CVE-2022-25163

EUVD-2022-29906

02.06.2022, 18:15

Improper Input Validation vulnerability in Mitsubishi Electric MELSEC-Q Series QJ71E71-100 first 5 digits of serial number "24061" or prior, Mitsubishi Electric MELSEC-L series LJ71E71-100 first 5 digits of serial number "24061" or prior and Mitsubishi Electric MELSEC iQ-R Series RD81MES96N firmware version "08" or prior allows a remote unauthenticated attacker to cause a denial of service (DoS) condition or execute malicious code on the target products by sending specially crafted packets.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	9.8 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 60%

Affected Products (NVD)

Vendor	Product	Version
mitsubishi	melsec_iq-r_rd81mes96n_firmware	𝑥 < 09
mitsubishi	melsec_qj71e71-100_firmware	𝑥 < 24062
mitsubishi	melsec_lj71e71-100_firmware	𝑥 < 24062

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-20 - Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References

https://jvn.jp/vu/JVNVU92561747/index.html

https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-006_en.pdf

https://jvn.jp/vu/JVNVU92561747/index.html

https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-006_en.pdf