TROYANOSYVIRUS
Volver a CVEs

CVE-2021-20595

HIGH
8.2

Descripcion

Improper Restriction of XML External Entity Reference vulnerability in Mitsubishi Electric Air Conditioning System/Centralized Controllers (G-50A Ver.3.35 and prior, GB-50A Ver.3.35 and prior, GB-24A Ver.9.11 and prior, AG-150A-A Ver.3.20 and prior, AG-150A-J Ver.3.20 and prior, GB-50ADA-A Ver.3.20 and prior, GB-50ADA-J Ver.3.20 and prior, EB-50GU-A Ver 7.09 and prior, EB-50GU-J Ver 7.09 and prior, AE-200A Ver 7.93 and prior, AE-200E Ver 7.93 and prior, AE-50A Ver 7.93 and prior, AE-50E Ver 7.93 and prior, EW-50A Ver 7.93 and prior, EW-50E Ver 7.93 and prior, TE-200A Ver 7.93 and prior, TE-50A Ver 7.93 and prior, TW-50A Ver 7.93 and prior, CMS-RMD-J Ver.1.30 and prior), Air Conditioning System/Expansion Controllers (PAC-YG50ECA Ver.2.20 and prior) and Air Conditioning System/BM adapter(BAC-HD150 Ver.2.21 and prior) allows a remote unauthenticated attacker to disclose some of data in the air conditioning system or cause a DoS condition by sending specially crafted packets.

Detalles CVE

Puntuacion CVSS v3.18.2
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado7/13/2021
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0

Productos afectados

mitsubishi:ae-200amitsubishi:ae-200a_firmwaremitsubishi:ae-200emitsubishi:ae-200e_firmwaremitsubishi:ae-50amitsubishi:ae-50a_firmwaremitsubishi:ae-50emitsubishi:ae-50e_firmwaremitsubishi:ag-150a-amitsubishi:ag-150a-a_firmwaremitsubishi:ag-150a-jmitsubishi:ag-150a-j_firmwaremitsubishi:cms-rmd-jmitsubishi:cms-rmd-j_firmwaremitsubishi:eb-50gu-amitsubishi:eb-50gu-a_firmwaremitsubishi:eb-50gu-jmitsubishi:eb-50gu-j_firmwaremitsubishi:ew-50amitsubishi:ew-50a_firmwaremitsubishi:ew-50emitsubishi:ew-50e_firmwaremitsubishi:g-50amitsubishi:g-50a_firmwaremitsubishi:gb-50amitsubishi:gb-50a_firmwaremitsubishi:gb-50ada-amitsubishi:gb-50ada-a_firmwaremitsubishi:gb-50ada-jmitsubishi:gb-50ada-j_firmwaremitsubishi:pac-yg50ecamitsubishi:pac-yg50eca_firmwaremitsubishi:te-200amitsubishi:te-200a_firmwaremitsubishi:te-50amitsubishi:te-50a_firmwaremitsubishi:tw-50amitsubishi:tw-50a_firmware

Debilidades (CWE)

CWE-611

Referencias

https://jvn.jp/vu/JVNVU93086468/index.html(Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp)
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-005_en.pdf(Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp)
https://jvn.jp/vu/JVNVU93086468/index.html(af854a3a-2127-422b-91ae-364da2661108)
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-005_en.pdf(af854a3a-2127-422b-91ae-364da2661108)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.