Cyber Resilience

CVE-2022-40268

Medium

Published: 02 February 2023

Published
02 February 2023
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 6.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N
EPSS Score 0.0058 69.5th percentile
Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-40268 is a medium-severity Improper Restriction of Rendered UI Layers or Frames (CWE-1021) vulnerability in Mitsubishielectric Gt Softgot2000. Its CVSS base score is 6.1 (Medium).

Operationally, ranked in the top 30.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

Improper Restriction of Rendered UI Layers or Frames vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT27 model versions 01.14.000 to 01.47.000, Mitsubishi Electric Corporation GOT2000 Series GT25 model versions 01.14.000 to 01.47.000 and Mitsubishi Electric Corporation GT SoftGOT2000 versions 1.265B…

more

to 1.285X allows a remote unauthenticated attacker to lead legitimate users to perform unintended operations through clickjacking.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

mitsubishielectric
gt softgot2000
1.265b — 1.290c
mitsubishielectric
gt27 firmware
01.14.000 — 01.48.000
mitsubishielectric
gt25 firmware
01.14.000 — 01.48.000

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References