TROYANOSYVIRUS
Zuruck zu CVEs

CVE-2022-33318

CRITICAL
9.8

Beschreibung

Deserialization of Untrusted Data vulnerability in Mitsubishi Electric GENESIS64 versions 10.97 to 10.97.1, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97 to 10.97.1, Mitsubishi Electric ICONICS Suite versions 10.97 to 10.97.1, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97 to 10.97.1, Mitsubishi Electric GENESIS32 versions 9.7 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS32 versions 9.7 and prior, and Mitsubishi Electric MC Works64 versions 4.04E and prior allows a remote unauthenticated attacker to execute an arbitrary malicious code by sending specially crafted packets to the GENESIS64, ICONICS Suite, GENESIS32, or MC Works64 server.

CVE Details

CVSS v3.1 Bewertung9.8
SchweregradCRITICAL
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht7/20/2022
Zuletzt geandert1/9/2026
Quellenvd
Honeypot-Sichtungen0

Betroffene Produkte

iconics:genesis64mitsubishielectric:mc_works64

Schwachen (CWE)

CWE-502CWE-502

Referenzen

https://jvn.jp/vu/JVNVU96480474/index.html(Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp)
https://www.cisa.gov/news-events/ics-advisories/icsa-22-202-04(Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp)
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-008_en.pdf(Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp)
https://jvn.jp/vu/JVNVU96480474/index.html(af854a3a-2127-422b-91ae-364da2661108)
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-008_en.pdf(af854a3a-2127-422b-91ae-364da2661108)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.