← Back to home
ICSA-22-160-01  ·  Published 2022-06-09  ·  View on CISA ICS-CERT ↗

Mitsubishi Electric Air Conditioning Systems

CVSS 7.5 HIGH

Risk Summary

Successful exploitation of these vulnerabilities could allow an attacker to disclose or tamper data in communication between the air conditioning system and the external computers or cause a denial-of-service condition.

CVEs (5)

Remediations

  • G-150AD: Replace the air conditioning systems to AE-200J, AE-50J or EW-50J Version 7.98 or later
  • AG-150A-A: Replace the air conditioning systems to AE-200A, AE-50A or EW-50A Version 7.98 or later
  • AG-150A-J: Replace the air conditioning systems to AE-200E, AE-50E or EW-50E Version 7.98 or later
  • GB-50AD: Replace the air conditioning systems to AE-200J, AE-50J or EW-50J Version 7.98 or later
  • GB-50ADA-A: Replace the air conditioning systems to AE-200A, AE-50A or EW-50A Version 7.98 or later
  • GB-50ADA-J: Replace the air conditioning systems to AE-200E, AE-50E or EW-50E Version 7.98 or later
  • EB-50GU-A: Update to Version 7.11 or later
  • EB-50GU-J: Update to Version 7.11 or later
  • AE-200J: Update to Version 7.98 or later
  • AE-200A: Update to Version 7.98 or later
  • AE-200E: Update to Version 7.98 or later
  • AE-50J: Update to Version 7.98 or later
  • AE-50A: Update to Version 7.98 or later
  • AE-50E: Update to Version 7.98 or later
  • EW-50J: Update to Version 7.98 or later
  • EW-50A: Update to Version 7.98 or later
  • EW-50E: Update to Version 7.98 or later
  • TE-200A: Update to Version 7.98 or later
  • TE-50A: Update to Version 7.98 or later
  • TW-50A: Update to Version 7.98 or later
  • To minimize the risk of these vulnerabilities being exploited, please make sure air conditioning systems are properly configured as recommended by Mitsubishi Electric. Mitsubishi Electric recommends taking the following mitigation measures:
  • Restrict the access to air conditioning systems from untrusted networks and hosts.
  • Use an anti-virus software and update the OS and the web browser to the latest version on your computer to connect your air conditioning system.
  • See Mitsubishi Electric's security bulletin for more information.

Affected Vendors

Mitsubishi Electric

Affected Products (20)

Mitsubishi Electric · AE-200A <= 7.97
Mitsubishi Electric · AE-200E <= 7.97
Mitsubishi Electric · AE-200J <= 7.97
Mitsubishi Electric · AE-50A <= 7.97
Mitsubishi Electric · AE-50E <= 7.97
Mitsubishi Electric · AE-50J <= 7.97
Mitsubishi Electric · AG-150A-A <= 3.21
Mitsubishi Electric · AG-150A-J <= 3.21
Mitsubishi Electric · EB-50GU-A <= 7.10
Mitsubishi Electric · EB-50GU-J <= 7.10
Mitsubishi Electric · EW-50A <= 7.97
Mitsubishi Electric · EW-50E <= 7.97
Mitsubishi Electric · EW-50J <= 7.97
Mitsubishi Electric · G-150AD <= 3.21
Mitsubishi Electric · GB-50AD <= 3.21
Mitsubishi Electric · GB-50ADA-A <= 3.21
Mitsubishi Electric · GB-50ADA-J <= 3.21
Mitsubishi Electric · TE-200A <= 7.97
Mitsubishi Electric · TE-50A <= 7.97
Mitsubishi Electric · TW-50A <= 7.97

Affected Sectors

Commercial Facilities

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more