CVE-2022-40267

Name of the Vulnerable Software and Affected Versions Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-xMy/z versions 1.280 and prior Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-xMy/z versions 1.074 and prior Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-xMy/z versions 1.280 and prior Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-xMy/z versions 1.074 and prior Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-32MT/DS-TS versions 1.280 and prior Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-32MT/DSS-TS versions 1.280 and prior Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-xMy/z versions 1.042 and prior Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-xMy/ES-A versions 1.043 and prior Mitsubishi Electric Corporation MELSEC iQ-F Series FX5S-xMy/z versions 1.003 and prior Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-32MR/DS-TS versions 1.280 and prior Mitsubishi Electric Corporation MELSEC iQ-R Series R00/01/02CPU versions 33 and prior Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120(EN)CPU versions 66 and prior

Description The issue is related to a Predictable Seed in Pseudo-Random Number Generator (PRNG) vulnerability, which allows a remote unauthenticated attacker to access the Web server function by guessing the random numbers used for authentication from several used random numbers.

Recommendations For Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-xMy/z versions 1.280 and prior, update to a version later than 1.280. For Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-xMy/z versions 1.074 and prior, update to a version later than 1.074. For Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-xMy/z versions 1.280 and prior, update to a version later than 1.280. For Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-xMy/z versions 1.074 and prior, update to a version later than 1.074. For Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-32MT/DS-TS versions 1.280 and prior, update to a version later than 1.280. For Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-32MT/DSS-TS versions 1.280 and prior, update to a version later than 1.280. For Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-xMy/z versions 1.042 and prior, update to a version later than 1.042. For Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-xMy/ES-A versions 1.043 and prior, update to a version later than 1.043. For Mitsubishi Electric Corporation MELSEC iQ-F Series FX5S-xMy/z versions 1.003 and prior, update to a version later than 1.003. For Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-32MR/DS-TS versions 1.280 and prior, update to a version later than 1.280. For Mitsubishi Electric Corporation MELSEC iQ-R Series R00/01/02CPU versions 33 and prior, update to a version later than 33. For Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120(EN)CPU versions 66 and prior, update to a version later than 66.