Lucene search

[email protected]NVD:CVE-2022-33324

HistoryDec 23, 2022 - 3:15 a.m.

CVE-2022-33324

2022-12-2303:15:08

CWE-404

[email protected]

web.nvd.nist.gov

mitsubishi electric

melsec

iq-r series

iq-l series

melipc

denial of service

ethernet communication

firmware vulnerability

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.002 Low

EPSS

Percentile

51.8%

JSON

Improper Resource Shutdown or Release vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series R00/01/02CPU Firmware versions “32” and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions “65” and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R08/16/32/120SFCPU Firmware versions “29” and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R12CCPU-V Firmware versions “17” and prior, Mitsubishi Electric Corporation MELSEC iQ-L Series L04/08/16/32HCPU all versions and Mitsubishi Electric Corporation MELIPC Series MI5122-VW Firmware versions “07” and prior allows a remote unauthenticated attacker to cause a Denial of Service condition in Ethernet communication on the module by sending specially crafted packets. A system reset of the module is required for recovery.

Affected configurations

NVD

Node

mitsubishimelsec_iq-r_r00_cpuMatch-

AND

mitsubishimelsec_iq-r_r00_cpu_firmwareRange<33.0

Node

mitsubishimelsec_iq-r_r01_cpuMatch-

AND

mitsubishimelsec_iq-r_r01_cpu_firmwareRange<33.0

Node

mitsubishimelsec_iq-r_r02_cpuMatch-

AND

mitsubishimelsec_iq-r_r02_cpu_firmwareRange<33.0

Node

mitsubishimelsec_iq-r_r04_cpuMatch-

AND

mitsubishimelsec_iq-r_r04_cpu_firmwareRange<66.0

Node

mitsubishimelsec_iq-r_r08_cpuMatch-

AND

mitsubishimelsec_iq-r_r08_cpu_firmwareRange<66.0

Node

mitsubishimelsec_iq-r_r16_cpuMatch-

AND

mitsubishimelsec_iq-r_r16_cpu_firmwareRange<66.0

Node

mitsubishimelsec_iq-r_r32_cpuMatch-

AND

mitsubishimelsec_iq-r_r32_cpu_firmwareRange<66.0

Node

mitsubishimelsec_iq-r_r120_cpuMatch-

AND

mitsubishimelsec_iq-r_r120_cpu_firmwareRange<66.0

Node

mitsubishimelsec_iq-r_r04_sfcpu_firmware

AND

mitsubishimelsec_iq-r_r04_sfcpuMatch-

Node

mitsubishimelsec_iq-r_r08_sfcpu_firmware

AND

mitsubishimelsec_iq-r_r08_sfcpuMatch-

Node

mitsubishimelsec_iq-r_r120_sfcpu_firmware

AND

mitsubishimelsec_iq-r_r120_sfcpuMatch-

Node

mitsubishimelsec_iq-r_r16_sfcpu_firmware

AND

mitsubishimelsec_iq-r_r16_sfcpuMatch-

Node

mitsubishimelsec_iq-r_r32_sfcpu_firmware

AND

mitsubishimelsec_iq-r_r32_sfcpuMatch-

Node

mitsubishimelsec_iq-r_r12_ccpu-v_firmware

AND

mitsubishimelsec_iq-r_r12_ccpu-vMatch-

Node

mitsubishimelipc_mi5122-vw_firmware

AND

mitsubishimelipc_mi5122-vwMatch-

Node

mitsubishimelsec_iq-l_l04_hcpu_firmware

AND

mitsubishimelsec_iq-l_l04_hcpuMatch-

Node

mitsubishimelsec_iq-l_l08_hcpu_firmware

AND

mitsubishimelsec_iq-l_l08_hcpuMatch-

Node

mitsubishimelsec_iq-l_l16_hcpu_firmware

AND

mitsubishimelsec_iq-l_l16_hcpuMatch-

Node

mitsubishimelsec_iq-l_l32_hcpu_firmware

AND

mitsubishimelsec_iq-l_l32_hcpuMatch-

References

jvn.jp/vu/JVNVU96883262

www.cisa.gov/uscert/ics/advisories/icsa-22-356-03

www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-018_en.pdf

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.002 Low

EPSS

Percentile

51.8%

JSON

Related for NVD:CVE-2022-33324

nessus1 ics1 cve1 cvelist1 prion1