CVE-2022-33322
Severity CVSS v4.0:
Pending analysis
Type:
CWE-79
Cross-Site Scripting (XSS)
Publication date:
08/11/2022
Last modified:
01/05/2025
Description
Cross-site scripting vulnerability in Mitsubishi Electric consumer electronics products (Air Conditioning, Wi-Fi Interface, Refrigerator, HEMS adapter, Remote control with Wi-Fi Interface, BATHROOM THERMO VENTILATOR, Rice cooker, Mitsubishi Electric HEMS control adapter, Energy Recovery Ventilator, Smart Switch and Air Purifier) allows a remote unauthenticated attacker to execute an malicious script on a user&#39;s browser to disclose information, etc. The wide range of models/versions of Mitsubishi Electric consumer electronics products are affected by this vulnerability. As for the affected product models/versions, see the Mitsubishi Electric&#39;s advisory which is listed in [References] section.<br />
<br />
Impact
Base Score 3.x
6.10
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:mitsubishielectric:mac-587if-e_firmware:*:*:*:*:*:*:*:* | 35.00 (including) | |
| cpe:2.3:h:mitsubishielectric:mac-587if-e:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:mitsubishielectric:mac-587if2-e_firmware:*:*:*:*:*:*:*:* | 35.00 (including) | |
| cpe:2.3:h:mitsubishielectric:mac-587if2-e:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:mitsubishielectric:mac-507if-e_firmware:*:*:*:*:*:*:*:* | 35.00 (including) | |
| cpe:2.3:h:mitsubishielectric:mac-507if-e:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:mitsubishielectric:mac-588if-e_firmware:*:*:*:*:*:*:*:* | 35.00 (including) | |
| cpe:2.3:h:mitsubishielectric:mac-588if-e:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:mitsubishielectric:s-mac-002if_firmware:*:*:*:*:*:*:*:* | 35.00 (including) | |
| cpe:2.3:h:mitsubishielectric:s-mac-002if:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:mitsubishielectric:ma-ew85s-e_firmware:*:*:*:*:*:*:*:* | 80.00 (including) | |
| cpe:2.3:h:mitsubishielectric:ma-ew85s-e:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:mitsubishielectric:ma-ew85s-uk_firmware:*:*:*:*:*:*:*:* | 80.00 (including) | |
| cpe:2.3:h:mitsubishielectric:ma-ew85s-uk:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:mitsubishielectric:mfz-gxt50\/60\/73vfk_firmware:*:*:*:*:*:*:*:* | 35.00 (including) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://jvn.jp/vu/JVNVU96767562/index.html
- https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2022-011.pdf
- https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-011_en.pdf
- https://jvn.jp/vu/JVNVU96767562/index.html
- https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2022-011.pdf
- https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-011_en.pdf