Vulnerabilities
Misconfiguration
Runtime Security
Compliance
CVE Vulnerabilities

CVE-2022-23128

Published: Jan 21, 2022 | Modified: Jan 27, 2022
CVSS 3.x
9.8
CRITICAL
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2022-23128
CWEhttps://cwe.mitre.org/data/definitions/NVD-Other.html

Incomplete List of Disallowed Inputs vulnerability in Mitsubishi Electric MC Works64 versions 4.00A (10.95.201.23) to 4.04E (10.95.210.01), ICONICS GENESIS64 versions 10.95.3 to 10.97, ICONICS Hyper Historian versions 10.95.3 to 10.97, ICONICS AnalytiX versions 10.95.3 to 10.97 and ICONICS MobileHMI versions 10.95.3 to 10.97 allows a remote unauthenticated attacker to bypass the authentication of MC Works64, GENESIS64, Hyper Historian, AnalytiX and MobileHMI, and gain unauthorized access to the products, by sending specially crafted WebSocket packets to FrameWorX server, one of the functions of the products.

Affected Software

Name Vendor Start Version End Version
Analytix Iconics 10.95.3 (including) 10.97 (including)
Genesis64 Iconics 10.95.3 (including) 10.97 (including)
Hyper_historian Iconics 10.95.3 (including) 10.97 (including)
Mobilehmi Iconics 10.95.3 (including) 10.97 (including)
Mc_works64 Mitsubishielectric 10.95.201.23 (including) 10.95.210.01 (including)

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use