Nozomi Networks Labs

Vulnerability Advisories

Mitsubishi Electric GX Works3 Insufficiently Protected Credentials – CVE-2022-29833

Insufficiently Protected Credentials vulnerability in Mitsubishi Electric Corporation GX Works3 versions 1.015R and later allows a remote unauthorized attacker to disclose sensitive information. As a result, unauthorized users could access to MELSEC safety CPU modules illegally.

Mitsubishi Electric GX Works3 Cleartext Storage of Sensitive Information in Memory – CVE-2022-29832

Cleartext Storage of Sensitive Information in Memory vulnerability in Mitsubishi Electric Corporation GX Works3 versions 1.015R and later allows a remote unauthorized attacker to disclose sensitive information. As a result, unauthorized users could obtain information about the project file for MELSEC safety CPU modules.

Mitsubishi Electric GX Works3 Use of Hard-coded Password – CVE-2022-29831

Use of Hard-coded Password vulnerability in Mitsubishi Electric Corporation GX Works3 versions 1.015R and later allows a remote unauthorized attacker to obtain information about the project file for MELSEC safety CPU modules.

Lanner IAC-AST2500A Session Fixation and Insufficient Session Expiration – CVE-2021-46279

Session fixation and insufficient session expiration vulnerabilities allow an attacker to perfom session hijacking attacks against users. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.

Lanner IAC-AST2500A Username Enumeration – CVE-2021-45925

Observable discrepancies in the login process allow an attacker to guess legitimate user names registered in the BMC. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.

Lanner IAC-AST2500A TLS Certificate Generation Function Improper Input Validation – CVE-2021-44769

An improper input validation vulnerability in the TLS certificate generation function allows an attacker to cause a Denial-of-Service (DoS) condition which can only be reverted via a factory reset. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.

Lanner IAC-AST2500A spx_restservice KillDupUsr_func Broken Access Control – CVE-2021-44467

A broken access control vulnerability in the KillDupUsr_func function of spx_restservice allows an attacker to arbitrarily terminate active sessions of other users, causing a Denial-of-Service (DoS) condition. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.

Lanner IAC-AST2500A spx_restservice SubNet_handler_func Broken Access Control – CVE-2021-44776

A broken access control vulnerability in the SubNet_handler_func function of spx_restservice allows an attacker to arbitrarily change the security access rights to KVM and Virtual Media functionalities. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.

Lanner IAC-AST2500A spx_restservice FirstReset_handler_func Broken Access Control – CVE-2021-26733

A broken access control vulnerability in the FirstReset_handler_func function of spx_restservice allows an attacker to arbitrarily send reboot commands to the BMC, causing a Denial-of-Service (DoS) condition. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.

Threat Intelligence

Curated and maintained by Nozomi Networks Labs, the Threat Intelligence™ service provides threat and vulnerability updates to Guardian, making it easy for IT/OT professionals to stay on top of current OT and IoT risks.

Threat actors love finding new ways to attack critical infrastructure. We love finding new ways to detect their malware before damage occurs.

Andrea Carcano & Moreno Carullo
Co-founders, Nozomi Networks