Mitsubishi Electric Air Conditioning System

Risk Summary

An attacker could exploit this vulnerability by impersonating administrators to disclose configuration information of the air conditioning system in order to tamper with operation information and system configuration.

CVEs (1)

Remediations

• G-50A: Version 3.37 or later
• GB-50A: Version 3.37 or later
• AG-150A-A: Version 3.21 or later
• AG-150A-J: Version 3.21 or later
• GB-50ADA-A: Version 3.21 or later
• GB-50ADA-J: Version 3.21 or later
• EB-50GU-A: Version 7.10 or later
• EB-50GU-J: Version 7.10 or later
• AE-200A: Version 7.95 or later
• AE-200E: Version 7.95 or later
• AE-50A: Version 7.95 or later
• AE-50E: Version 7.95 or later
• EW-50A: Version 7.95 or later
• EW-50E: Version 7.95 or later
• TE-200A: Version 7.95 or later
• TE-50A: Version 7.95 or later
• TW-50A: Version 7.95 or later
• CMS-RMD-J: Version 1.40 or later
• PAC-YG50ECA: Version 2.21 or later
• Use a VPN router, etc. when connecting the air conditioning system to the Internet.
• Use an antivirus software computer on systems used to connect conditioning systems.
• Restrict the access to air conditioning systems from untrusted networks and hosts.
• Change default usernames and passwords.
• Please contact a distributor or Mitsubishi Electric representative for available updates.

Affected Vendors

Affected Products (19)

Affected Sectors

Commercial Facilities