Vulnerability Lookup

🛡️ CVE-2022-25156

🟠 CVSS 8.1 — High ✅ No Known Exploit CWE-326 NVD

8.1

CVSS Score

0 Low4 Medium7 High9 Critical10

Description

Use of Weak Hash vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions, Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU all versions, Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4) all versions, Mitsubishi Electric MELSEC iQ-R series RJ71EN71 all versions, Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2 all versions, Mitsubishi Electric MELSEC Q series Q03UDECPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/10/13/20/26/50/100UDEHCPU all versions, Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU all versions, Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4) all versions, Mitsubishi Electric MELSEC Q series QJ71E71-100 all versions, Mitsubishi Electric MELSEC Q series QJ72BR15 all versions, Mitsubishi Electric MELSEC Q series QJ72LP25(-25/G/GE) all versions, Mitsubishi Electric MELSEC L series L02/06/26CPU(-P) all versions, Mitsubishi Electric MELSEC L series L26CPU-(P)BT all versions, Mitsubishi Electric MELSEC L series LJ71C24(-R2) all versions, Mitsubishi Electric MELSEC L series LJ71E71-100 all versions and Mitsubishi Electric MELSEC L series LJ72GF15-T2 all versions allows a remote unauthenticated attacker to login to the product by using a password reversed from a previously eavesdropped password hash.

Details

Severity HIGH

CVSS Score 8.1

CVSS Vector CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE CWE-326

Public Exploit ✅ No

Source NVD

Published 2022-04-01

Updated 2026-06-08

Modified 2024-11-21

Fix URL N/A

Affected Packages

Software	From version	Fixed in
fx5uc-32mr\/ds-ts-firmware	—	—
fx5uc-32mt\/d-firmware	—	—
fx5uc-32mt\/ds-ts-firmware	—	—
fx5uc-32mt\/dss-firmware	—	—
fx5uc-32mt\/dss-ts-firmware	—	—
fx5uc-firmware	—	—
fx5uj-24mr\/es-firmware	—	—
fx5uj-24mt\/es-firmware	—	—
fx5uj-24mt\/ess-firmware	—	—
fx5uj-40mr\/es-firmware	—	—
fx5uj-40mt\/es-firmware	—	—
fx5uj-40mt\/ess-firmware	—	—
fx5uj-60mr\/es-firmware	—	—
fx5uj-60mt\/es-firmware	—	—
fx5uj-60mt\/ess-firmware	—	—
fx5uj-firmware	—	—

References

Third Party Advisory https://jvn.jp/vu/JVNVU96577897/index.html

Third Party Advisory, US Government Resource https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-04

Vendor Advisory https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-031_en.pdf

Third Party Advisory https://jvn.jp/vu/JVNVU96577897/index.html

Third Party Advisory, US Government Resource https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-04

Vendor Advisory https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-031_en.pdf

🔗 NVD 🔗 Mitre

Patch Gap Protection

Running software with known vulnerabilities?

BotEraser can help reduce exposure by blocking IPs associated with exploit activity — even before a patch is available.

Start Free →

No credit card required · Results in minutes

ⓘ Data Notice: The information presented above has been compiled from publicly available internet sources. Boteraser aggregates this data solely for informational purposes and does not independently classify, evaluate, or endorse any findings about the vulnerabilities listed. The accuracy and completeness of this information is the sole responsibility of the original publishers. Boteraser and its operators accept no liability for any decisions made based on this data.

Running software with known vulnerabilities?

Company

Resources

Services

Trusted

Subscribe