Authentication Bypass Vulnerability in Robot Controller of MELFA SD/SQ series and F-series
CVE-2022-33323

7.5HIGH

Key Information:

Vendor
Mitsubishi Electric Corporation
Status
Melfa Sd/sq Series Controller Cr1da-771 Of Rv-2sd
Melfa Sd/sq Series Controller Cr1da-771 Of Rv-2sdb
Melfa Sd/sq Series Controller Cr1da-721 Of Rv-3sd
Melfa Sd/sq Series Controller Cr1da-721 Of Rv-3sd-sm
Vendor
CVE Published:
2 February 2023

Summary

The Active Debug Code vulnerability in the robot controller of Mitsubishi Electric's MELFA SD/SQ and F-Series industrial robots enables remote unauthenticated attackers to exploit an authentication bypass. This flaw allows unauthorized access via an insecure telnet login. Affected users should review Mitsubishi Electric's advisory for specific model names, controller types, and firmware versions to assess their exposure risk.

Affected Version(s)

MELFA F Series Controller CR750-02VD-1 of RV-2F-D S7x and prior

MELFA F Series Controller CR750-02VD-1 of RV-2FB-D S7x and prior

MELFA F Series Controller CR750-02VD-1 of RV-2FL-D S7x and prior

References

https://www.mitsubishielectric.com/en/psirt/vulnerability...
https://jvn.jp/vu/JVNVU94588481/index.html
https://www.cisa.gov/uscert/ics/advisories/icsa-23-026-05

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.