Authentication Bypass Vulnerability in Robot Controller of MELFA SD/SQ series and F-series
CVE-2022-33323

7.5HIGH

Key Information:

Vendor

Mitsubishi Electric Corporation

Status
Melfa Sd/sq Series Controller Cr1da-771 Of Rv-2sd
Melfa Sd/sq Series Controller Cr1da-771 Of Rv-2sdb
Melfa Sd/sq Series Controller Cr1da-721 Of Rv-3sd
Melfa Sd/sq Series Controller Cr1da-721 Of Rv-3sd-sm
Vendor
CVE Published:
2 February 2023

What is CVE-2022-33323?

The Active Debug Code vulnerability in the robot controller of Mitsubishi Electric's MELFA SD/SQ and F-Series industrial robots enables remote unauthenticated attackers to exploit an authentication bypass. This flaw allows unauthorized access via an insecure telnet login. Affected users should review Mitsubishi Electric's advisory for specific model names, controller types, and firmware versions to assess their exposure risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

MELFA F Series Controller CR750-02VD-1 of RV-2F-D S7x and prior

MELFA F Series Controller CR750-02VD-1 of RV-2FB-D S7x and prior

MELFA F Series Controller CR750-02VD-1 of RV-2FL-D S7x and prior

References

https://www.mitsubishielectric.com/en/psirt/vulnerability...
https://jvn.jp/vu/JVNVU94588481/index.html
https://www.cisa.gov/uscert/ics/advisories/icsa-23-026-05

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.