Details of VAR-202211-0444

ID

VAR-202211-0444

CVE

CVE-2022-33322

TITLE

Mitsubishi Electric consumer electronics products Cross-site scripting vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202211-2339

DESCRIPTION

Cross-site scripting vulnerability in Mitsubishi Electric consumer electronics products (Air Conditioning, Wi-Fi Interface, Refrigerator, HEMS adapter, Remote control with Wi-Fi Interface, BATHROOM THERMO VENTILATOR, Rice cooker, Mitsubishi Electric HEMS control adapter, Energy Recovery Ventilator, Smart Switch and Air Purifier) allows a remote unauthenticated attacker to execute an malicious script on a user's browser to disclose information, etc. The wide range of models/versions of Mitsubishi Electric consumer electronics products are affected by this vulnerability. As for the affected product models/versions, see the Mitsubishi Electric's advisory which is listed in [References] section.

Trust: 1.0

sources: NVD: CVE-2022-33322

IOT TAXONOMY

category:

['home & office device']

sub_category:

smart home device

Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:	mitsubishielectric	model:	msz-ay25\/35\/42\/50vgkp-et1	scope:	lte	version:	35.00	Trust: 1.0
vendor:	mitsubishielectric	model:	msz-ft25\/35\/50vgk-sc2	scope:	lte	version:	35.00	Trust: 1.0
vendor:	mitsubishielectric	model:	msz-bt20\/25\/35\/50vgk-et2	scope:	lte	version:	35.00	Trust: 1.0
vendor:	mitsubishielectric	model:	msz-ef22\/25\/35\/42\/50vgkb-er1	scope:	lte	version:	35.00	Trust: 1.0
vendor:	mitsubishielectric	model:	msz-ef18\/22\/25\/35\/42\/50vgks-e1	scope:	lte	version:	35.00	Trust: 1.0
vendor:	mitsubishielectric	model:	msz-ap15\/20\/25\/35\/42\/50\/60\/71vgk-e2	scope:	lte	version:	35.00	Trust: 1.0
vendor:	mitsubishielectric	model:	msz-ap25\/35\/42\/50vgk-e7	scope:	lte	version:	35.00	Trust: 1.0
vendor:	mitsubishielectric	model:	msz-ap25\/35\/42\/50\/60\/71vgk-et3	scope:	lte	version:	35.00	Trust: 1.0
vendor:	mitsubishielectric	model:	msz-bt20\/25\/35\/50vgk-e3	scope:	lte	version:	35.00	Trust: 1.0
vendor:	mitsubishielectric	model:	msz-ef22\/25\/35\/42\/50vgkw-et2	scope:	lte	version:	35.00	Trust: 1.0
vendor:	mitsubishielectric	model:	msz-ap15\/20\/25\/35\/42\/50\/60\/71vgk-et2	scope:	lte	version:	35.00	Trust: 1.0
vendor:	mitsubishielectric	model:	msz-hr25\/35\/42\/50\/60\/71vfk-er1	scope:	lte	version:	35.00	Trust: 1.0
vendor:	mitsubishielectric	model:	msz-ap22\/25\/35\/42\/50\/60\/71\/80vgkd-a2	scope:	lte	version:	35.00	Trust: 1.0
vendor:	mitsubishielectric	model:	msz-ln18\/25\/35\/50\/60vg2r-e2	scope:	lte	version:	35.00	Trust: 1.0
vendor:	mitsubishielectric	model:	msz-ln25\/35\/50\/60vg2v-et3	scope:	lte	version:	35.00	Trust: 1.0
vendor:	mitsubishielectric	model:	msz-exa09\/12vak	scope:	lte	version:	35.00	Trust: 1.0
vendor:	mitsubishielectric	model:	msz-ap25\/35\/42\/50\/60\/71vgk-e3	scope:	lte	version:	35.00	Trust: 1.0
vendor:	mitsubishielectric	model:	msz-ln25\/35\/50\/60vg2b-er2	scope:	lte	version:	35.00	Trust: 1.0
vendor:	mitsubishielectric	model:	msz-ap25\/35\/42\/50\/60\/71vgk-er3	scope:	lte	version:	35.00	Trust: 1.0
vendor:	mitsubishielectric	model:	msz-ap25\/35\/42\/50vgk-en2	scope:	lte	version:	35.00	Trust: 1.0
vendor:	mitsubishielectric	model:	msz-ef22\/25\/35\/42\/50vgkb-et1	scope:	lte	version:	35.00	Trust: 1.0
vendor:	mitsubishielectric	model:	msz-ef18\/22\/25\/35\/42\/50vgkb-e1	scope:	lte	version:	35.00	Trust: 1.0
vendor:	mitsubishielectric	model:	msz-ln25\/35\/50\/60vg2v-er3	scope:	lte	version:	35.00	Trust: 1.0
vendor:	mitsubishielectric	model:	msz-ap25\/35\/42\/50vgk-e1	scope:	lte	version:	35.00	Trust: 1.0
vendor:	mitsubishielectric	model:	msz-ky09\/12\/18vfk	scope:	lte	version:	35.00	Trust: 1.0
vendor:	mitsubishielectric	model:	msz-ef22\/25\/35\/42\/50vgkb-a1	scope:	lte	version:	35.00	Trust: 1.0
vendor:	mitsubishielectric	model:	msz-ap25\/35\/42\/50vgk-e8	scope:	lte	version:	35.00	Trust: 1.0
vendor:	mitsubishielectric	model:	msy-gp10\/13\/15\/18\/20\/24vfk-sg1	scope:	lte	version:	35.00	Trust: 1.0
vendor:	mitsubishielectric	model:	msz-ap25\/35\/42\/50vgk-er1	scope:	lte	version:	35.00	Trust: 1.0
vendor:	mitsubishielectric	model:	msz-ef22\/25\/35\/42\/50vgkb-et2	scope:	lte	version:	35.00	Trust: 1.0
vendor:	mitsubishielectric	model:	msz-ln25\/35\/50\/60vg2r-er3	scope:	lte	version:	35.00	Trust: 1.0
vendor:	mitsubishielectric	model:	msz-ln25\/35\/50vg2b-en2	scope:	lte	version:	35.00	Trust: 1.0
vendor:	mitsubishielectric	model:	msz-ef22\/25\/35\/42\/50vgkb-er2	scope:	lte	version:	35.00	Trust: 1.0
vendor:	mitsubishielectric	model:	msz-ap25\/35\/42\/50vgk-en3	scope:	lte	version:	35.00	Trust: 1.0
vendor:	mitsubishielectric	model:	msz-ef18\/22\/25\/35\/42\/50vgks-e2	scope:	lte	version:	35.00	Trust: 1.0
vendor:	mitsubishielectric	model:	msz-hr25\/35\/42\/50\/60\/71vfk-e1	scope:	lte	version:	35.00	Trust: 1.0
vendor:	mitsubishielectric	model:	msz-ln18\/25\/35\/50\/60vg2w-e3	scope:	lte	version:	35.00	Trust: 1.0
vendor:	mitsubishielectric	model:	msz-ap15\/20\/25\/35\/42\/50\/60\/71vgk-er2	scope:	lte	version:	35.00	Trust: 1.0
vendor:	mitsubishielectric	model:	msz-ay25\/35\/42\/50vgk-sc1	scope:	lte	version:	35.00	Trust: 1.0
vendor:	mitsubishielectric	model:	msz-ln18\/25\/35\/50\/60vg2r-e3	scope:	lte	version:	35.00	Trust: 1.0
vendor:	mitsubishielectric	model:	msz-ln25\/35\/50\/60vg2r-a2	scope:	lte	version:	35.00	Trust: 1.0
vendor:	mitsubishielectric	model:	msz-rw25\/35\/50vg-et1	scope:	lte	version:	35.00	Trust: 1.0
vendor:	mitsubishielectric	model:	msz-rw25\/35\/50vg-sc1	scope:	lte	version:	35.00	Trust: 1.0
vendor:	mitsubishielectric	model:	msz-ln18\/25\/35\/50\/60vg2b-e3	scope:	lte	version:	35.00	Trust: 1.0
vendor:	mitsubishielectric	model:	msz-ln18\/25\/35\/50\/60vg2w-e2	scope:	lte	version:	35.00	Trust: 1.0
vendor:	mitsubishielectric	model:	msz-ef22\/25\/35\/42\/50vgks-a1	scope:	lte	version:	35.00	Trust: 1.0
vendor:	mitsubishielectric	model:	msz-ft25\/35\/50vgk-et1	scope:	lte	version:	35.00	Trust: 1.0
vendor:	mitsubishielectric	model:	mac-588if-e	scope:	lte	version:	35.00	Trust: 1.0
vendor:	mitsubishielectric	model:	msz-ay25\/35\/42\/50vgkp-sc1	scope:	lte	version:	35.00	Trust: 1.0
vendor:	mitsubishielectric	model:	mfz-gxt50\/60\/73vfk	scope:	lte	version:	35.00	Trust: 1.0
vendor:	mitsubishielectric	model:	msz-ln18\/25\/35\/50\/60vg2v-e3	scope:	lte	version:	35.00	Trust: 1.0
vendor:	mitsubishielectric	model:	msz-bt20\/25\/35\/50vgk-et3	scope:	lte	version:	35.00	Trust: 1.0
vendor:	mitsubishielectric	model:	msz-ap25\/35\/42\/50vgk-en1	scope:	lte	version:	35.00	Trust: 1.0
vendor:	mitsubishielectric	model:	msz-bt20\/25\/35\/50vgk-et1	scope:	lte	version:	35.00	Trust: 1.0
vendor:	mitsubishielectric	model:	msz-gzy09\/12\/18vfk	scope:	lte	version:	35.00	Trust: 1.0
vendor:	mitsubishielectric	model:	msz-ef18\/22\/25\/35\/42\/50vgkb-e2	scope:	lte	version:	35.00	Trust: 1.0
vendor:	mitsubishielectric	model:	msz-ay25\/35\/42\/50vgkp-e6	scope:	lte	version:	35.00	Trust: 1.0
vendor:	mitsubishielectric	model:	msz-ay25\/35\/42\/50vgk-e6	scope:	lte	version:	35.00	Trust: 1.0
vendor:	mitsubishielectric	model:	msz-ef22\/25\/35\/42\/50vgks-er1	scope:	lte	version:	35.00	Trust: 1.0
vendor:	mitsubishielectric	model:	ma-ew85s-e	scope:	lte	version:	80.00	Trust: 1.0
vendor:	mitsubishielectric	model:	msz-ln25\/35\/50\/60vg2r-et2	scope:	lte	version:	35.00	Trust: 1.0
vendor:	mitsubishielectric	model:	msz-bt20\/25\/35\/50vgk-e2	scope:	lte	version:	35.00	Trust: 1.0
vendor:	mitsubishielectric	model:	msz-ln25\/35\/50\/60vg2b-et3	scope:	lte	version:	35.00	Trust: 1.0
vendor:	mitsubishielectric	model:	msz-ln25\/35\/50\/60vg2r-et3	scope:	lte	version:	35.00	Trust: 1.0
vendor:	mitsubishielectric	model:	msz-ln25\/35\/50\/60vg2v-et2	scope:	lte	version:	35.00	Trust: 1.0
vendor:	mitsubishielectric	model:	mac-587if2-e	scope:	lte	version:	35.00	Trust: 1.0
vendor:	mitsubishielectric	model:	msz-ef22\/25\/35\/42\/50vgkw-a1	scope:	lte	version:	35.00	Trust: 1.0
vendor:	mitsubishielectric	model:	msz-ln25\/35\/50\/60vg2b-er3	scope:	lte	version:	35.00	Trust: 1.0
vendor:	mitsubishielectric	model:	msz-ef22\/25\/35\/42\/50vgkw-er2	scope:	lte	version:	35.00	Trust: 1.0
vendor:	mitsubishielectric	model:	msz-ln25\/35\/50\/60vg2b-et2	scope:	lte	version:	35.00	Trust: 1.0
vendor:	mitsubishielectric	model:	msz-ln25\/35\/50\/60vg2b-a2	scope:	lte	version:	35.00	Trust: 1.0
vendor:	mitsubishielectric	model:	msz-ln25\/35\/50vg2v-sc1	scope:	lte	version:	35.00	Trust: 1.0
vendor:	mitsubishielectric	model:	msz-wx18\/20\/25vfk	scope:	lte	version:	35.00	Trust: 1.0
vendor:	mitsubishielectric	model:	msz-zy09\/12\/18vfk	scope:	lte	version:	35.00	Trust: 1.0
vendor:	mitsubishielectric	model:	mfz-xt50\/60vfk	scope:	lte	version:	35.00	Trust: 1.0
vendor:	mitsubishielectric	model:	msz-ay25\/35\/42\/50vgk-er1	scope:	lte	version:	35.00	Trust: 1.0
vendor:	mitsubishielectric	model:	msz-ln25\/35\/50\/60vg2r-er2	scope:	lte	version:	35.00	Trust: 1.0
vendor:	mitsubishielectric	model:	msz-eza09\/12vak	scope:	lte	version:	35.00	Trust: 1.0
vendor:	mitsubishielectric	model:	msz-ln25\/35\/50\/60vg2v-er2	scope:	lte	version:	35.00	Trust: 1.0
vendor:	mitsubishielectric	model:	ma-ew85s-uk	scope:	lte	version:	80.00	Trust: 1.0
vendor:	mitsubishielectric	model:	msz-ln18\/25\/35\/50\/60vg2b-e2	scope:	lte	version:	35.00	Trust: 1.0
vendor:	mitsubishielectric	model:	msz-ay25\/35\/42\/50vgk-et1	scope:	lte	version:	35.00	Trust: 1.0
vendor:	mitsubishielectric	model:	msz-ef22\/25\/35\/42\/50vgkw-er1	scope:	lte	version:	35.00	Trust: 1.0
vendor:	mitsubishielectric	model:	msz-ft25\/35\/50vgk-sc1	scope:	lte	version:	35.00	Trust: 1.0
vendor:	mitsubishielectric	model:	msz-ln18\/25\/35\/50vg2w-sc1	scope:	lte	version:	35.00	Trust: 1.0
vendor:	mitsubishielectric	model:	msxy-fp05\/07\/10\/13\/18\/20\/24vgk-sg1	scope:	lte	version:	35.00	Trust: 1.0
vendor:	mitsubishielectric	model:	msz-ft25\/35\/50vgk-e1	scope:	lte	version:	35.00	Trust: 1.0
vendor:	mitsubishielectric	model:	msz-ln25\/35\/50\/60vg2w-et3	scope:	lte	version:	35.00	Trust: 1.0
vendor:	mitsubishielectric	model:	msz-rw25\/35\/50vg-er1	scope:	lte	version:	35.00	Trust: 1.0
vendor:	mitsubishielectric	model:	msz-hr25\/35\/42\/50vfk-e6	scope:	lte	version:	35.00	Trust: 1.0
vendor:	mitsubishielectric	model:	msz-ln18\/25\/35\/50\/60vg2w-er2	scope:	lte	version:	35.00	Trust: 1.0
vendor:	mitsubishielectric	model:	msz-ay25\/35\/42\/50vgk-e1	scope:	lte	version:	35.00	Trust: 1.0
vendor:	mitsubishielectric	model:	mac-507if-e	scope:	lte	version:	35.00	Trust: 1.0
vendor:	mitsubishielectric	model:	msz-ay25\/35\/42\/50vgkp-er1	scope:	lte	version:	35.00	Trust: 1.0
vendor:	mitsubishielectric	model:	msz-ln25\/35\/50\/60vg2v-a2	scope:	lte	version:	35.00	Trust: 1.0
vendor:	mitsubishielectric	model:	msz-ln18\/25\/35\/50\/60vg2w-et2	scope:	lte	version:	35.00	Trust: 1.0
vendor:	mitsubishielectric	model:	msz-ap22\/25\/35\/42\/50\/61\/70\/80vgkd-a1	scope:	lte	version:	35.00	Trust: 1.0
vendor:	mitsubishielectric	model:	msz-bt20\/25\/35\/50vgk-e1	scope:	lte	version:	35.00	Trust: 1.0
vendor:	mitsubishielectric	model:	msz-ln25\/35\/50\/60vg2w-er3	scope:	lte	version:	35.00	Trust: 1.0
vendor:	mitsubishielectric	model:	msz-ln25\/35\/50vg2w-en2	scope:	lte	version:	35.00	Trust: 1.0
vendor:	mitsubishielectric	model:	msz-rw25\/35\/50vg-e1	scope:	lte	version:	35.00	Trust: 1.0
vendor:	mitsubishielectric	model:	msz-ef22\/25\/35\/42\/50vgkw-et1	scope:	lte	version:	35.00	Trust: 1.0
vendor:	mitsubishielectric	model:	msz-hr25\/35\/42\/50\/60\/71vfk-et1	scope:	lte	version:	35.00	Trust: 1.0
vendor:	mitsubishielectric	model:	mac-587if-e	scope:	lte	version:	35.00	Trust: 1.0
vendor:	mitsubishielectric	model:	msz-bt20\/25\/35\/50vgk-er1	scope:	lte	version:	35.00	Trust: 1.0
vendor:	mitsubishielectric	model:	msz-ln25\/35\/50vg2r-en2	scope:	lte	version:	35.00	Trust: 1.0
vendor:	mitsubishielectric	model:	msz-ef22\/25\/35\/42\/50vgks-et1	scope:	lte	version:	35.00	Trust: 1.0
vendor:	mitsubishielectric	model:	msz-ln25\/35\/50vg2v-en2	scope:	lte	version:	35.00	Trust: 1.0
vendor:	mitsubishielectric	model:	msz-ef18\/22\/25\/35\/42\/50vgkw-e1	scope:	lte	version:	35.00	Trust: 1.0
vendor:	mitsubishielectric	model:	msz-ef22\/25\/35\/42\/50vgks-et2	scope:	lte	version:	35.00	Trust: 1.0
vendor:	mitsubishielectric	model:	s-mac-002if	scope:	lte	version:	35.00	Trust: 1.0
vendor:	mitsubishielectric	model:	msz-ap25\/35\/42\/50vgk-et1	scope:	lte	version:	35.00	Trust: 1.0
vendor:	mitsubishielectric	model:	msz-ft25\/35\/50vgk-e2	scope:	lte	version:	35.00	Trust: 1.0
vendor:	mitsubishielectric	model:	msz-ln18\/25\/35\/50\/60vg2v-e2	scope:	lte	version:	35.00	Trust: 1.0
vendor:	mitsubishielectric	model:	msz-bt20\/25\/35\/50vgk-er2	scope:	lte	version:	35.00	Trust: 1.0
vendor:	mitsubishielectric	model:	msz-ef18\/22\/25\/35\/42\/50vgkw-e2	scope:	lte	version:	35.00	Trust: 1.0
vendor:	mitsubishielectric	model:	msz-ln25\/35\/50vg2r-sc1	scope:	lte	version:	35.00	Trust: 1.0
vendor:	mitsubishielectric	model:	msz-ef22\/25\/35\/42\/50vgks-er2	scope:	lte	version:	35.00	Trust: 1.0
vendor:	mitsubishielectric	model:	msz-ln25\/35\/50vg2b-sc1	scope:	lte	version:	35.00	Trust: 1.0

sources: NVD: CVE-2022-33322

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-33322
value:	MEDIUM
Trust: 1.0
134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2022-33322
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-202211-2339
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2022-33322
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.1
Trust: 2.0

sources: CNNVD: CNNVD-202211-2339 // NVD: CVE-2022-33322 // NVD: CVE-2022-33322

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.0

sources: NVD: CVE-2022-33322

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202211-2339

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202211-2339

PATCH

title:

Mitsubishi Electric consumer electronics products Fixes for cross-site scripting vulnerabilities

url:

http://123.124.177.30/web/xxk/bdxqById.tag?id=214622

Trust: 0.6

sources: CNNVD: CNNVD-202211-2339

EXTERNAL IDS

db:	NVD	id:	CVE-2022-33322	Trust: 1.7
db:	JVN	id:	JVNVU96767562	Trust: 1.6
db:	CNNVD	id:	CNNVD-202211-2339	Trust: 0.6
db:	OTHER	id:	NONE	Trust: 0.1

sources: OTHER: None // CNNVD: CNNVD-202211-2339 // NVD: CVE-2022-33322

REFERENCES

url:	https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-011_en.pdf	Trust: 1.6
url:	https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2022-011.pdf	Trust: 1.6
url:	https://jvn.jp/vu/jvnvu96767562/index.html	Trust: 1.6
url:	https://cxsecurity.com/cveshow/cve-2022-33322/	Trust: 0.6
url:	https://ieeexplore.ieee.org/abstract/document/10769424	Trust: 0.1

sources: OTHER: None // CNNVD: CNNVD-202211-2339 // NVD: CVE-2022-33322

SOURCES

db:	OTHER	id:	-
db:	CNNVD	id:	CNNVD-202211-2339
db:	NVD	id:	CVE-2022-33322

LAST UPDATE DATE

2025-05-01T21:19:20.047000+00:00

SOURCES UPDATE DATE

db:	CNNVD	id:	CNNVD-202211-2339	date:	2022-11-23T00:00:00
db:	NVD	id:	CVE-2022-33322	date:	2025-05-01T15:15:55.120

SOURCES RELEASE DATE

db:	CNNVD	id:	CNNVD-202211-2339	date:	2022-11-08T00:00:00
db:	NVD	id:	CVE-2022-33322	date:	2022-11-08T20:15:11.017