CRITICAL🇵🇱 Wersja polska

CVE-2022-33321

CVSS 9.8v3.1pub. 2022-11-08upd. 2025-05-01

Cleartext Transmission of Sensitive Information vulnerability due to the use of Basic Authentication for HTTP connections in Mitsubishi Electric consumer electronics products (PHOTOVOLTAIC COLOR MONITOR ECO-GUIDE, HEMS adapter, Wi-Fi Interface, Air Conditioning, Induction hob, Mitsubishi Electric HEMS Energy Measurement Unit, Refrigerator, Remote control with Wi-Fi Interface, BATHROOM THERMO VENTILATOR, Rice cooker, Mitsubishi Electric HEMS control adapter, Energy Recovery Ventilator, Smart Switch, Ventilating Fan, Range hood fan, Energy Measurement Unit and Air Purifier) allows a remote unauthenticated attacker to disclose information in the products or cause a denial of service (DoS) condition as a result by sniffing credential information (username and password). The wide range of models/versions of Mitsubishi Electric consumer electronics products are affected by this vulnerability. As for the affected product models/versions, see the Mitsubishi Electric's advisory which is listed in [References] section.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Mitsubishielectric Mac 557if E

    HW
    Mitsubishielectric
    wszystkie wersje
  • Mitsubishielectric Mac 557if E1

    HW
    Mitsubishielectric
    wszystkie wersje
  • Mitsubishielectric Mac 557if E1 Firmware

    OS
    Mitsubishielectric
    wszystkie wersje
  • Mitsubishielectric Mac 557if E Firmware

    OS
    Mitsubishielectric
    wszystkie wersje
  • Mitsubishielectric Mac 558if E

    HW
    Mitsubishielectric
    wszystkie wersje
  • Mitsubishielectric Mac 558if E1

    HW
    Mitsubishielectric
    wszystkie wersje
  • Mitsubishielectric Mac 558if E1 Firmware

    OS
    Mitsubishielectric
    wszystkie wersje
  • Mitsubishielectric Mac 558if E Firmware

    OS
    Mitsubishielectric
    wszystkie wersje
  • Mitsubishielectric Mac 559if E

    HW
    Mitsubishielectric
    wszystkie wersje
  • Mitsubishielectric Mac 559if E1

    HW
    Mitsubishielectric
    wszystkie wersje
  • Mitsubishielectric Mac 559if E1 Firmware

    OS
    Mitsubishielectric
    wszystkie wersje
  • Mitsubishielectric Mac 559if E Firmware

    OS
    Mitsubishielectric
    wszystkie wersje
  • Mitsubishielectric Mac 566ifb E

    HW
    Mitsubishielectric
    wszystkie wersje
  • Mitsubishielectric Mac 566ifb E Firmware

    OS
    Mitsubishielectric
    wszystkie wersje
  • Mitsubishielectric Mac 567ifb2 E

    HW
    Mitsubishielectric
    wszystkie wersje
  • Mitsubishielectric Mac 567ifb2 E Firmware

    OS
    Mitsubishielectric
    wszystkie wersje
  • Mitsubishielectric Mac 567ifb E

    HW
    Mitsubishielectric
    wszystkie wersje
  • Mitsubishielectric Mac 567ifb E Firmware

    OS
    Mitsubishielectric
    wszystkie wersje
  • Mitsubishielectric Mac 568ifb2 E

    HW
    Mitsubishielectric
    wszystkie wersje
  • Mitsubishielectric Mac 568ifb2 E Firmware

    OS
    Mitsubishielectric
    wszystkie wersje
  • Mitsubishielectric Mac 568ifb3 E

    HW
    Mitsubishielectric
    wszystkie wersje
  • Mitsubishielectric Mac 568ifb3 E Firmware

    OS
    Mitsubishielectric
    wszystkie wersje
  • Mitsubishielectric Mac 568ifb E

    HW
    Mitsubishielectric
    wszystkie wersje
  • Mitsubishielectric Mac 568ifb E Firmware

    OS
    Mitsubishielectric
    wszystkie wersje
  • Mitsubishielectric Mac 568if E

    HW
    Mitsubishielectric
    wszystkie wersje
  • Mitsubishielectric Mac 568if E Firmware

    OS
    Mitsubishielectric
    wszystkie wersje
  • Mitsubishielectric Mac 576if E1

    HW
    Mitsubishielectric
    wszystkie wersje
  • Mitsubishielectric Mac 576if E1 Firmware

    OS
    Mitsubishielectric
    wszystkie wersje
  • Mitsubishielectric Msz Ap25\/35\/42\/50vgk E6

    HW
    Mitsubishielectric
    wszystkie wersje
  • Mitsubishielectric Msz Ap25\/35\/42\/50vgk E6 Firmware

    OS
    Mitsubishielectric
    wszystkie wersje
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth BypassDoS
CWE
References

Related vulnerabilities

CVE-2023-6943CRITICAL9.8PL ✓ten sam vendor

Unsafe Reflection w oprogramowaniu Mitsubishi Electric — zdalne wykonanie kodu

CVE-2023-4699CRITICAL10.0ten sam vendor

Missing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation MELSEC-F Series ...

CVE-2023-4562CRITICAL9.1ten sam vendor

Improper Authentication vulnerability in Mitsubishi Electric Corporation MELSEC-F Series main modules allows a...

CVE-2023-4088CRITICAL9.3ten sam vendor

Incorrect Default Permissions vulnerability in Mitsubishi Electric Corporation multiple FA engineering softwar...

CVE-2023-3346CRITICAL9.8ten sam vendor

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in MITSUBSHI CNC Series a...