CVE-2022-24296 Information

Description

Use of a Broken or Risky Cryptographic Algorithm vulnerability in Air Conditioning System G-150AD Ver. 3.21 and prior Air Conditioning System AG-150A-A Ver. 3.21 and prior Air Conditioning System AG-150A-J Ver. 3.21 and prior Air Conditioning System GB-50AD Ver. 3.21 and prior Air Conditioning System GB-50ADA-A Ver. 3.21 and prior Air Conditioning System GB-50ADA-J Ver. 3.21 and prior Air Conditioning System EB-50GU-A Ver. 7.10 and prior Air Conditioning System EB-50GU-J Ver. 7.10 and prior Air Conditioning System AE-200J Ver. 7.97 and prior Air Conditioning System AE-200A Ver. 7.97 and prior Air Conditioning System AE-200E Ver. 7.97 and prior Air Conditioning System AE-50J Ver. 7.97 and prior Air Conditioning System AE-50A Ver. 7.97 and prior Air Conditioning System AE-50E Ver. 7.97 and prior Air Conditioning System EW-50J Ver. 7.97 and prior Air Conditioning System EW-50A Ver. 7.97 and prior Air Conditioning System EW-50E Ver. 7.97 and prior Air Conditioning System TE-200A Ver. 7.97 and prior Air Conditioning System TE-50A Ver. 7.97 and prior and Air Conditioning System TW-50A Ver. 7.97 and prior allows a remote unauthenticated attacker to cause a disclosure of encrypted message of the air conditioning systems by sniffing encrypted communications.

Reference

https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-005_en.pdf https://jvn.jp/vu/JVNVU95298925/index.html https://www.mee.co.jp/psirt/vulnerability/pdf/2022-001.pdf