ID
VAR-200803-0512
TITLE
Mitsubishi Electric GB-50A remote bypass authentication vulnerability
Trust: 0.6
sources:
CNVD: CNVD-2008-1548
DESCRIPTION
GB-50A is a browser-based management control system for Mitsubishi central air-conditioning systems. GB-50A has a vulnerability in implementing the authentication mechanism, and remote attackers may use this vulnerability to unauthorizedly operate the air conditioner. The GB-50A Web controller uses a set of Java applets for its own interaction, and the communication between these applets uses a series of unauthenticated or encrypted xml messages. Can perform various unauthorized operations, including turning on or off the air conditioner or setting the temperature at will.
Trust: 0.6
sources:
CNVD: CNVD-2008-1548
IOT TAXONOMY
| category: | ['ICS'] | sub_category: | - | Trust: 0.6 |
sources:
CNVD: CNVD-2008-1548
AFFECTED PRODUCTS
| vendor: | none | model: | - | scope: | - | version: | - | Trust: 0.6 |
sources:
CNVD: CNVD-2008-1548
EXTERNAL IDS
| db: | CNVD | id: | CNVD-2008-1548 | Trust: 0.6 |
sources:
CNVD: CNVD-2008-1548
SOURCES
| db: | CNVD | id: | CNVD-2008-1548 |
LAST UPDATE DATE
2022-05-04T09:31:12.059000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2008-1548 | date: | 2008-03-24T00:00:00 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2008-1548 | date: | 2008-03-22T00:00:00 |