-50A; TW-50A; CMS-RMD-J; Air Conditioning System/Expansion Controllers PAC-YG50ECA Affected: Ver.2.50 to Ver.3.35
    Affected: Ver.3.20 and prior
    Affected: Ver 7.09 and prior
    Affected: Ver 7.93 and prior
    Affected: Ver.1.30 and prior
    Affected: Ver.2.20 and prior
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T17:45:44.715Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-004_en.pdf"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/vu/JVNVU96046575/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Air Conditioning System/Centralized Controllers G-50A; GB-50A; AG-150A-A; AG-150A-J; GB-50ADA-A; GB-50ADA-J; EB-50GU-A; EB-50GU-J; AE-200A; AE-200E; AE-50A; AE-50E; EW-50A; EW-50E; TE-200A; TE-50A; TW-50A; CMS-RMD-J; Air Conditioning System/Expansion Controllers PAC-YG50ECA",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Ver.2.50 to Ver.3.35"
                },
                {
                  "status": "affected",
                  "version": "Ver.3.20 and prior"
                },
                {
                  "status": "affected",
                  "version": "Ver 7.09 and prior"
                },
                {
                  "status": "affected",
                  "version": "Ver 7.93 and prior"
                },
                {
                  "status": "affected",
                  "version": "Ver.1.30 and prior"
                },
                {
                  "status": "affected",
                  "version": "Ver.2.20 and prior"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Incorrect Implementation of Authentication Algorithm in Mitsubishi Electric Air Conditioning System/Centralized Controllers (G-50A Ver.2.50 to Ver. 3.35, GB-50A Ver.2.50 to Ver. 3.35, AG-150A-A Ver.3.20 and prior, AG-150A-J Ver.3.20 and prior, GB-50ADA-A Ver.3.20 and prior, GB-50ADA-J Ver.3.20 and prior, EB-50GU-A Ver 7.09 and prior, EB-50GU-J Ver 7.09 and prior, AE-200A Ver 7.93 and prior, AE-200E Ver 7.93 and prior, AE-50A Ver 7.93 and prior, AE-50E Ver 7.93 and prior, EW-50A Ver 7.93 and prior, EW-50E Ver 7.93 and prior, TE-200A Ver 7.93 and prior, TE-50A Ver 7.93 and prior, TW-50A Ver 7.93 and prior, CMS-RMD-J Ver.1.30 and prior) and Air Conditioning System/Expansion Controllers (PAC-YG50ECA Ver.2.20 and prior) allows a remote authenticated attacker to impersonate administrators to disclose configuration information of the air conditioning system and tamper information (e.g. operation information and configuration of air conditioning system) by exploiting this vulnerability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Incorrect Implementation of Authentication Algorithm",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-07-13T13:30:59.000Z",
            "orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
            "shortName": "Mitsubishi"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-004_en.pdf"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jvn.jp/vu/JVNVU96046575/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
              "ID": "CVE-2021-20593",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Air Conditioning System/Centralized Controllers G-50A; GB-50A; AG-150A-A; AG-150A-J; GB-50ADA-A; GB-50ADA-J; EB-50GU-A; EB-50GU-J; AE-200A; AE-200E; AE-50A; AE-50E; EW-50A; EW-50E; TE-200A; TE-50A; TW-50A; CMS-RMD-J; Air Conditioning System/Expansion Controllers PAC-YG50ECA",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Ver.2.50 to Ver.3.35"
                              },
                              {
                                "version_value": "Ver.2.50 to Ver.3.35"
                              },
                              {
                                "version_value": "Ver.3.20 and prior"
                              },
                              {
                                "version_value": "Ver.3.20 and prior"
                              },
                              {
                                "version_value": "Ver.3.20 and prior"
                              },
                              {
                                "version_value": "Ver.3.20 and prior"
                              },
                              {
                                "version_value": "Ver 7.09 and prior"
                              },
                              {
                                "version_value": "Ver 7.09 and prior"
                              },
                              {
                                "version_value": "Ver 7.93 and prior"
                              },
                              {
                                "version_value": "Ver 7.93 and prior"
                              },
                              {
                                "version_value": "Ver 7.93 and prior"
                              },
                              {
                                "version_value": "Ver 7.93 and prior"
                              },
                              {
                                "version_value": "Ver 7.93 and prior"
                              },
                              {
                                "version_value": "Ver 7.93 and prior"
                              },
                              {
                                "version_value": "Ver 7.93 and prior"
                              },
                              {
                                "version_value": "Ver 7.93 and prior"
                              },
                              {
                                "version_value": "Ver 7.93 and prior"
                              },
                              {
                                "version_value": "Ver.1.30 and prior"
                              },
                              {
                                "version_value": "Ver.2.20 and prior"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Incorrect Implementation of Authentication Algorithm in Mitsubishi Electric Air Conditioning System/Centralized Controllers (G-50A Ver.2.50 to Ver. 3.35, GB-50A Ver.2.50 to Ver. 3.35, AG-150A-A Ver.3.20 and prior, AG-150A-J Ver.3.20 and prior, GB-50ADA-A Ver.3.20 and prior, GB-50ADA-J Ver.3.20 and prior, EB-50GU-A Ver 7.09 and prior, EB-50GU-J Ver 7.09 and prior, AE-200A Ver 7.93 and prior, AE-200E Ver 7.93 and prior, AE-50A Ver 7.93 and prior, AE-50E Ver 7.93 and prior, EW-50A Ver 7.93 and prior, EW-50E Ver 7.93 and prior, TE-200A Ver 7.93 and prior, TE-50A Ver 7.93 and prior, TW-50A Ver 7.93 and prior, CMS-RMD-J Ver.1.30 and prior) and Air Conditioning System/Expansion Controllers (PAC-YG50ECA Ver.2.20 and prior) allows a remote authenticated attacker to impersonate administrators to disclose configuration information of the air conditioning system and tamper information (e.g. operation information and configuration of air conditioning system) by exploiting this vulnerability."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Incorrect Implementation of Authentication Algorithm"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-004_en.pdf",
                  "refsource": "MISC",
                  "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-004_en.pdf"
                },
                {
                  "name": "https://jvn.jp/vu/JVNVU96046575/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/vu/JVNVU96046575/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
        "assignerShortName": "Mitsubishi",
        "cveId": "CVE-2021-20593",
        "datePublished": "2021-07-13T13:30:59.000Z",
        "dateReserved": "2020-12-17T00:00:00.000Z",
        "dateUpdated": "2024-08-03T17:45:44.715Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-20595 (GCVE-0-2021-20595)

    Vulnerability from nvd – Published: 2021-07-13 10:54 – Updated: 2024-08-03 17:45
    VLAI
    Summary
    Improper Restriction of XML External Entity Reference vulnerability in Mitsubishi Electric Air Conditioning System/Centralized Controllers (G-50A Ver.3.35 and prior, GB-50A Ver.3.35 and prior, GB-24A Ver.9.11 and prior, AG-150A-A Ver.3.20 and prior, AG-150A-J Ver.3.20 and prior, GB-50ADA-A Ver.3.20 and prior, GB-50ADA-J Ver.3.20 and prior, EB-50GU-A Ver 7.09 and prior, EB-50GU-J Ver 7.09 and prior, AE-200A Ver 7.93 and prior, AE-200E Ver 7.93 and prior, AE-50A Ver 7.93 and prior, AE-50E Ver 7.93 and prior, EW-50A Ver 7.93 and prior, EW-50E Ver 7.93 and prior, TE-200A Ver 7.93 and prior, TE-50A Ver 7.93 and prior, TW-50A Ver 7.93 and prior, CMS-RMD-J Ver.1.30 and prior), Air Conditioning System/Expansion Controllers (PAC-YG50ECA Ver.2.20 and prior) and Air Conditioning System/BM adapter(BAC-HD150 Ver.2.21 and prior) allows a remote unauthenticated attacker to disclose some of data in the air conditioning system or cause a DoS condition by sending specially crafted packets.
    Severity
    No CVSS data available.
    CWE
    • Improper Restriction of XML External Entity Reference
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Air Conditioning System/Centralized Controllers G-50A; GB-50A; GB-24A; AG-150A-A; AG-150A-J; GB-50ADA-A; GB-50ADA-J; EB-50GU-A; EB-50GU-J; AE-200A; AE-200E; AE-50A; AE-50E; EW-50A; EW-50E; TE-200A; TE-50A; TW-50A; CMS-RMD-J; Air Conditioning System/Expansion Controllers PAC-YG50ECA; Air Conditioning System/BM adapter BAC-HD150 Affected: Ver.3.35 and prior
    Affected: Ver.9.11 and prior
    Affected: Ver.3.20 and prior
    Affected: Ver 7.09 and prior
    Affected: Ver 7.93 and prior
    Affected: Ver.1.30 and prior
    Affected: Ver.2.20 and prior
    Affected: Ver.2.21 and prior
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T17:45:44.715Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-005_en.pdf"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/vu/JVNVU93086468/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Air Conditioning System/Centralized Controllers G-50A; GB-50A; GB-24A; AG-150A-A; AG-150A-J; GB-50ADA-A; GB-50ADA-J; EB-50GU-A; EB-50GU-J; AE-200A; AE-200E; AE-50A; AE-50E; EW-50A; EW-50E; TE-200A; TE-50A; TW-50A; CMS-RMD-J; Air Conditioning System/Expansion Controllers PAC-YG50ECA; Air Conditioning System/BM adapter BAC-HD150",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Ver.3.35 and prior"
                },
                {
                  "status": "affected",
                  "version": "Ver.9.11 and prior"
                },
                {
                  "status": "affected",
                  "version": "Ver.3.20 and prior"
                },
                {
                  "status": "affected",
                  "version": "Ver 7.09 and prior"
                },
                {
                  "status": "affected",
                  "version": "Ver 7.93 and prior"
                },
                {
                  "status": "affected",
                  "version": "Ver.1.30 and prior"
                },
                {
                  "status": "affected",
                  "version": "Ver.2.20 and prior"
                },
                {
                  "status": "affected",
                  "version": "Ver.2.21 and prior"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper Restriction of XML External Entity Reference vulnerability in Mitsubishi Electric Air Conditioning System/Centralized Controllers (G-50A Ver.3.35 and prior, GB-50A Ver.3.35 and prior, GB-24A Ver.9.11 and prior, AG-150A-A Ver.3.20 and prior, AG-150A-J Ver.3.20 and prior, GB-50ADA-A Ver.3.20 and prior, GB-50ADA-J Ver.3.20 and prior, EB-50GU-A Ver 7.09 and prior, EB-50GU-J Ver 7.09 and prior, AE-200A Ver 7.93 and prior, AE-200E Ver 7.93 and prior, AE-50A Ver 7.93 and prior, AE-50E Ver 7.93 and prior, EW-50A Ver 7.93 and prior, EW-50E Ver 7.93 and prior, TE-200A Ver 7.93 and prior, TE-50A Ver 7.93 and prior, TW-50A Ver 7.93 and prior, CMS-RMD-J Ver.1.30 and prior), Air Conditioning System/Expansion Controllers (PAC-YG50ECA Ver.2.20 and prior) and Air Conditioning System/BM adapter(BAC-HD150 Ver.2.21 and prior) allows a remote unauthenticated attacker to disclose some of data in the air conditioning system or cause a DoS condition by sending specially crafted packets."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper Restriction of XML External Entity Reference",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-07-13T10:54:01.000Z",
            "orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
            "shortName": "Mitsubishi"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-005_en.pdf"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jvn.jp/vu/JVNVU93086468/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
              "ID": "CVE-2021-20595",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Air Conditioning System/Centralized Controllers G-50A; GB-50A; GB-24A; AG-150A-A; AG-150A-J; GB-50ADA-A; GB-50ADA-J; EB-50GU-A; EB-50GU-J; AE-200A; AE-200E; AE-50A; AE-50E; EW-50A; EW-50E; TE-200A; TE-50A; TW-50A; CMS-RMD-J; Air Conditioning System/Expansion Controllers PAC-YG50ECA; Air Conditioning System/BM adapter BAC-HD150",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Ver.3.35 and prior"
                              },
                              {
                                "version_value": "Ver.3.35 and prior"
                              },
                              {
                                "version_value": "Ver.9.11 and prior"
                              },
                              {
                                "version_value": "Ver.3.20 and prior"
                              },
                              {
                                "version_value": "Ver.3.20 and prior"
                              },
                              {
                                "version_value": "Ver.3.20 and prior"
                              },
                              {
                                "version_value": "Ver.3.20 and prior"
                              },
                              {
                                "version_value": "Ver 7.09 and prior"
                              },
                              {
                                "version_value": "Ver 7.09 and prior"
                              },
                              {
                                "version_value": "Ver 7.93 and prior"
                              },
                              {
                                "version_value": "Ver 7.93 and prior"
                              },
                              {
                                "version_value": "Ver 7.93 and prior"
                              },
                              {
                                "version_value": "Ver 7.93 and prior"
                              },
                              {
                                "version_value": "Ver 7.93 and prior"
                              },
                              {
                                "version_value": "Ver 7.93 and prior"
                              },
                              {
                                "version_value": "Ver 7.93 and prior"
                              },
                              {
                                "version_value": "Ver 7.93 and prior"
                              },
                              {
                                "version_value": "Ver 7.93 and prior"
                              },
                              {
                                "version_value": "Ver.1.30 and prior"
                              },
                              {
                                "version_value": "Ver.2.20 and prior"
                              },
                              {
                                "version_value": "Ver.2.21 and prior"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Improper Restriction of XML External Entity Reference vulnerability in Mitsubishi Electric Air Conditioning System/Centralized Controllers (G-50A Ver.3.35 and prior, GB-50A Ver.3.35 and prior, GB-24A Ver.9.11 and prior, AG-150A-A Ver.3.20 and prior, AG-150A-J Ver.3.20 and prior, GB-50ADA-A Ver.3.20 and prior, GB-50ADA-J Ver.3.20 and prior, EB-50GU-A Ver 7.09 and prior, EB-50GU-J Ver 7.09 and prior, AE-200A Ver 7.93 and prior, AE-200E Ver 7.93 and prior, AE-50A Ver 7.93 and prior, AE-50E Ver 7.93 and prior, EW-50A Ver 7.93 and prior, EW-50E Ver 7.93 and prior, TE-200A Ver 7.93 and prior, TE-50A Ver 7.93 and prior, TW-50A Ver 7.93 and prior, CMS-RMD-J Ver.1.30 and prior), Air Conditioning System/Expansion Controllers (PAC-YG50ECA Ver.2.20 and prior) and Air Conditioning System/BM adapter(BAC-HD150 Ver.2.21 and prior) allows a remote unauthenticated attacker to disclose some of data in the air conditioning system or cause a DoS condition by sending specially crafted packets."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Improper Restriction of XML External Entity Reference"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-005_en.pdf",
                  "refsource": "MISC",
                  "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-005_en.pdf"
                },
                {
                  "name": "https://jvn.jp/vu/JVNVU93086468/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/vu/JVNVU93086468/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
        "assignerShortName": "Mitsubishi",
        "cveId": "CVE-2021-20595",
        "datePublished": "2021-07-13T10:54:01.000Z",
        "dateReserved": "2020-12-17T00:00:00.000Z",
        "dateUpdated": "2024-08-03T17:45:44.715Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-20593 (GCVE-0-2021-20593)

    Vulnerability from cvelistv5 – Published: 2021-07-13 13:30 – Updated: 2024-08-03 17:45
    VLAI
    Summary
    Incorrect Implementation of Authentication Algorithm in Mitsubishi Electric Air Conditioning System/Centralized Controllers (G-50A Ver.2.50 to Ver. 3.35, GB-50A Ver.2.50 to Ver. 3.35, AG-150A-A Ver.3.20 and prior, AG-150A-J Ver.3.20 and prior, GB-50ADA-A Ver.3.20 and prior, GB-50ADA-J Ver.3.20 and prior, EB-50GU-A Ver 7.09 and prior, EB-50GU-J Ver 7.09 and prior, AE-200A Ver 7.93 and prior, AE-200E Ver 7.93 and prior, AE-50A Ver 7.93 and prior, AE-50E Ver 7.93 and prior, EW-50A Ver 7.93 and prior, EW-50E Ver 7.93 and prior, TE-200A Ver 7.93 and prior, TE-50A Ver 7.93 and prior, TW-50A Ver 7.93 and prior, CMS-RMD-J Ver.1.30 and prior) and Air Conditioning System/Expansion Controllers (PAC-YG50ECA Ver.2.20 and prior) allows a remote authenticated attacker to impersonate administrators to disclose configuration information of the air conditioning system and tamper information (e.g. operation information and configuration of air conditioning system) by exploiting this vulnerability.
    Severity
    No CVSS data available.
    CWE
    • Incorrect Implementation of Authentication Algorithm
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Air Conditioning System/Centralized Controllers G-50A; GB-50A; AG-150A-A; AG-150A-J; GB-50ADA-A; GB-50ADA-J; EB-50GU-A; EB-50GU-J; AE-200A; AE-200E; AE-50A; AE-50E; EW-50A; EW-50E; TE-200A; TE-50A; TW-50A; CMS-RMD-J; Air Conditioning System/Expansion Controllers PAC-YG50ECA Affected: Ver.2.50 to Ver.3.35
    Affected: Ver.3.20 and prior
    Affected: Ver 7.09 and prior
    Affected: Ver 7.93 and prior
    Affected: Ver.1.30 and prior
    Affected: Ver.2.20 and prior
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T17:45:44.715Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-004_en.pdf"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/vu/JVNVU96046575/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Air Conditioning System/Centralized Controllers G-50A; GB-50A; AG-150A-A; AG-150A-J; GB-50ADA-A; GB-50ADA-J; EB-50GU-A; EB-50GU-J; AE-200A; AE-200E; AE-50A; AE-50E; EW-50A; EW-50E; TE-200A; TE-50A; TW-50A; CMS-RMD-J; Air Conditioning System/Expansion Controllers PAC-YG50ECA",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Ver.2.50 to Ver.3.35"
                },
                {
                  "status": "affected",
                  "version": "Ver.3.20 and prior"
                },
                {
                  "status": "affected",
                  "version": "Ver 7.09 and prior"
                },
                {
                  "status": "affected",
                  "version": "Ver 7.93 and prior"
                },
                {
                  "status": "affected",
                  "version": "Ver.1.30 and prior"
                },
                {
                  "status": "affected",
                  "version": "Ver.2.20 and prior"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Incorrect Implementation of Authentication Algorithm in Mitsubishi Electric Air Conditioning System/Centralized Controllers (G-50A Ver.2.50 to Ver. 3.35, GB-50A Ver.2.50 to Ver. 3.35, AG-150A-A Ver.3.20 and prior, AG-150A-J Ver.3.20 and prior, GB-50ADA-A Ver.3.20 and prior, GB-50ADA-J Ver.3.20 and prior, EB-50GU-A Ver 7.09 and prior, EB-50GU-J Ver 7.09 and prior, AE-200A Ver 7.93 and prior, AE-200E Ver 7.93 and prior, AE-50A Ver 7.93 and prior, AE-50E Ver 7.93 and prior, EW-50A Ver 7.93 and prior, EW-50E Ver 7.93 and prior, TE-200A Ver 7.93 and prior, TE-50A Ver 7.93 and prior, TW-50A Ver 7.93 and prior, CMS-RMD-J Ver.1.30 and prior) and Air Conditioning System/Expansion Controllers (PAC-YG50ECA Ver.2.20 and prior) allows a remote authenticated attacker to impersonate administrators to disclose configuration information of the air conditioning system and tamper information (e.g. operation information and configuration of air conditioning system) by exploiting this vulnerability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Incorrect Implementation of Authentication Algorithm",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-07-13T13:30:59.000Z",
            "orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
            "shortName": "Mitsubishi"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-004_en.pdf"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jvn.jp/vu/JVNVU96046575/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
              "ID": "CVE-2021-20593",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Air Conditioning System/Centralized Controllers G-50A; GB-50A; AG-150A-A; AG-150A-J; GB-50ADA-A; GB-50ADA-J; EB-50GU-A; EB-50GU-J; AE-200A; AE-200E; AE-50A; AE-50E; EW-50A; EW-50E; TE-200A; TE-50A; TW-50A; CMS-RMD-J; Air Conditioning System/Expansion Controllers PAC-YG50ECA",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Ver.2.50 to Ver.3.35"
                              },
                              {
                                "version_value": "Ver.2.50 to Ver.3.35"
                              },
                              {
                                "version_value": "Ver.3.20 and prior"
                              },
                              {
                                "version_value": "Ver.3.20 and prior"
                              },
                              {
                                "version_value": "Ver.3.20 and prior"
                              },
                              {
                                "version_value": "Ver.3.20 and prior"
                              },
                              {
                                "version_value": "Ver 7.09 and prior"
                              },
                              {
                                "version_value": "Ver 7.09 and prior"
                              },
                              {
                                "version_value": "Ver 7.93 and prior"
                              },
                              {
                                "version_value": "Ver 7.93 and prior"
                              },
                              {
                                "version_value": "Ver 7.93 and prior"
                              },
                              {
                                "version_value": "Ver 7.93 and prior"
                              },
                              {
                                "version_value": "Ver 7.93 and prior"
                              },
                              {
                                "version_value": "Ver 7.93 and prior"
                              },
                              {
                                "version_value": "Ver 7.93 and prior"
                              },
                              {
                                "version_value": "Ver 7.93 and prior"
                              },
                              {
                                "version_value": "Ver 7.93 and prior"
                              },
                              {
                                "version_value": "Ver.1.30 and prior"
                              },
                              {
                                "version_value": "Ver.2.20 and prior"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Incorrect Implementation of Authentication Algorithm in Mitsubishi Electric Air Conditioning System/Centralized Controllers (G-50A Ver.2.50 to Ver. 3.35, GB-50A Ver.2.50 to Ver. 3.35, AG-150A-A Ver.3.20 and prior, AG-150A-J Ver.3.20 and prior, GB-50ADA-A Ver.3.20 and prior, GB-50ADA-J Ver.3.20 and prior, EB-50GU-A Ver 7.09 and prior, EB-50GU-J Ver 7.09 and prior, AE-200A Ver 7.93 and prior, AE-200E Ver 7.93 and prior, AE-50A Ver 7.93 and prior, AE-50E Ver 7.93 and prior, EW-50A Ver 7.93 and prior, EW-50E Ver 7.93 and prior, TE-200A Ver 7.93 and prior, TE-50A Ver 7.93 and prior, TW-50A Ver 7.93 and prior, CMS-RMD-J Ver.1.30 and prior) and Air Conditioning System/Expansion Controllers (PAC-YG50ECA Ver.2.20 and prior) allows a remote authenticated attacker to impersonate administrators to disclose configuration information of the air conditioning system and tamper information (e.g. operation information and configuration of air conditioning system) by exploiting this vulnerability."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Incorrect Implementation of Authentication Algorithm"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-004_en.pdf",
                  "refsource": "MISC",
                  "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-004_en.pdf"
                },
                {
                  "name": "https://jvn.jp/vu/JVNVU96046575/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/vu/JVNVU96046575/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
        "assignerShortName": "Mitsubishi",
        "cveId": "CVE-2021-20593",
        "datePublished": "2021-07-13T13:30:59.000Z",
        "dateReserved": "2020-12-17T00:00:00.000Z",
        "dateUpdated": "2024-08-03T17:45:44.715Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-20595 (GCVE-0-2021-20595)

    Vulnerability from cvelistv5 – Published: 2021-07-13 10:54 – Updated: 2024-08-03 17:45
    VLAI
    Summary
    Improper Restriction of XML External Entity Reference vulnerability in Mitsubishi Electric Air Conditioning System/Centralized Controllers (G-50A Ver.3.35 and prior, GB-50A Ver.3.35 and prior, GB-24A Ver.9.11 and prior, AG-150A-A Ver.3.20 and prior, AG-150A-J Ver.3.20 and prior, GB-50ADA-A Ver.3.20 and prior, GB-50ADA-J Ver.3.20 and prior, EB-50GU-A Ver 7.09 and prior, EB-50GU-J Ver 7.09 and prior, AE-200A Ver 7.93 and prior, AE-200E Ver 7.93 and prior, AE-50A Ver 7.93 and prior, AE-50E Ver 7.93 and prior, EW-50A Ver 7.93 and prior, EW-50E Ver 7.93 and prior, TE-200A Ver 7.93 and prior, TE-50A Ver 7.93 and prior, TW-50A Ver 7.93 and prior, CMS-RMD-J Ver.1.30 and prior), Air Conditioning System/Expansion Controllers (PAC-YG50ECA Ver.2.20 and prior) and Air Conditioning System/BM adapter(BAC-HD150 Ver.2.21 and prior) allows a remote unauthenticated attacker to disclose some of data in the air conditioning system or cause a DoS condition by sending specially crafted packets.
    Severity
    No CVSS data available.
    CWE
    • Improper Restriction of XML External Entity Reference
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Air Conditioning System/Centralized Controllers G-50A; GB-50A; GB-24A; AG-150A-A; AG-150A-J; GB-50ADA-A; GB-50ADA-J; EB-50GU-A; EB-50GU-J; AE-200A; AE-200E; AE-50A; AE-50E; EW-50A; EW-50E; TE-200A; TE-50A; TW-50A; CMS-RMD-J; Air Conditioning System/Expansion Controllers PAC-YG50ECA; Air Conditioning System/BM adapter BAC-HD150 Affected: Ver.3.35 and prior
    Affected: Ver.9.11 and prior
    Affected: Ver.3.20 and prior
    Affected: Ver 7.09 and prior
    Affected: Ver 7.93 and prior
    Affected: Ver.1.30 and prior
    Affected: Ver.2.20 and prior
    Affected: Ver.2.21 and prior
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T17:45:44.715Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-005_en.pdf"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/vu/JVNVU93086468/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Air Conditioning System/Centralized Controllers G-50A; GB-50A; GB-24A; AG-150A-A; AG-150A-J; GB-50ADA-A; GB-50ADA-J; EB-50GU-A; EB-50GU-J; AE-200A; AE-200E; AE-50A; AE-50E; EW-50A; EW-50E; TE-200A; TE-50A; TW-50A; CMS-RMD-J; Air Conditioning System/Expansion Controllers PAC-YG50ECA; Air Conditioning System/BM adapter BAC-HD150",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Ver.3.35 and prior"
                },
                {
                  "status": "affected",
                  "version": "Ver.9.11 and prior"
                },
                {
                  "status": "affected",
                  "version": "Ver.3.20 and prior"
                },
                {
                  "status": "affected",
                  "version": "Ver 7.09 and prior"
                },
                {
                  "status": "affected",
                  "version": "Ver 7.93 and prior"
                },
                {
                  "status": "affected",
                  "version": "Ver.1.30 and prior"
                },
                {
                  "status": "affected",
                  "version": "Ver.2.20 and prior"
                },
                {
                  "status": "affected",
                  "version": "Ver.2.21 and prior"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper Restriction of XML External Entity Reference vulnerability in Mitsubishi Electric Air Conditioning System/Centralized Controllers (G-50A Ver.3.35 and prior, GB-50A Ver.3.35 and prior, GB-24A Ver.9.11 and prior, AG-150A-A Ver.3.20 and prior, AG-150A-J Ver.3.20 and prior, GB-50ADA-A Ver.3.20 and prior, GB-50ADA-J Ver.3.20 and prior, EB-50GU-A Ver 7.09 and prior, EB-50GU-J Ver 7.09 and prior, AE-200A Ver 7.93 and prior, AE-200E Ver 7.93 and prior, AE-50A Ver 7.93 and prior, AE-50E Ver 7.93 and prior, EW-50A Ver 7.93 and prior, EW-50E Ver 7.93 and prior, TE-200A Ver 7.93 and prior, TE-50A Ver 7.93 and prior, TW-50A Ver 7.93 and prior, CMS-RMD-J Ver.1.30 and prior), Air Conditioning System/Expansion Controllers (PAC-YG50ECA Ver.2.20 and prior) and Air Conditioning System/BM adapter(BAC-HD150 Ver.2.21 and prior) allows a remote unauthenticated attacker to disclose some of data in the air conditioning system or cause a DoS condition by sending specially crafted packets."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper Restriction of XML External Entity Reference",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-07-13T10:54:01.000Z",
            "orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
            "shortName": "Mitsubishi"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-005_en.pdf"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jvn.jp/vu/JVNVU93086468/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
              "ID": "CVE-2021-20595",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Air Conditioning System/Centralized Controllers G-50A; GB-50A; GB-24A; AG-150A-A; AG-150A-J; GB-50ADA-A; GB-50ADA-J; EB-50GU-A; EB-50GU-J; AE-200A; AE-200E; AE-50A; AE-50E; EW-50A; EW-50E; TE-200A; TE-50A; TW-50A; CMS-RMD-J; Air Conditioning System/Expansion Controllers PAC-YG50ECA; Air Conditioning System/BM adapter BAC-HD150",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Ver.3.35 and prior"
                              },
                              {
                                "version_value": "Ver.3.35 and prior"
                              },
                              {
                                "version_value": "Ver.9.11 and prior"
                              },
                              {
                                "version_value": "Ver.3.20 and prior"
                              },
                              {
                                "version_value": "Ver.3.20 and prior"
                              },
                              {
                                "version_value": "Ver.3.20 and prior"
                              },
                              {
                                "version_value": "Ver.3.20 and prior"
                              },
                              {
                                "version_value": "Ver 7.09 and prior"
                              },
                              {
                                "version_value": "Ver 7.09 and prior"
                              },
                              {
                                "version_value": "Ver 7.93 and prior"
                              },
                              {
                                "version_value": "Ver 7.93 and prior"
                              },
                              {
                                "version_value": "Ver 7.93 and prior"
                              },
                              {
                                "version_value": "Ver 7.93 and prior"
                              },
                              {
                                "version_value": "Ver 7.93 and prior"
                              },
                              {
                                "version_value": "Ver 7.93 and prior"
                              },
                              {
                                "version_value": "Ver 7.93 and prior"
                              },
                              {
                                "version_value": "Ver 7.93 and prior"
                              },
                              {
                                "version_value": "Ver 7.93 and prior"
                              },
                              {
                                "version_value": "Ver.1.30 and prior"
                              },
                              {
                                "version_value": "Ver.2.20 and prior"
                              },
                              {
                                "version_value": "Ver.2.21 and prior"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Improper Restriction of XML External Entity Reference vulnerability in Mitsubishi Electric Air Conditioning System/Centralized Controllers (G-50A Ver.3.35 and prior, GB-50A Ver.3.35 and prior, GB-24A Ver.9.11 and prior, AG-150A-A Ver.3.20 and prior, AG-150A-J Ver.3.20 and prior, GB-50ADA-A Ver.3.20 and prior, GB-50ADA-J Ver.3.20 and prior, EB-50GU-A Ver 7.09 and prior, EB-50GU-J Ver 7.09 and prior, AE-200A Ver 7.93 and prior, AE-200E Ver 7.93 and prior, AE-50A Ver 7.93 and prior, AE-50E Ver 7.93 and prior, EW-50A Ver 7.93 and prior, EW-50E Ver 7.93 and prior, TE-200A Ver 7.93 and prior, TE-50A Ver 7.93 and prior, TW-50A Ver 7.93 and prior, CMS-RMD-J Ver.1.30 and prior), Air Conditioning System/Expansion Controllers (PAC-YG50ECA Ver.2.20 and prior) and Air Conditioning System/BM adapter(BAC-HD150 Ver.2.21 and prior) allows a remote unauthenticated attacker to disclose some of data in the air conditioning system or cause a DoS condition by sending specially crafted packets."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Improper Restriction of XML External Entity Reference"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-005_en.pdf",
                  "refsource": "MISC",
                  "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-005_en.pdf"
                },
                {
                  "name": "https://jvn.jp/vu/JVNVU93086468/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/vu/JVNVU93086468/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
        "assignerShortName": "Mitsubishi",
        "cveId": "CVE-2021-20595",
        "datePublished": "2021-07-13T10:54:01.000Z",
        "dateReserved": "2020-12-17T00:00:00.000Z",
        "dateUpdated": "2024-08-03T17:45:44.715Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }