CVE-2022-33323 HIGH

CVE-2022-33323: Authentication Bypass Vulnerability in Robot Controller of MELFA SD/SQ series and F-series

Vendor Mitsubishi Electric Corporation
Product MELFA SD/SQ Series Controller CR1DA-771 of RV-2SD
Weakness CWE-489
Published February 2, 2023
Last update March 26, 2025

CVSS base score

7.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

What the vulnerability does

01Description

Active Debug Code vulnerability in robot controller of Mitsubishi Electric Corporation industrial robot MELFA SD/SQ Series and MELFA F-Series allows a remote unauthenticated attacker to gain unauthorized access by authentication bypass through an unauthorized telnet login. As for the affected model names, controller types and firmware versions, see the Mitsubishi Electric's advisory which is listed in [References] section.

Key dates

02Disclosure timeline

February 2, 2023 CVE published
March 26, 2025 Record updated