CVE-2022-40267
Published: 20 January 2023
Summary
CVE-2022-40267 is a medium-severity PRNG (CWE-337) vulnerability in Mitsubishielectric Fx5U-80Mt\/Ess Firmware. Its CVSS base score is 5.9 (Medium).
Operationally, ranked in the top 15.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
CVE-2022-40267 is a predictable-seed weakness in the pseudo-random number generator used for Web server authentication on multiple Mitsubishi Electric MELSEC iQ-F and iQ-R series programmable logic controllers. The flaw affects numerous FX5U, FX5UC, FX5UJ, FX5S, and R-series CPU models across specified serial-number ranges and firmware versions up to 1.280, 1.074, 1.043, 1.042, 1.003, 66, and 33.
A remote unauthenticated attacker who observes several authentication attempts can predict subsequent random values, bypass authentication, and obtain unauthorized access to the Web server function, resulting in integrity impact without requiring user interaction or credentials.
Vendor advisories and CISA ICSA-23-017-02 recommend applying the fixed firmware versions published by Mitsubishi Electric, disabling the Web server when it is not required, and restricting network access to the affected devices through segmentation or firewall rules.
EPSS for the CVE rose from a low baseline to a peak of 0.0618 before receding to the current value of 0.0218, indicating a measurable increase in observed exploitation interest after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-43565
Vulnerability details
Predictable Seed in Pseudo-Random Number Generator (PRNG) vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-xMy/z (x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) with serial number 17X**** or later, and versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-xMy/z (x=32,64,80, y=T,R, z=ES,DS,ESS,DSS)…
more
with serial number 179**** and prior, and versions 1.074 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-xMy/z (x=32,64,96, y=T, z=D,DSS)) with serial number 17X**** or later, and versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-xMy/z (x=32,64,96, y=T, z=D,DSS)) with serial number 179**** and prior, and versions 1.074 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-32MT/DS-TS versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-32MT/DSS-TS versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-xMy/z (x=24,40,60, y=T,R, z=ES,ESS) versions 1.042 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-xMy/ES-A (x=24,40,60, y=T,R) versions 1.043 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5S-xMy/z (x=30,40,60,80, y=T,R, z=ES,ESS) versions 1.003 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-32MR/DS-TS versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R00/01/02CPU versions 33 and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120(EN)CPU versions 66 and prior allows a remote unauthenticated attacker to access the Web server function by guessing the random numbers used for authentication from several used random numbers.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.