Cyber Resilience

CVE-2022-40267

Medium

Published: 20 January 2023

Published
20 January 2023
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS Score 0.0218 84.7th percentile
Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-40267 is a medium-severity PRNG (CWE-337) vulnerability in Mitsubishielectric Fx5U-80Mt\/Ess Firmware. Its CVSS base score is 5.9 (Medium).

Operationally, ranked in the top 15.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Deeper analysis

CVE-2022-40267 is a predictable-seed weakness in the pseudo-random number generator used for Web server authentication on multiple Mitsubishi Electric MELSEC iQ-F and iQ-R series programmable logic controllers. The flaw affects numerous FX5U, FX5UC, FX5UJ, FX5S, and R-series CPU models across specified serial-number ranges and firmware versions up to 1.280, 1.074, 1.043, 1.042, 1.003, 66, and 33.

A remote unauthenticated attacker who observes several authentication attempts can predict subsequent random values, bypass authentication, and obtain unauthorized access to the Web server function, resulting in integrity impact without requiring user interaction or credentials.

Vendor advisories and CISA ICSA-23-017-02 recommend applying the fixed firmware versions published by Mitsubishi Electric, disabling the Web server when it is not required, and restricting network access to the affected devices through segmentation or firewall rules.

EPSS for the CVE rose from a low baseline to a peak of 0.0618 before receding to the current value of 0.0218, indicating a measurable increase in observed exploitation interest after disclosure.

EU & UK References

Vulnerability details

Predictable Seed in Pseudo-Random Number Generator (PRNG) vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-xMy/z (x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) with serial number 17X**** or later, and versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-xMy/z (x=32,64,80, y=T,R, z=ES,DS,ESS,DSS)…

more

with serial number 179**** and prior, and versions 1.074 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-xMy/z (x=32,64,96, y=T, z=D,DSS)) with serial number 17X**** or later, and versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-xMy/z (x=32,64,96, y=T, z=D,DSS)) with serial number 179**** and prior, and versions 1.074 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-32MT/DS-TS versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-32MT/DSS-TS versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-xMy/z (x=24,40,60, y=T,R, z=ES,ESS) versions 1.042 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-xMy/ES-A (x=24,40,60, y=T,R) versions 1.043 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5S-xMy/z (x=30,40,60,80, y=T,R, z=ES,ESS) versions 1.003 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-32MR/DS-TS versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R00/01/02CPU versions 33 and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120(EN)CPU versions 66 and prior allows a remote unauthenticated attacker to access the Web server function by guessing the random numbers used for authentication from several used random numbers.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

mitsubishielectric
fx5u-80mt\/ess firmware
all versions
mitsubishielectric
fx5u-32mt\/dss firmware
all versions
mitsubishielectric
fx5u-64mt\/dss firmware
all versions
mitsubishielectric
fx5u-80mt\/dss firmware
all versions
mitsubishielectric
fx5uc-32mt\/d firmware
all versions
mitsubishielectric
fx5uc-64mt\/d firmware
all versions
mitsubishielectric
fx5uc-96mt\/d firmware
all versions
mitsubishielectric
fx5uc-32mt\/dss firmware
all versions
mitsubishielectric
fx5uc-64mt\/dss firmware
all versions
mitsubishielectric
fx5uc-96mt\/dss firmware
all versions
+43 more product configuration(s) — see NVD for full list

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References