Improper Input Validation vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series RJ71EN71 Firmware version 65 and prior and Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120ENCPU Network Part Firmware version 65 and prior allows a remote unauthenticated attacker to cause a Denial of Service condition by sending specially crafted packets. A system reset is required for recovery.
This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(500712);
script_version("1.8");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/04");
script_cve_id("CVE-2022-40265");
script_name(english:"Mitsubishi Electric MELSEC iQ-R Series Improper Input Validation (CVE-2022-40265)");
script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
script_set_attribute(attribute:"description", value:
"Improper Input Validation vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series RJ71EN71 Firmware version
65 and prior and Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120ENCPU Network Part Firmware version
65 and prior allows a remote unauthenticated attacker to cause a Denial of Service condition by sending specially
crafted packets. A system reset is required for recovery.
- Improper Input Validation vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series RJ71EN71
Firmware version 65 and prior and Mitsubishi Electric Corporation MELSEC iQ-R Series
R04/08/16/32/120ENCPU Network Part Firmware version 65 and prior allows a remote unauthenticated
attacker to cause a Denial of Service condition by sending specially crafted packets. A system reset is
required for recovery. (CVE-2022-40265)
This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information.");
script_set_attribute(attribute:"see_also", value:"https://jvn.jp/vu/JVNVU94702422");
script_set_attribute(attribute:"see_also", value:"https://www.cisa.gov/news-events/ics-advisories/icsa-22-335-01");
# https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-017_en.pdf
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?b586e1ff");
script_set_attribute(attribute:"solution", value:
"The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.
Mitsubishi Electric has fixed the vulnerability in the following MELSEC iQ-R Series products:
- RJ71EN71: Update firmware version to â66â or later.
- R04/08/16/32/120ENCPU: Update network part firmware version to â66â or later.
Users should refer to the following product manual for instructions to update firmware:
- MELSEC iQ-R Module Configuration Manual âFirmware Update Function.â
Mitsubishi Electric recommends users take the following mitigation measures to minimize the risk of an unauthenticated
user exploiting this vulnerability:
- Use a firewall, virtual private network (VPN), etc. to prevent unauthorized access when internet access is required.
- Use the product within a local area network (LAN)
- Block access from untrusted networks and hosts through firewalls.
- Use the IP filter function to restrict the accessible IP addresses.
Note: For using the IP filter function, users should see MELSEC iQ-R Ethernet Userâs Manual (Application) Security âIP
filterâ
Users can refer to the Mitsubishi Electric advisory for further details.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-40265");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(20);
script_set_attribute(attribute:"vuln_publication_date", value:"2022/11/30");
script_set_attribute(attribute:"patch_publication_date", value:"2022/11/30");
script_set_attribute(attribute:"plugin_publication_date", value:"2022/12/06");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:r04encpu_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:r08encpu_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:r120encpu_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:r16encpu_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:r32encpu_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:rj71en71_firmware");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Tenable.ot");
script_copyright(english:"This script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("tenable_ot_api_integration.nasl");
script_require_keys("Tenable.ot/Mitsubishi");
exit(0);
}
include('tenable_ot_cve_funcs.inc');
get_kb_item_or_exit('Tenable.ot/Mitsubishi');
var asset = tenable_ot::assets::get(vendor:'Mitsubishi');
var vuln_cpes = {
"cpe:/o:mitsubishielectric:rj71en71_firmware" :
{"versionEndIncluding" : "65", "family" : "MELSECiQRCP"},
"cpe:/o:mitsubishielectric:r04encpu_firmware" :
{"versionEndIncluding" : "65", "family" : "MELSECiQR"},
"cpe:/o:mitsubishielectric:r08encpu_firmware" :
{"versionEndIncluding" : "65", "family" : "MELSECiQR"},
"cpe:/o:mitsubishielectric:r16encpu_firmware" :
{"versionEndIncluding" : "65", "family" : "MELSECiQR"},
"cpe:/o:mitsubishielectric:r32encpu_firmware" :
{"versionEndIncluding" : "65", "family" : "MELSECiQR"},
"cpe:/o:mitsubishielectric:r120encpu_firmware" :
{"versionEndIncluding" : "65", "family" : "MELSECiQR"}
};
tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_HOLE);
Vendor | Product | Version | CPE |
---|---|---|---|
mitsubishielectric | r04encpu_firmware | cpe:/o:mitsubishielectric:r04encpu_firmware | |
mitsubishielectric | r08encpu_firmware | cpe:/o:mitsubishielectric:r08encpu_firmware | |
mitsubishielectric | r120encpu_firmware | cpe:/o:mitsubishielectric:r120encpu_firmware | |
mitsubishielectric | r16encpu_firmware | cpe:/o:mitsubishielectric:r16encpu_firmware | |
mitsubishielectric | r32encpu_firmware | cpe:/o:mitsubishielectric:r32encpu_firmware | |
mitsubishielectric | rj71en71_firmware | cpe:/o:mitsubishielectric:rj71en71_firmware |