N/A

Missing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation G-50 all versions, G-50-W all versions, G-50A all versions, GB-50 all versions, GB-50A all versions, GB-24A all versions, G-150AD all versions, AG-150A-A all versions, AG-150A-J all versions, GB-50AD all versions, GB-50ADA-A all versions, GB-50ADA-J all versions, EB-50GU-A all versions, EB-50GU-J all versions, AE-200J all versions, AE-200A all versions, AE-200E all versions, AE-50J all versions, AE-50A all versions, AE-50E all versions, EW-50J all versions, EW-50A all versions, EW-50E all versions, TE-200A all versions, TE-50A all versions, TW-50A all versions, and CMS-RMD-J all versions allows a remote unauthenticated attacker to bypass authentication and then control the air conditioning systems illegally, or disclose information in them by exploiting this vulnerability. In addition, the attacker may tamper with firmware for them using the disclosed information.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

关键功能的认证机制缺失

Mitsubishi Electric多款产品 访问控制错误漏洞

Mitsubishi Electric G-50等都是日本三菱电机（Mitsubishi Electric）公司的一款空调集中控制器。 Mitsubishi Electric多款产品存在访问控制错误漏洞，该漏洞源于缺少关键功能身份验证，可能导致非法控制空调系统或信息泄露。以下产品和版本受到影响：G-50 3.37及之前版本、G-50-W 3.37及之前版本、G-50A 3.37及之前版本、GB-50 3.37及之前版本、GB-50A 3.37及之前版本、GB-24A 9.12及之前版本、G-150AD 3

N/A

N/A