Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Required
Privileges Required
None
Attack Vector
Network
0

CVE-2022-33322

Disclosure Date: November 08, 2022
CVE-2022-33322 CVSS v3 Base Score: 6.1
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Cross-site scripting vulnerability in Mitsubishi Electric consumer electronics products (Air Conditioning, Wi-Fi Interface, Refrigerator, HEMS adapter, Remote control with Wi-Fi Interface, BATHROOM THERMO VENTILATOR, Rice cooker, Mitsubishi Electric HEMS control adapter, Energy Recovery Ventilator, Smart Switch and Air Purifier) allows a remote unauthenticated attacker to execute an malicious script on a user’s browser to disclose information, etc. The wide range of models/versions of Mitsubishi Electric consumer electronics products are affected by this vulnerability. As for the affected product models/versions, see the Mitsubishi Electric’s advisory which is listed in [References] section.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
6.1 Medium
Impact Score:
2.7
Exploitability Score:
2.8
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
Required
Scope (S):
Changed
Confidentiality (C):
Low
Integrity (I):
Low
Availability (A):
None

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
Air Conditioning MSZ-FD40/56/63/71/8022S versions 30.00 to 35.00
Air Conditioning MSZ-HXV25/28/40/56/63/71/8022S versions 30.00 to 35.00
Air Conditioning MSZ-VXV40/56/63/71/8022S versions 30.00 to 35.00
Air Conditioning MSZ-ZD25/28/40/56/63/71/8022(S) versions 30.00 to 35.00
Air Conditioning MSZ-FZ40/56/63/71/80/9021S versions 30.00 to 35.00
Air Conditioning MSZ-ZW22/25/28/36/40/56/63/71/80/9021(S) versions 30.00 to 35.00
Air Conditioning MSZ-FZV40/56/63/71/80/9021S versions 30.00 to 35.00
Air Conditioning MSZ-ZXV22/25/28/36/40/56/63/71/80/9021(S) versions 30.00 to 35.00
Air Conditioning MSZ-EM22/25/28/36/40/56/63/71/80/9021E9(S) versions 30.00 to 35.00
Air Conditioning MSZ-FZ40/56/63/71/80/9020S versions 30.00 to 35.00
Air Conditioning MSZ-ZW22/25/28/36/40/56/63/71/80/9020(S) versions 30.00 to 35.00
Air Conditioning MSZ-FZV40/56/63/71/80/9020S versions 30.00 to 35.00
Air Conditioning MSZ-ZXV22/25/28/36/40/56/63/71/80/9020(S) versions 30.00 to 35.00
Air Conditioning MSZ-EM22/25/28/36/40/56/63/71/80/9020E8(S) versions 30.00 to 35.00
Wi-Fi Interface MAC-900IF versions 30.00 to 35.00
Wi-Fi Interface PAC-SK43ML versions 30.00 to 35.00
Refrigerator MR-MXD50/57G versions 00.68 and prior
Refrigerator MR-WXD52/60/70G versions 00.68 and prior
Refrigerator MR-WZ55/61H versions 00.68 and prior
Refrigerator MR-MZ54/60H versions 00.68 and prior
HEMS adapter GT-HEM4 versions 00.83 and prior
Wi-Fi Interface GT-RA1 versions 00.83 and prior
Wi-Fi Interface GT-RA2 versions 00.83 and prior
Wi-Fi Interface GT-HR1 versions 00.83 and prior
Remote control with Wi-Fi Interface RMCB-H6SE-T versions 00.83 and prior
Remote control with Wi-Fi Interface RMCB-F6SE-T versions 00.83 and prior
Remote control with Wi-Fi Interface RMCB-D6SE-T versions 00.83 and prior
BATHROOM THERMO VENTILATOR V-241BZ-RC versions 00.65 and prior
BATHROOM THERMO VENTILATOR V-241BZ5-RC versions 00.65 and prior
BATHROOM THERMO VENTILATOR WD-240DK-RC versions 00.65 and prior
BATHROOM THERMO VENTILATOR WD-240DK2-RC versions 00.65 and prior
Rice cooker NJ-AWBX10 versions 00.75 and prior
Mitsubishi Electric HEMS control adapter P-HM04WA versions 00.67 and prior
Wi-Fi Interface P-WA01 versions 00.67 and prior
Energy Recovery Ventilator VL-200ZMHSV3-RC versions 00.71 and prior
Smart Switch P-1600SWRC versions 00.90 and prior
Smart Switch P-04SWRC versions 00.90 and prior
Smart Switch P-10SWRC versions 00.90 and prior
Wi-Fi Interface MAC-587IF-E Versions 35.00 and prior
Wi-Fi Interface MAC-587IF2-E Versions 35.00 and prior
Wi-Fi Interface MAC-507IF-E Versions 35.00 and prior
Wi-Fi Interface MAC-588IF-E Versions 35.00 and prior
Wi-Fi Interface S-MAC-002IF Versions 35.00 and prior
Air Conditioning MSXY-FP05/07/10/13/18/20/24VGK-SG1 Versions 35.00 and prior
Air Conditioning MSY-GP10/13/15/18/20/24VFK-SG1 Versions 35.00 and prior
Air Conditioning MSZ-AP25/35/42/50VGK-E1 Versions 35.00 and prior
Air Conditioning MSZ-AP15/20/25/35/42/50/60/71VGK-E2 Versions 35.00 and prior
Air Conditioning MSZ-AP25/35/42/50/60/71VGK-E3 Versions 35.00 and prior
Air Conditioning MSZ-AP25/35/42/50VGK-E7 Versions 35.00 and prior
Air Conditioning MSZ-AP25/35/42/50VGK-E8 Versions 35.00 and prior
Air Conditioning MSZ-AP25/35/42/50VGK-EN1 Versions 35.00 and prior
Air Conditioning MSZ-AP25/35/42/50VGK-EN2 Versions 35.00 and prior
Air Conditioning MSZ-AP25/35/42/50VGK-EN3 Versions 35.00 and prior
Air Conditioning MSZ-AP25/35/42/50VGK-ER1 Versions 35.00 and prior
Air Conditioning MSZ-AP15/20/25/35/42/50/60/71VGK-ER2 Versions 35.00 and prior
Air Conditioning MSZ-AP25/35/42/50/60/71VGK-ER3 Versions 35.00 and prior
Air Conditioning MSZ-AP25/35/42/50VGK-ET1 Versions 35.00 and prior
Air Conditioning MSZ-AP15/20/25/35/42/50/60/71VGK-ET2 Versions 35.00 and prior
Air Conditioning MSZ-AP25/35/42/50/60/71VGK-ET3 Versions 35.00 and prior
Air Conditioning MSZ-AY25/35/42/50VGK-E1 Versions 35.00 and prior
Air Conditioning MSZ-AY25/35/42/50VGK-E6 Versions 35.00 and prior
Air Conditioning MSZ-AY25/35/42/50VGK-ER1 Versions 35.00 and prior
Air Conditioning MSZ-AY25/35/42/50VGK-ET1 Versions 35.00 and prior
Air Conditioning MSZ-AY25/35/42/50VGK-SC1 Versions 35.00 and prior
Air Conditioning MSZ-AY25/35/42/50VGKP-E6 Versions 35.00 and prior
Air Conditioning MSZ-AY25/35/42/50VGKP-ER1 Versions 35.00 and prior
Air Conditioning MSZ-AY25/35/42/50VGKP-ET1 Versions 35.00 and prior
Air Conditioning MSZ-AY25/35/42/50VGKP-SC1 Versions 35.00 and prior
Air Conditioning MSZ-BT20/25/35/50VGK-E1 Versions 35.00 and prior
Air Conditioning MSZ-BT20/25/35/50VGK-E2 Versions 35.00 and prior
Air Conditioning MSZ-BT20/25/35/50VGK-E3 Versions 35.00 and prior
Air Conditioning MSZ-BT20/25/35/50VGK-ER1 Versions 35.00 and prior
Air Conditioning MSZ-BT20/25/35/50VGK-ER2 Versions 35.00 and prior
Air Conditioning MSZ-BT20/25/35/50VGK-ET1 Versions 35.00 and prior
Air Conditioning MSZ-BT20/25/35/50VGK-ET2 Versions 35.00 and prior
Air Conditioning MSZ-BT20/25/35/50VGK-ET3 Versions 35.00 and prior
Air Conditioning MSZ-EF18/22/25/35/42/50VGKW-E1 Versions 35.00 and prior
Air Conditioning MSZ-EF18/22/25/35/42/50VGKB-E1 Versions 35.00 and prior
Air Conditioning MSZ-EF18/22/25/35/42/50VGKS-E1 Versions 35.00 and prior
Air Conditioning MSZ-EF18/22/25/35/42/50VGKW-E2 Versions 35.00 and prior
Air Conditioning MSZ-EF18/22/25/35/42/50VGKB-E2 Versions 35.00 and prior
Air Conditioning MSZ-EF18/22/25/35/42/50VGKS-E2 Versions 35.00 and prior
Air Conditioning MSZ-EF22/25/35/42/50VGKW-ER1 Versions 35.00 and prior
Air Conditioning MSZ-EF22/25/35/42/50VGKB-ER1 Versions 35.00 and prior
Air Conditioning MSZ-EF22/25/35/42/50VGKS-ER1 Versions 35.00 and prior
Air Conditioning MSZ-EF22/25/35/42/50VGKW-ER2 Versions 35.00 and prior
Air Conditioning MSZ-EF22/25/35/42/50VGKB-ER2 Versions 35.00 and prior
Air Conditioning MSZ-EF22/25/35/42/50VGKS-ER2 Versions 35.00 and prior
Air Conditioning MSZ-EF22/25/35/42/50VGKW-ET1 Versions 35.00 and prior
Air Conditioning MSZ-EF22/25/35/42/50VGKB-ET1 Versions 35.00 and prior
Air Conditioning MSZ-EF22/25/35/42/50VGKS-ET1 Versions 35.00 and prior
Air Conditioning MSZ-EF22/25/35/42/50VGKW-ET2 Versions 35.00 and prior
Air Conditioning MSZ-EF22/25/35/42/50VGKB-ET2 Versions 35.00 and prior
Air Conditioning MSZ-EF22/25/35/42/50VGKS-ET2 Versions 35.00 and prior
Air Conditioning MSZ-FT25/35/50VGK-E1 Versions 35.00 and prior
Air Conditioning MSZ-FT25/35/50VGK-E2 Versions 35.00 and prior
Air Conditioning MSZ-FT25/35/50VGK-ET1 Versions 35.00 and prior
Air Conditioning MSZ-FT25/35/50VGK-SC1 Versions 35.00 and prior
Air Conditioning MSZ-FT25/35/50VGK-SC2 Versions 35.00 and prior
Air Conditioning MSZ-HR25/35/42/50/60/71VFK-E1 Versions 35.00 and prior
Air Conditioning MSZ-HR25/35/42/50VFK-E6 Versions 35.00 and prior
Air Conditioning MSZ-HR25/35/42/50/60/71VFK-ER1 Versions 35.00 and prior
Air Conditioning MSZ-HR25/35/42/50/60/71VFK-ET1 Versions 35.00 and prior
Air Conditioning MSZ-LN18/25/35/50/60VG2W-E2 Versions 35.00 and prior
Air Conditioning MSZ-LN18/25/35/50/60VG2W-E3 Versions 35.00 and prior
Air Conditioning MSZ-LN25/35/50VG2W-EN2 Versions 35.00 and prior
Air Conditioning MSZ-LN18/25/35/50/60VG2W-ER2 Versions 35.00 and prior
Air Conditioning MSZ-LN25/35/50/60VG2W-ER3 Versions 35.00 and prior
Air Conditioning MSZ-LN18/25/35/50/60VG2W-ET2 Versions 35.00 and prior
Air Conditioning MSZ-LN25/35/50/60VG2W-ET3 Versions 35.00 and prior
Air Conditioning MSZ-LN18/25/35/50/60VG2V-E2 Versions 35.00 and prior
Air Conditioning MSZ-LN18/25/35/50/60VG2V-E3 Versions 35.00 and prior
Air Conditioning MSZ-LN25/35/50VG2V-EN2 Versions 35.00 and prior
Air Conditioning MSZ-LN25/35/50/60VG2V-ER2 Versions 35.00 and prior
Air Conditioning MSZ-LN25/35/50/60VG2V-ER3 Versions 35.00 and prior
Air Conditioning MSZ-LN25/35/50/60VG2V-ET2 Versions 35.00 and prior
Air Conditioning MSZ-LN25/35/50/60VG2V-ET3 Versions 35.00 and prior
Air Conditioning MSZ-LN18/25/35/50/60VG2B-E2 Versions 35.00 and prior
Air Conditioning MSZ-LN18/25/35/50/60VG2B-E3 Versions 35.00 and prior
Air Conditioning MSZ-LN25/35/50VG2B-EN2 Versions 35.00 and prior
Air Conditioning MSZ-LN25/35/50/60VG2B-ER2 Versions 35.00 and prior
Air Conditioning MSZ-LN25/35/50/60VG2B-ER3 Versions 35.00 and prior
Air Conditioning MSZ-LN25/35/50/60VG2B-ET2 Versions 35.00 and prior
Air Conditioning MSZ-LN25/35/50/60VG2B-ET3 Versions 35.00 and prior
Air Conditioning MSZ-LN18/25/35/50/60VG2R-E2 Versions 35.00 and prior
Air Conditioning MSZ-LN18/25/35/50/60VG2R-E3 Versions 35.00 and prior
Air Conditioning MSZ-LN25/35/50VG2R-EN2 Versions 35.00 and prior
Air Conditioning MSZ-LN25/35/50/60VG2R-ER2 Versions 35.00 and prior
Air Conditioning MSZ-LN25/35/50/60VG2R-ER3 Versions 35.00 and prior
Air Conditioning MSZ-LN25/35/50/60VG2R-ET2 Versions 35.00 and prior
Air Conditioning MSZ-LN25/35/50/60VG2R-ET3 Versions 35.00 and prior
Air Conditioning MSZ-LN18/25/35/50VG2W-SC1 Versions 35.00 and prior
Air Conditioning MSZ-LN25/35/50VG2V-SC1 Versions 35.00 and prior
Air Conditioning MSZ-LN25/35/50VG2B-SC1 Versions 35.00 and prior
Air Conditioning MSZ-LN25/35/50VG2R-SC1 Versions 35.00 and prior
Air Conditioning MSZ-RW25/35/50VG-E1 Versions 35.00 and prior
Air Conditioning MSZ-RW25/35/50VG-ER1 Versions 35.00 and prior
Air Conditioning MSZ-RW25/35/50VG-ET1 Versions 35.00 and prior
Air Conditioning MSZ-RW25/35/50VG-SC1 Versions 35.00 and prior
Air Conditioning MSZ-AP22/25/35/42/50/61/70/80VGKD-A1 Versions 35.00 and prior
Air Conditioning MSZ-AP22/25/35/42/50/60/71/80VGKD-A2 Versions 35.00 and prior
Air Conditioning MSZ-EF22/25/35/42/50VGKW-A1 Versions 35.00 and prior
Air Conditioning MSZ-EF22/25/35/42/50VGKB-A1 Versions 35.00 and prior
Air Conditioning MSZ-EF22/25/35/42/50VGKS-A1 Versions 35.00 and prior
Air Conditioning MSZ-LN25/35/50/60VG2V-A2 Versions 35.00 and prior
Air Conditioning MSZ-LN25/35/50/60VG2B-A2 Versions 35.00 and prior
Air Conditioning MSZ-LN25/35/50/60VG2R-A2 Versions 35.00 and prior
Air Conditioning MFZ-GXT50/60/73VFK Versions 35.00 and prior
Air Conditioning MFZ-XT50/60VFK Versions 35.00 and prior
Air Conditioning MSZ-EZA09/12VAK Versions 35.00 and prior
Air Conditioning MSZ-EXA09/12VAK Versions 35.00 and prior
Air Conditioning MSZ-GZY09/12/18VFK Versions 35.00 and prior
Air Conditioning MSZ-KY09/12/18VFK Versions 35.00 and prior
Air Conditioning MSZ-WX18/20/25VFK Versions 35.00 and prior
Air Conditioning MSZ-ZY09/12/18VFK Versions 35.00 and prior
Air Purifier MA-EW85S-E Versions 80.00 and prior
Air Purifier MA-EW85S-UK Versions 80.00 and prior
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

Products

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis