Melsec Iq R R00 Cpu Firmware
CVE-2022-33324
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionNVD
Improper Resource Shutdown or Release vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series R00/01/02CPU Firmware versions "32" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions "65" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R08/16/32/120SFCPU Firmware versions "29" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R08/16/32/120PSFCPU Firmware versions "08" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R12CCPU-V Firmware versions "17" and prior, Mitsubishi Electric Corporation MELSEC iQ-L Series L04/08/16/32HCPU Firmware versions "05" and prior and Mitsubishi Electric Corporation MELIPC Series MI5122-VW Firmware versions "07" and prior allows a remote unauthenticated attacker to cause a Denial of Service condition in Ethernet communication on the module by sending specially crafted packets. A system reset of the module is required for recovery.
AnalysisAI
Improper Resource Shutdown or Release vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series R00/01/02CPU Firmware versions "32" and prior, Mitsubishi Electric Corporation MELSEC iQ-R. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Technical ContextAI
This vulnerability is classified under CWE-404. Improper Resource Shutdown or Release vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series R00/01/02CPU Firmware versions "32" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions "65" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R08/16/32/120SFCPU Firmware versions "29" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R08/16/32/120PSFCPU Firmware versions "08" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R12CCPU-V Firmware versions "17" and prior, Mitsubishi Electric Corporation MELSEC iQ-L Series L04/08/16/32HCPU Firmware versions "05" and prior and Mitsubishi Electric Corporation MELIPC Series MI5122-VW Firmware versions "07" and prior allows a remote unauthenticated attacker to cause a Denial of Service condition in Ethernet communication on the module by sending specially crafted packets. A system reset of the module is required for recovery. Affected products include: Mitsubishi Melsec Iq-R R00 Cpu Firmware, Mitsubishi Melsec Iq-R R01 Cpu Firmware, Mitsubishi Melsec Iq-R R02 Cpu Firmware, Mitsubishi Melsec Iq-R R04 Cpu Firmware, Mitsubishi Melsec Iq-R R08 Cpu Firmware.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Melsec Iq R R00 Cpu Firmware
View allImproper Input Validation vulnerability in Mitsubishi Electric MELSEC iQ-R Series R00/01/02CPU, MELSEC iQ-R Series R04/0
Improper Handling of Length Parameter Inconsistency vulnerability in Mitsubishi Electric MELSEC iQ-R Series R00/01/02CPU
Uncontrolled Resource Consumption vulnerability in Mitsubishi Electric MELSEC iQ-R Series R00/01/02CPU, MELSEC iQ-R Seri
Same weakness CWE-404 – Improper Resource Shutdown or Release
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today