Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2022-24946
HistoryJun 15, 2022 - 9:15 p.m.

CVE-2022-24946

2022-06-1521:15:09
CWE-667
[email protected]
web.nvd.nist.gov
46
7
vulnerability
mitsubishi electric
melsec
dos
ethernet
communication
security
firmware
cve-2022-24946

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.8 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.003 Low

EPSS

Percentile

69.2%

JSON

Improper Resource Locking vulnerability in Mitsubishi Electric MELSEC iQ-R Series R12CCPU-V firmware versions “16” and prior, Mitsubishi Electric MELSEC-Q Series Q03UDECPU the first 5 digits of serial No. “24061” and prior, Mitsubishi Electric MELSEC-Q Series Q04/06/10/13/20/26/50/100UDEHCPU the first 5 digits of serial No. “24061” and prior, Mitsubishi Electric MELSEC-Q Series Q03/04/06/13/26UDVCPU the first 5 digits of serial number “24051” and prior, Mitsubishi Electric MELSEC-Q Series Q04/06/13/26UDPVCPU the first 5 digits of serial number “24051” and prior, Mitsubishi Electric MELSEC-Q Series Q12DCCPU-V all versions, Mitsubishi Electric MELSEC-Q Series Q24DHCCPU-V(G) all versions, Mitsubishi Electric MELSEC-Q Series Q24/26DHCCPU-LS all versions, Mitsubishi Electric MELSEC-L series L02/06/26CPU(-P) the first 5 digits of serial number “24051” and prior, Mitsubishi Electric MELSEC-L series L26CPU-(P)BT the first 5 digits of serial number “24051” and prior and Mitsubishi Electric MELIPC Series MI5122-VW firmware versions “05” and prior allows a remote unauthenticated attacker to cause a denial of service (DoS) condition in Ethernet communications by sending specially crafted packets. A system reset of the products is required for recovery.

Affected configurations

NVD
Node
mitsubishielectricq03udecpu_firmwareMatch-
AND
mitsubishielectricq03udecpuMatch-
Node
mitsubishielectricq04udehcpu_firmwareMatch-
AND
mitsubishielectricq04udehcpuMatch-
Node
mitsubishielectricq04udpvcpu_firmwareMatch-
AND
mitsubishielectricq04udpvcpuMatch-
Node
mitsubishielectricq04udvcpu_firmwareMatch-
AND
mitsubishielectricq04udvcpuMatch-
Node
mitsubishielectricq100udehcpu_firmwareMatch-
AND
mitsubishielectricq100udehcpuMatch-
Node
mitsubishielectricq50udehcpu_firmwareMatch-
AND
mitsubishielectricq50udehcpuMatch-
Node
mitsubishielectricq26dhccpu-ls_firmwareMatch-
AND
mitsubishielectricq26dhccpu-lsMatch-
Node
mitsubishielectricq26udehcpu_firmwareMatch-
AND
mitsubishielectricq26udehcpuMatch-
Node
mitsubishielectricq26udpvcpu_firmwareMatch-
AND
mitsubishielectricq26udpvcpuMatch-
Node
mitsubishielectricq26udvcpu_firmwareMatch-
AND
mitsubishielectricq26udvcpuMatch-
Node
mitsubishielectricq20udehcpu_firmwareMatch-
AND
mitsubishielectricq20udehcpuMatch-
Node
mitsubishielectricq13udehcpu_firmwareMatch-
AND
mitsubishielectricq13udehcpuMatch-
Node
mitsubishielectricq13udpvcpu_firmwareMatch-
AND
mitsubishielectricq13udpvcpuMatch-
Node
mitsubishielectricq13udvcpu_firmwareMatch-
AND
mitsubishielectricq13udvcpuMatch-
Node
mitsubishielectricq10udehcpu_firmwareMatch-
AND
mitsubishielectricq10udehcpuMatch-
Node
mitsubishielectricq06ccpu-v_firmwareMatch-
AND
mitsubishielectricq06ccpu-vMatch-
Node
mitsubishielectricq06phcpu_firmwareMatch-
AND
mitsubishielectricq06phcpuMatch-
Node
mitsubishielectricq06udehcpu_firmwareMatch-
AND
mitsubishielectricq06udehcpuMatch-
Node
mitsubishielectricq06udpvcpu_firmwareMatch-
AND
mitsubishielectricq06udpvcpuMatch-
Node
mitsubishielectricq06udvcpu_firmwareMatch-
AND
mitsubishielectricq06udvcpuMatch-
Node
mitsubishielectricl02cpu_firmwareMatch-
AND
mitsubishielectricl02cpuMatch-
Node
mitsubishielectricl02cpu-p_firmwareMatch-
AND
mitsubishielectricl02cpu-pMatch-
Node
mitsubishielectricl02scpu_firmwareMatch-
AND
mitsubishielectricl02scpuMatch-
Node
mitsubishielectricl02scpu-p_firmwareMatch-
AND
mitsubishielectricl02scpu-pMatch-
Node
mitsubishielectricl06cpu_firmwareMatch-
AND
mitsubishielectricl06cpuMatch-
Node
mitsubishielectricl06cpu-p_firmwareMatch-
AND
mitsubishielectricl06cpu-pMatch-
Node
mitsubishielectricl26cpu_firmwareMatch-
AND
mitsubishielectricl26cpuMatch-
Node
mitsubishielectricl26cpu-\(p\)bt_firmwareMatch-
AND
mitsubishielectricl26cpu-\(p\)btMatch-
Node
mitsubishielectricl26cpu-bt_firmwareMatch-
AND
mitsubishielectricl26cpu-btMatch-
Node
mitsubishielectricl26cpu-bt-cm_firmwareMatch-
AND
mitsubishielectricl26cpu-bt-cmMatch-
Node
mitsubishielectricl26cpu-p_firmwareMatch-
AND
mitsubishielectricl26cpu-pMatch-
Node
mitsubishielectricl26cpu-pbt_firmwareMatch-
AND
mitsubishielectricl26cpu-pbtMatch-

CNA Affected

[
  {
    "product": "Mitsubishi Electric MELSEC iQ-R Series R12CCPU-V; Mitsubishi Electric MELSEC-Q Series Q03UDECPU; Mitsubishi Electric MELSEC-Q Series Q04/06/10/13/20/26/50/100UDEHCPU; Mitsubishi Electric MELSEC-Q Series Q03/04/06/13/26UDVCPU; Mitsubishi Electric MELSEC-Q Series Q04/06/13/26UDPVCPU; Mitsubishi Electric MELSEC-Q Series Q12DCCPU-V; Mitsubishi Electric MELSEC-Q Series Q24DHCCPU-V(G); Mitsubishi Electric MELSEC-Q Series Q24/26DHCCPU-LS; Mitsubishi Electric MELSEC-L series L02/06/26CPU(-P); Mitsubishi Electric MELSEC-L series L26CPU-(P)BT; Mitsubishi Electric MELIPC Series MI5122-VW",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Mitsubishi Electric MELSEC iQ-R Series R12CCPU-V firmware versions \"16\" and prior"
      },
      {
        "status": "affected",
        "version": "Mitsubishi Electric MELSEC-Q Series Q03UDECPU the first 5 digits of serial No. \"24061\" and prior"
      },
      {
        "status": "affected",
        "version": "Mitsubishi Electric MELSEC-Q Series Q04/06/10/13/20/26/50/100UDEHCPU the first 5 digits of serial No. \"24061\" and prior"
      },
      {
        "status": "affected",
        "version": "Mitsubishi Electric MELSEC-Q Series Q03/04/06/13/26UDVCPU the first 5 digits of serial number \"24051\" and prior"
      },
      {
        "status": "affected",
        "version": "Mitsubishi Electric MELSEC-Q Series Q04/06/13/26UDPVCPU the first 5 digits of serial number \"24051\" and prior"
      },
      {
        "status": "affected",
        "version": "Mitsubishi Electric MELSEC-Q Series Q12DCCPU-V all versions"
      },
      {
        "status": "affected",
        "version": "Mitsubishi Electric MELSEC-Q Series Q24DHCCPU-V(G) all versions"
      },
      {
        "status": "affected",
        "version": "Mitsubishi Electric MELSEC-Q Series Q24/26DHCCPU-LS all versions"
      },
      {
        "status": "affected",
        "version": "Mitsubishi Electric MELSEC-L series L02/06/26CPU(-P) the first 5 digits of serial number \"24051\" and prior"
      },
      {
        "status": "affected",
        "version": "Mitsubishi Electric MELSEC-L series L26CPU-(P)BT the first 5 digits of serial number \"24051\" and prior"
      },
      {
        "status": "affected",
        "version": "Mitsubishi Electric MELIPC Series MI5122-VW firmware versions \"05\" and prior"
      }
    ]
  }
]

Social References

More

Related

nessus 1
nvd 1
ics 1
cvelist 1
cnvd 1
prion 1
nessus
nessus
Mitsubishi Electric MELSEC iQ-R, Q, L Series and MELIPC Series Improper Resource Locking (CVE-2022-24946)
2022-07-05 00:00:00
nvd
nvd
CVE-2022-24946
2022-06-15 21:15:09
ics
ics
Mitsubishi Electric MELSEC iQ-R, Q, L Series and MELIPC Series (Update C)
2024-06-04 12:00:00
cvelist
cvelist
CVE-2022-24946
2022-06-15 20:18:35
cnvd
cnvd
Mitsubishi Electric MELSEC-Q Series Denial of Service Vulnerability
2022-06-17 00:00:00
prion
prion
Design/Logic Flaw
2022-06-15 21:15:00

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.8 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.003 Low

EPSS

Percentile

69.2%

JSON
Related for CVE-2022-24946
nessus1nvd1ics1cvelist1cnvd1prion1