Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.TENABLE_OT_MITSUBISHI_CVE-2022-33324.NASL
HistoryMar 23, 2023 - 12:00 a.m.

Mitsubishi Electric MELSEC iQ-R, iQ-L Series and MELIPC Series Improper Resource Shutdown or Release (CVE-2022-33324)

2023-03-2300:00:00
This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
19
mitsubishi electric
melsec iq-r
melipc
improper resource shutdown
cve-2022-33324
denial of service
ethernet communication
tenable.ot

EPSS

0.002

Percentile

57.8%

JSON

Improper Resource Shutdown or Release vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series R00/01/02CPU Firmware versions 32 and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions 65 and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R08/16/32/120SFCPU Firmware versions 29 and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R12CCPU-V Firmware versions 17 and prior, Mitsubishi Electric Corporation MELSEC iQ-L Series L04/08/16/32HCPU all versions and Mitsubishi Electric Corporation MELIPC Series MI5122-VW all versions allows a remote unauthenticated attacker to cause a Denial of Service condition in Ethernet communication on the module by sending specially crafted packets. A system reset of the module is required for recovery.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(500897);
  script_version("1.6");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/04");

  script_cve_id("CVE-2022-33324");

  script_name(english:"Mitsubishi Electric MELSEC iQ-R, iQ-L Series and MELIPC Series Improper Resource Shutdown or Release (CVE-2022-33324)");

  script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"Improper Resource Shutdown or Release vulnerability in Mitsubishi
Electric Corporation MELSEC iQ-R Series R00/01/02CPU Firmware versions
32 and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series
R04/08/16/32/120(EN)CPU Firmware versions 65 and prior, Mitsubishi
Electric Corporation MELSEC iQ-R Series R08/16/32/120SFCPU Firmware
versions 29 and prior, Mitsubishi Electric Corporation MELSEC iQ-R
Series R12CCPU-V Firmware versions 17 and prior, Mitsubishi Electric
Corporation MELSEC iQ-L Series L04/08/16/32HCPU all versions and
Mitsubishi Electric Corporation MELIPC Series MI5122-VW all versions
allows a remote unauthenticated attacker to cause a Denial of Service
condition in Ethernet communication on the module by sending specially
crafted packets. A system reset of the module is required for
recovery.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
  script_set_attribute(attribute:"see_also", value:"https://www.cisa.gov/uscert/ics/advisories/icsa-22-356-03");
  # https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-018_en.pdf
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?88cf0962");
  script_set_attribute(attribute:"see_also", value:"https://jvn.jp/vu/JVNVU96883262");
  script_set_attribute(attribute:"solution", value:
'The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.

Mitsubishi Electric fixed the following products (and plans future fixes for affected products): 

- MELSEC iQ-R Series R00/01/02CPU: Update to firmware versions "33" or later
- MELSEC iQ-R Series R04/08/16/32/120(EN)CPU: Update to firmware versions "66" or later 

- MELSEC iQ-R Series R08/16/32/120SFCPU: Update to firmware versions "30" or later 

Mitsubishi Electric recommends users take mitigation measures to minimize the risk of exploiting this vulnerability:

- Use a firewall, virtual private network (VPN), or other means to prevent unauthorized access when internet access is
required.
- Use the product inside a local area network (LAN) and use firewalls to block access from untrusted networks and hosts.
- Use an IP filter function to block access from untrusted hosts. For details on the remote password function and IP
filter function, users can refer to the following manual for each product:
    - MELSEC iQ-R Ethernet Userรขย€ย™s Manual (Application) 1.13 Security "IP filter."
    - MELSEC iQ-L CPU module Userรขย€ย™s Manual (Application) 24.1 "IP filter Function."
    - MELSEC iQ-R C Controller Module User\'s Manual (Application) 6.6 Security Function "IP filter."
    - MELIPC MI5000 Series User\'s Manual (Application) "11.3 IP Filter Function."

For specific update instructions and additional details, see the Mitsubishi Electric advisory.');
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-33324");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_cwe_id(404);

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/12/23");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/12/23");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/03/23");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishi:melsec_iq-r_r00_cpu_firmware");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tenable.ot");

  script_copyright(english:"This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("tenable_ot_api_integration.nasl");
  script_require_keys("Tenable.ot/Mitsubishi");

  exit(0);
}


include('tenable_ot_cve_funcs.inc');

get_kb_item_or_exit('Tenable.ot/Mitsubishi');

var asset = tenable_ot::assets::get(vendor:'Mitsubishi');

var vuln_cpes = {
    "cpe:/o:mitsubishi:melsec_iq-r_r00_cpu_firmware" :
        {"versionEndExcluding" : "33.0", "family" : "MELSECiQR"}
};

tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_HOLE);

Related

nvd 1
ics 1
prion 1
cvelist 1
cve 1
nvd
nvd
CVE-2022-33324
2022-12-23 03:15:08
ics
ics
Mitsubishi Electric MELSEC iQ-R, iQ-L Series and MELIPC Series (Update E)
2024-09-05 12:00:00
prion
prion
Design/Logic Flaw
2022-12-23 03:15:00
cvelist
cvelist
CVE-2022-33324 Denial-of-Service Vulnerability in Ethernet port of MELSEC iQ-R, iQ-L Series and MELIPC Series
2022-12-23 02:24:15
cve
cve
CVE-2022-33324
2022-12-23 03:15:08

EPSS

0.002

Percentile

57.8%

JSON
Related for TENABLE_OT_MITSUBISHI_CVE-2022-33324.NASL
nvd1ics1prion1cvelist1cve1