Skip to main content

Melsec Iq Fx5U 32Mt Es Firmware CVE-2022-25161

HIGH
Improper Input Validation (CWE-20)
2022-05-18 Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
Information Disclosure Melsec Iq Fx5U 32Mt Es Firmware Melsec Iq Fx5U 32Mt Ds Firmware Melsec Iq Fx5U 32Mt Ess Firmware Melsec Iq Fx5U 32Mt Dss Firmware Melsec Iq Fx5U 32Mr Es Firmware Melsec Iq Fx5U 32Mr Ds Firmware Melsec Iq Fx5U 32Mr Ess Firmware Melsec Iq Fx5U 32Mr Dss Firmware Melsec Iq Fx5U 64Mt Es Firmware Melsec Iq Fx5U 64Mt Ds Firmware Melsec Iq Fx5U 64Mt Ess Firmware Melsec Iq Fx5U 64Mt Dss Firmware Melsec Iq Fx5U 64Mr Es Firmware Melsec Iq Fx5U 64Mr Ds Firmware Melsec Iq Fx5U 64Mr Ess Firmware Melsec Iq Fx5U 64Mr Dss Firmware Melsec Iq Fx5U 80Mt Es Firmware Melsec Iq Fx5U 80Mt Ds Firmware Melsec Iq Fx5U 80Mt Ess Firmware Melsec Iq Fx5U 80Mt Dss Firmware Melsec Iq Fx5U 80Mr Es Firmware Melsec Iq Fx5U 80Mr Ds Firmware Melsec Iq Fx5U 80Mr Ess Firmware Melsec Iq Fx5U 80Mr Dss Firmware Melsec Iq Fx5Uc 32Mt Dds Firmware Melsec Iq Fx5Uc 32Mt Ds Firmware Melsec Iq Fx5Uc 32Mr Dds Firmware Melsec Iq Fx5Uc 32Mr Ds Firmware Melsec Iq Fx5Uc 64Mt Dds Firmware Melsec Iq Fx5Uc 64Mt Ds Firmware Melsec Iq Fx5Uc 64Mr Dds Firmware Melsec Iq Fx5Uc 64Mr Ds Firmware Melsec Iq Fx5Uc 96Mt Dds Firmware Melsec Iq Fx5Uc 96Mt Ds Firmware Melsec Iq Fx5Uc 96Mr Dds Firmware Melsec Iq Fx5Uc 96Mr Ds Firmware Melsec Iq Fx5Uc 32Mt Ds Ts Firmware Melsec Iq Fx5Uc 32Mt Dss Ts Firmware Melsec Iq Fx5Uc 32Mr Ds Ts Firmware Melsec Iq Fx5Uj 24Mt Es Firmware Melsec Iq Fx5Uj 24Mt Ess Firmware Melsec Iq Fx5Uj 24Mr Es Firmware Melsec Iq Fx5Uj 24Mr Ess Firmware Melsec Iq Fx5Uj 40Mt Es Firmware Melsec Iq Fx5Uj 40Mt Ess Firmware Melsec Iq Fx5Uj 40Mr Es Firmware Melsec Iq Fx5Uj 40Mr Ess Firmware Melsec Iq Fx5Uj 60Mt Es Firmware Melsec Iq Fx5Uj 60Mt Ess Firmware Melsec Iq Fx5Uj 60Mr Es Firmware Melsec Iq Fx5Uj 60Mr Ess Firmware Melsec Iq Fx5Uj 24Mt Es A Firmware Melsec Iq Fx5Uj 24Mr Es A Firmware Melsec Iq Fx5Uj 40Mt Es A Firmware Melsec Iq Fx5Uj 40Mr Es A Firmware Melsec Iq Fx5Uj 60Mt Es A Firmware Melsec Iq Fx5Uj 60Mr Es A Firmware Melsec Iq Fx5S 30Mt Es Firmware Melsec Iq Fx5S 30Mt Ess Firmware Melsec Iq Fx5S 30Mr Es Firmware Melsec Iq Fx5S 30Mr Ess Firmware Melsec Iq Fx5S 40Mt Es Firmware Melsec Iq Fx5S 40Mt Ess Firmware Melsec Iq Fx5S 40Mr Es Firmware Melsec Iq Fx5S 40Mr Ess Firmware Melsec Iq Fx5S 60Mt Es Firmware Melsec Iq Fx5S 60Mt Ess Firmware Melsec Iq Fx5S 60Mr Es Firmware Melsec Iq Fx5S 60Mr Ess Firmware Melsec Iq Fx5S 80Mt Es Firmware Melsec Iq Fx5S 80Mt Ess Firmware Melsec Iq Fx5S 80Mr Es Firmware Melsec Iq Fx5S 80Mr Ess Firmware
8.6
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.6 HIGH
AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
May 18, 2022 - 17:15 nvd
HIGH 8.6

DescriptionNVD

Improper Input Validation vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U-xMy/z(x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) with serial number 17X** or later and versions prior to 1.270, Mitsubishi Electric Mitsubishi Electric MELSEC iQ-F series FX5U-xMy/z(x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) with serial number 179 and prior and versions prior to 1.073, MELSEC iQ-F series FX5UC-xMy/z(x=32,64,96, y=T,R, z=D,DSS) with serial number 17X or later and versions prior to 1.270, Mitsubishi Electric MELSEC iQ-F series FX5UC-xMy/z(x=32,64,96, y=T,R, z=D,DSS) with serial number 179** and prior and versions prior to 1.073, Mitsubishi Electric MELSEC iQ-F series FX5UC-32MT/DS-TS versions prior to 1.270, Mitsubishi Electric MELSEC iQ-F series FX5UC-32MT/DSS-TS versions prior to 1.270, Mitsubishi Electric MELSEC iQ-F series FX5UC-32MR/DS-TS versions prior to 1.270, Mitsubishi Electric MELSEC iQ-F series FX5UJ-xMy/z(x=24,40,60, y=T,R, z=ES,ESS) versions prior to 1.030, Mitsubishi Electric MELSEC iQ-F series FX5UJ-xMy/ES-A(x=24,40,60, y=T,R) versions prior to 1.031 and Mitsubishi Electric MELSEC iQ-F series FX5S-xMy/z(x=30,40,60,80, y=T,R, z=ES,ESS) version 1.000 allows a remote unauthenticated attacker to cause a DoS condition for the product's program execution or communication by sending specially crafted packets. System reset of the product is required for recovery.

AnalysisAI

Improper Input Validation vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U-xMy/z(x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) with serial number 17X**** or later and versions prior to 1.270,. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-20. Improper Input Validation vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U-xMy/z(x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) with serial number 17X** or later and versions prior to 1.270, Mitsubishi Electric Mitsubishi Electric MELSEC iQ-F series FX5U-xMy/z(x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) with serial number 179 and prior and versions prior to 1.073, MELSEC iQ-F series FX5UC-xMy/z(x=32,64,96, y=T,R, z=D,DSS) with serial number 17X or later and versions prior to 1.270, Mitsubishi Electric MELSEC iQ-F series FX5UC-xMy/z(x=32,64,96, y=T,R, z=D,DSS) with serial number 179** and prior and versions prior to 1.073, Mitsubishi Electric MELSEC iQ-F series FX5UC-32MT/DS-TS versions prior to 1.270, Mitsubishi Electric MELSEC iQ-F series FX5UC-32MT/DSS-TS versions prior to 1.270, Mitsubishi Electric MELSEC iQ-F series FX5UC-32MR/DS-TS versions prior to 1.270, Mitsubishi Electric MELSEC iQ-F series FX5UJ-xMy/z(x=24,40,60, y=T,R, z=ES,ESS) versions prior to 1.030, Mitsubishi Electric MELSEC iQ-F series FX5UJ-xMy/ES-A(x=24,40,60, y=T,R) versions prior to 1.031 and Mitsubishi Electric MELSEC iQ-F series FX5S-xMy/z(x=30,40,60,80, y=T,R, z=ES,ESS) version 1.000 allows a remote unauthenticated attacker to cause a DoS condition for the product's program execution or communication by sending specially crafted packets. System reset of the product is required for recovery. Affected products include: Mitsubishielectric Melsec Iq-Fx5U-32Mt\/Es Firmware, Mitsubishielectric Melsec Iq-Fx5U-32Mt\/Ds Firmware, Mitsubishielectric Melsec Iq-Fx5U-32Mt\/Ess Firmware, Mitsubishielectric Melsec Iq-Fx5U-32Mt\/Dss Firmware, Mitsubishielectric Melsec Iq-Fx5U-32Mr\/Es Firmware. Version information: prior to 1.270.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

Share

CVE-2022-25161 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy