Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ptsecurityPositive TechnologiesPT-2021-15
HistoryDec 15, 2021 - 12:00 a.m.

PT-2021-15: Denial of Service when Processing File with Incorrect Header Content in FX5U(C) CPU and FX5UJ CPU modules

2021-12-1500:00:00
Positive Technologies
www.ptsecurity.com
11
vulnerability
denial of service
fx5u(c)
fx5uj
mitsubishi electric
processing file
incorrect header content

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

EPSS

0.002

Percentile

51.5%

JSON

PT-2021-15: Denial of Service when Processing File with Incorrect Header Content in FX5U© CPU and FX5UJ CPU modules

FX5U© CPU and FX5UJ CPU modules

Severity level

Severity level: Medium
Impact: Denial of Service when Processing File with Incorrect Header Content in FX5U© CPU and FX5UJ CPU modules
Access Vector: Remote

CVSS v3.0
Base Score: 5,3
Vector: (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVE-2022-25162

Vulnerability description:

The vulnerability of the FX5U© CPU and FX5UJ CPU modules of Mitsubishi Electric FA products is associated with processing file with incorrect header content. Exploitation of the vulnerability allows an attacker to implement a Denial of Service when creating a file with a nonstandard structure and writing an incorrect header to it.

Advisory status

15.12.2021 - Vendor gets vulnerability details
17.05.2022 - Security advisory publication date (<https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-004_en.pdf&gt;)

Credits

The vulnerability was detected by Anton Dorfman (Positive Technologies)

Related

prion 1
nessus 1
nvd 1
cvelist 1
cve 1
ics 2
prion
prion
Input validation
2022-05-18 17:15:00
nessus
nessus
Mitsubishi Electric MELSEC iQ-F Series Improper Input Validation (CVE-2022-25162)
2022-06-07 00:00:00
nvd
nvd
CVE-2022-25162
2022-05-18 17:15:08
cvelist
cvelist
CVE-2022-25162
2022-05-18 16:34:50
cve
cve
CVE-2022-25162
2022-05-18 17:15:08
ics
ics
Mitsubishi Electric MELSEC iQ-F Series (Update A)
2022-06-06 12:00:00
Mitsubishi Electric MELSEC iQ-F Series (Update B)
2023-02-28 12:00:00

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

EPSS

0.002

Percentile

51.5%

JSON
Related for PT-2021-15
prion1nessus1nvd1cvelist1cve1ics2