CVE-2022-40267— Authentication Bypass Vulnerability in Web Server Function on MELSEC Series

CVSS 5.9 · Medium EPSS 2.18% · P84 Updated Jan 25, 2025

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2022-40267

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Authentication Bypass Vulnerability in Web Server Function on MELSEC Series

Source: NVD (National Vulnerability Database)

Vulnerability Description

Predictable Seed in Pseudo-Random Number Generator (PRNG) vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-xMy/z (x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) with serial number 17X**** or later, and versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-xMy/z (x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) with serial number 179**** and prior, and versions 1.074 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-xMy/z (x=32,64,96, y=T, z=D,DSS)) with serial number 17X**** or later, and versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-xMy/z (x=32,64,96, y=T, z=D,DSS)) with serial number 179**** and prior, and versions 1.074 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-32MT/DS-TS versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-32MT/DSS-TS versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-xMy/z (x=24,40,60, y=T,R, z=ES,ESS) versions 1.042 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-xMy/ES-A (x=24,40,60, y=T,R) versions 1.043 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5S-xMy/z (x=30,40,60,80, y=T,R, z=ES,ESS) versions 1.003 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-32MR/DS-TS versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R00/01/02CPU versions 33 and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120(EN)CPU versions 66 and prior allows a remote unauthenticated attacker to access the Web server function by guessing the random numbers used for authentication from several used random numbers.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Source: NVD (National Vulnerability Database)

Vulnerability Type

PRNG中使用可预测种子

Source: NVD (National Vulnerability Database)

Vulnerability Title

Mitsubishi Electric MELSEC iQ-F series 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Mitsubishi Electric MELSEC iQ-F series是日本三菱电机（Mitsubishi Electric）公司的一款可编程逻辑控制器。 Mitsubishi Electric MELSEC iQ-F series v1.240 版本存在安全漏洞，该漏洞源于特制的 HTTP 请求可能导致会话 cookie 泄漏。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE
Mitsubishi Electric Corporation	MELSEC iQ-F Series FX5U-32MT/ES	serial number 17X**** or later, and versions 1.280 and prior	-
Mitsubishi Electric Corporation	MELSEC iQ-F Series FX5U-64MT/ES	serial number 17X**** or later, and versions 1.280 and prior	-
Mitsubishi Electric Corporation	MELSEC iQ-F Seres FX5U-80MT/ES	serial number 17X**** or later, and versions 1.280 and prior	-
Mitsubishi Electric Corporation	MELSEC iQ-F Series FX5U-32MR/ES	serial number 17X**** or later, and versions 1.280 and prior	-
Mitsubishi Electric Corporation	MELSEC iQ-F Series FX5U-64MR/ES	serial number 17X**** or later, and versions 1.280 and prior	-
Mitsubishi Electric Corporation	MELSEC iQ-F Series FX5U-80MR/ES	serial number 17X**** or later, and versions 1.280 and prior	-
Mitsubishi Electric Corporation	MELSEC iQ-F Series FX5U-32MT/DS	serial number 17X**** or later, and versions 1.280 and prior	-
Mitsubishi Electric Corporation	MELSEC iQ-F Series FX5U-64MT/DS	serial number 17X**** or later, and versions 1.280 and prior	-
Mitsubishi Electric Corporation	MELSEC iQ-F Series FX5U-80MT/DS	serial number 17X**** or later, and versions 1.280 and prior	-
Mitsubishi Electric Corporation	MELSEC iQ-F Series FX5U-32MR/DS	serial number 17X**** or later, and versions 1.280 and prior	-
Mitsubishi Electric Corporation	MELSEC iQ-F Series FX5U-64MR/DS	serial number 17X**** or later, and versions 1.280 and prior	-
Mitsubishi Electric Corporation	MELSEC iQ-F Series FX5U-80MR/DS	serial number 17X**** or later, and versions 1.280 and prior	-
Mitsubishi Electric Corporation	MELSEC iQ-F Series FX5U-32MT/ESS	serial number 17X**** or later, and versions 1.280 and prior	-
Mitsubishi Electric Corporation	MELSEC iQ-F Series FX5U-64MT/ESS	serial number 17X**** or later, and versions 1.280 and prior	-
Mitsubishi Electric Corporation	MELSEC iQ-F Series FX5U-80MT/ESS	serial number 17X**** or later, and versions 1.280 and prior	-
Mitsubishi Electric Corporation	MELSEC iQ-F Series FX5U-32MT/DSS	serial number 17X**** or later, and versions 1.280 and prior	-
Mitsubishi Electric Corporation	MELSEC iQ-F Series FX5U-64MT/DSS	serial number 17X**** or later, and versions 1.280 and prior	-
Mitsubishi Electric Corporation	MELSEC iQ-F Series FX5U-80MT/DSS	serial number 17X**** or later, and versions 1.280 and prior	-
Mitsubishi Electric Corporation	MELSEC iQ-F Series FX5UC-32MT/D	serial number 17X**** or later, and versions 1.280 and prior	-
Mitsubishi Electric Corporation	MELSEC iQ-F Series FX5UC-64MT/D	serial number 17X**** or later, and versions 1.280 and prior	-
Mitsubishi Electric Corporation	MELSEC iQ-F Series FX5UC-96MT/D	serial number 17X**** or later, and versions 1.280 and prior	-
Mitsubishi Electric Corporation	MELSEC iQ-F Series FX5UC-32MT/DSS	serial number 17X**** or later, and versions 1.280 and prior	-
Mitsubishi Electric Corporation	MELSEC iQ-F Series FX5UC-64MT/DSS	serial number 17X**** or later, and versions 1.280 and prior	-
Mitsubishi Electric Corporation	MELSEC iQ-F Series FX5UC-96MT/DSS	serial number 17X**** or later, and versions 1.280 and prior	-
Mitsubishi Electric Corporation	MELSEC iQ-F Series FX5UC-32MT/DS-TS	versions 1.280 and prior	-
Mitsubishi Electric Corporation	MELSEC iQ-F Series FX5UC-32MT/DSS-TS	versions 1.280 and prior	-
Mitsubishi Electric Corporation	MELSEC iQ-F Series FX5UC-32MR/DS-TS	versions 1.280 and prior	-
Mitsubishi Electric Corporation	MELSEC iQ-R Series R00CPU	versions 33 and prior	-
Mitsubishi Electric Corporation	MELSEC iQ-R Series R01CPU	versions 33 and prior	-
Mitsubishi Electric Corporation	MELSEC iQ-R Series R02CPU	versions 33 and prior	-
Mitsubishi Electric Corporation	MELSEC iQ-R Series R04CPU	versions 66 and prior	-
Mitsubishi Electric Corporation	MELSEC iQ-R Series R08CPU	versions 66 and prior	-
Mitsubishi Electric Corporation	MELSEC iQ-R Series R16CPU	versions 66 and prior	-
Mitsubishi Electric Corporation	MELSEC iQ-R Series R32CPU	versions 66 and prior	-
Mitsubishi Electric Corporation	MELSEC iQ-R Series R120CPU	versions 66 and prior	-
Mitsubishi Electric Corporation	MELSEC iQ-R Series R04ENCPU	versions 66 and prior	-
Mitsubishi Electric Corporation	MELSEC iQ-R Series R08ENCPU	versions 66 and prior	-
Mitsubishi Electric Corporation	MELSEC iQ-R Series R16ENCPU	versions 66 and prior	-
Mitsubishi Electric Corporation	MELSEC iQ-R Series R32ENCPU	versions 66 and prior	-
Mitsubishi Electric Corporation	MELSEC iQ-R Series R120ENCPU	versions 66 and prior	-
Mitsubishi Electric Corporation	MELSEC iQ-F Series FX5UJ-24MT/ES	1.042 and prior	-
Mitsubishi Electric Corporation	MELSEC iQ-F Series FX5UJ-40MT/ES	1.042 and prior	-
Mitsubishi Electric Corporation	MELSEC iQ-F Series FX5UJ-60MT/ES	1.042 and prior	-
Mitsubishi Electric Corporation	MELSEC iQ-F Series FX5UJ-24MR/ES	1.042 and prior	-
Mitsubishi Electric Corporation	MELSEC iQ-F Series FX5UJ-40MR/ES	1.042 and prior	-
Mitsubishi Electric Corporation	MELSEC iQ-F Series FX5UJ-60MR/ES	1.042 and prior	-
Mitsubishi Electric Corporation	MELSEC iQ-F Series FX5UJ-24MT/ESS	1.042 and prior	-
Mitsubishi Electric Corporation	MELSEC iQ-F Series FX5UJ-40MT/ESS	1.042 and prior	-
Mitsubishi Electric Corporation	MELSEC iQ-F Series FX5UJ-60MT/ESS	1.042 and prior	-
Mitsubishi Electric Corporation	MELSEC iQ-F Series FX5UJ-24MT/ES-A	1.043 and prior	-
Mitsubishi Electric Corporation	MELSEC iQ-F Series FX5UJ-40MT/ES-A	1.043 and prior	-
Mitsubishi Electric Corporation	MELSEC iQ-F Series FX5UJ-60MT/ES-A	1.043 and prior	-
Mitsubishi Electric Corporation	MELSEC iQ-F Series FX5UJ-24MR/ES-A	1.043 and prior	-
Mitsubishi Electric Corporation	MELSEC iQ-F Series FX5UJ-40MR/ES-A	1.043 and prior	-
Mitsubishi Electric Corporation	MELSEC iQ-F Series FX5UJ-60MR/ES-A	1.043 and prior	-
Mitsubishi Electric Corporation	MELSEC iQ-F Series FX5S-30MT/ES	1.003 and prior	-
Mitsubishi Electric Corporation	MELSEC iQ-F Series FX5S-40MT/ES	1.003 and prior	-
Mitsubishi Electric Corporation	MELSEC iQ-F Series FX5S-60MT/ES	1.003 and prior	-
Mitsubishi Electric Corporation	MELSEC iQ-F Series FX5S-80MT/ES	1.003 and prior	-
Mitsubishi Electric Corporation	MELSEC iQ-F Series FX5S-30MR/ES	1.003 and prior	-
Mitsubishi Electric Corporation	MELSEC iQ-F Series FX5S-40MR/ES	1.003 and prior	-
Mitsubishi Electric Corporation	MELSEC iQ-F Series FX5S-60MR/ES	1.003 and prior	-
Mitsubishi Electric Corporation	MELSEC iQ-F Series FX5S-80MR/ES	1.003 and prior	-
Mitsubishi Electric Corporation	MELSEC iQ-F Series FX5S-30MT/ESS	1.003 and prior	-
Mitsubishi Electric Corporation	MELSEC iQ-F Series FX5S-40MT/ESS	1.003 and prior	-
Mitsubishi Electric Corporation	MELSEC iQ-F Series FX5S-60MT/ESS	1.003 and prior	-
Mitsubishi Electric Corporation	MELSEC iQ-F Series FX5S-80MT/ESS	1.003 and prior	-

II. Public POCs for CVE-2022-40267

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2022-40267

请登录查看更多情报信息。

IV. Related Vulnerabilities

Same product: MELSEC iQ-F Series FX5U-32MT/ES

Same vendor: Mitsubishi Electric Corporation

Same weakness: CWE-337

V. Comments for CVE-2022-40267

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2022-40267— Authentication Bypass Vulnerability in Web Server Function on MELSEC Series

I. Basic Information for CVE-2022-40267

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2022-40267

III. Intelligence Information for CVE-2022-40267

IV. Related Vulnerabilities

V. Comments for CVE-2022-40267

Leave a comment