Improper Input Validation vulnerability in Mitsubishi Electric MELSEC-Q Series QJ71E71-100 first 5 digits of serial number 24061 or prior, Mitsubishi Electric MELSEC-L series LJ71E71-100 first 5 digits of serial number 24061 or prior and Mitsubishi Electric MELSEC iQ-R Series RD81MES96N firmware version 08 or prior allows a remote unauthenticated attacker to cause a denial of service (DoS) condition or execute malicious code on the target products by sending specially crafted packets.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(500799);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/04");
script_cve_id("CVE-2022-25163");
script_name(english:"Mitsubishi Electric MELSEC-Q/L and MELSEC iQ-R Improper Input Validation (CVE-2022-25163)");
script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
script_set_attribute(attribute:"description", value:
"Improper Input Validation vulnerability in Mitsubishi Electric
MELSEC-Q Series QJ71E71-100 first 5 digits of serial number 24061 or
prior, Mitsubishi Electric MELSEC-L series LJ71E71-100 first 5 digits
of serial number 24061 or prior and Mitsubishi Electric MELSEC iQ-R
Series RD81MES96N firmware version 08 or prior allows a remote
unauthenticated attacker to cause a denial of service (DoS) condition
or execute malicious code on the target products by sending specially
crafted packets.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
# https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-006_en.pdf
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?8ccb8d8a");
script_set_attribute(attribute:"see_also", value:"https://jvn.jp/vu/JVNVU92561747/index.html");
script_set_attribute(attribute:"see_also", value:"https://www.cisa.gov/news-events/ics-advisories/icsa-22-165-03");
script_set_attribute(attribute:"solution", value:
"The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.
Mitsubishi Electric has fixed this vulnerability in the following products:
- MELSEC-Q Series QJ71E71-100: First five digits of serial number 24062 and later
- MELSEC-L Series LJ71E71-100: First five digits of serial number 24062 and later
- MELSEC iQ-R Series RD81MES96N: firmware Version 09 and later
For more information on how to patch individual systems, please contact Mitsubishi Electric support.
If updating to a fixed version is not possible, Mitsubishi Electric recommends users take the following mitigations to
minimize risk:
- Use a firewall, virtual private network (VPN), web application firewall (WAF), etc. to prevent unauthorized access
when Internet access is required.
- Use within a LAN and block access from untrusted networks and hosts through firewalls.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-25163");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(20);
script_set_attribute(attribute:"vuln_publication_date", value:"2022/06/02");
script_set_attribute(attribute:"patch_publication_date", value:"2022/06/02");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/02/13");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishi:melsec_iq-r_rd81mes96n_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishi:melsec_lj71e71-100_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishi:melsec_qj71e71-100_firmware");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Tenable.ot");
script_copyright(english:"This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("tenable_ot_api_integration.nasl");
script_require_keys("Tenable.ot/Mitsubishi");
exit(0);
}
include('tenable_ot_cve_funcs.inc');
get_kb_item_or_exit('Tenable.ot/Mitsubishi');
var asset = tenable_ot::assets::get(vendor:'Mitsubishi');
var vuln_cpes = {
"cpe:/o:mitsubishi:melsec_iq-r_rd81mes96n_firmware" :
{"versionEndExcluding" : "09", "family" : "MELSECiQRCP"},
"cpe:/o:mitsubishi:melsec_qj71e71-100_firmware" :
{"versionEndExcluding" : "24062", "family" : "MELSECQ"},
"cpe:/o:mitsubishi:melsec_lj71e71-100_firmware" :
{"versionEndExcluding" : "24062", "family" : "MELSECL"}
};
tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_HOLE);
Vendor | Product | Version | CPE |
---|---|---|---|
mitsubishi | melsec_iq-r_rd81mes96n_firmware | cpe:/o:mitsubishi:melsec_iq-r_rd81mes96n_firmware | |
mitsubishi | melsec_lj71e71-100_firmware | cpe:/o:mitsubishi:melsec_lj71e71-100_firmware | |
mitsubishi | melsec_qj71e71-100_firmware | cpe:/o:mitsubishi:melsec_qj71e71-100_firmware |