CVE-2021-20593

Name of the Vulnerable Software and Affected Versions: Mitsubishi Electric Air Conditioning System/Centralized Controllers versions 2.50 through 3.35 Mitsubishi Electric Air Conditioning System/Centralized Controllers versions 3.20 and prior Mitsubishi Electric Air Conditioning System/Centralized Controllers versions 7.09 and prior Mitsubishi Electric Air Conditioning System/Centralized Controllers versions 7.93 and prior Mitsubishi Electric Air Conditioning System/Expansion Controllers versions 2.20 and prior CMS-RMD-J versions 1.30 and prior

Description: The issue is related to an incorrect implementation of the authentication algorithm, allowing a remote authenticated attacker to impersonate administrators. This can lead to the disclosure of configuration information of the air conditioning system and tampering with information, such as operation information and configuration of the air conditioning system.

Recommendations: For Mitsubishi Electric Air Conditioning System/Centralized Controllers versions 2.50 through 3.35, update to a version outside of this range to resolve the issue. For Mitsubishi Electric Air Conditioning System/Centralized Controllers versions 3.20 and prior, update to a version later than 3.20 to resolve the issue. For Mitsubishi Electric Air Conditioning System/Centralized Controllers versions 7.09 and prior, update to a version later than 7.09 to resolve the issue. For Mitsubishi Electric Air Conditioning System/Centralized Controllers versions 7.93 and prior, update to a version later than 7.93 to resolve the issue. For Mitsubishi Electric Air Conditioning System/Expansion Controllers versions 2.20 and prior, update to a version later than 2.20 to resolve the issue. For CMS-RMD-J versions 1.30 and prior, update to a version later than 1.30 to resolve the issue.