CVE-2022-25163 - OpenCVE

Improper Input Validation vulnerability in Mitsubishi Electric MELSEC-Q Series QJ71E71-100 first 5 digits of serial number "24061" or prior, Mitsubishi Electric MELSEC-L series LJ71E71-100 first 5 digits of serial number "24061" or prior and Mitsubishi Electric MELSEC iQ-R Series RD81MES96N firmware version "08" or prior allows a remote unauthenticated attacker to cause a denial of service (DoS) condition or execute malicious code on the target products by sending specially crafted packets.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Mitsubishi	Melsec Lj71e71-100 Melsec Qj71e71-100 Firmware Melsec Lj71e71-100 Firmware Melsec Iq-r Rd81mes96n Firmware Melsec Iq-r Rd81mes96n
Mistubishi	Melsec Qj71e71-100

Configuration 1 [-]

AND

cpe:2.3:o:mitsubishi:melsec_iq-r_rd81mes96n_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishi:melsec_iq-r_rd81mes96n:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:mitsubishi:melsec_qj71e71-100_firmware:*:*:*:*:*:*:*:f

cpe:2.3:h:mistubishi:melsec_qj71e71-100:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:mitsubishi:melsec_lj71e71-100_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishi:melsec_lj71e71-100:-:*:*:*:*:*:*:*

References

Link	Resource
https://jvn.jp/vu/JVNVU92561747/index.html	Third Party Advisory
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-006_en.pdf	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Mitsubishi

Published: 2022-06-02T16:54:11

Updated: 2022-06-02T16:54:11

Reserved: 2022-02-14T00:00:00

Link: CVE-2022-25163

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-06-02T18:15:09.527

Modified: 2022-06-17T14:26:55.340

Link: CVE-2022-25163

JSON object: View

Redhat Information

No data.

CWE

CWE-20

{"containers": {"cna": {"affected": [{"product": "Mitsubishi Electric MELSEC-Q Series QJ71E71-100; Mitsubishi Electric MELSEC-L series LJ71E71-100; Mitsubishi Electric MELSEC iQ-R Series RD81MES96N", "vendor": "n/a", "versions": [{"status": "affected", "version": "Mitsubishi Electric MELSEC-Q Series QJ71E71-100 first 5 digits of serial number \"24061\" or prior"}, {"status": "affected", "version": "Mitsubishi Electric MELSEC-L series LJ71E71-100 first 5 digits of serial number \"24061\" or prior"}, {"status": "affected", "version": "Mitsubishi Electric MELSEC iQ-R Series RD81MES96N firmware version \"08\" or prior"}]}], "descriptions": [{"lang": "en", "value": "Improper Input Validation vulnerability in Mitsubishi Electric MELSEC-Q Series QJ71E71-100 first 5 digits of serial number \"24061\" or prior, Mitsubishi Electric MELSEC-L series LJ71E71-100 first 5 digits of serial number \"24061\" or prior and Mitsubishi Electric MELSEC iQ-R Series RD81MES96N firmware version \"08\" or prior allows a remote unauthenticated attacker to cause a denial of service (DoS) condition or execute malicious code on the target products by sending specially crafted packets."}], "problemTypes": [{"descriptions": [{"description": "Improper Input Validation", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-06-02T16:54:11", "orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad", "shortName": "Mitsubishi"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-006_en.pdf"}, {"tags": ["x_refsource_MISC"], "url": "https://jvn.jp/vu/JVNVU92561747/index.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", "ID": "CVE-2022-25163", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Mitsubishi Electric MELSEC-Q Series QJ71E71-100; Mitsubishi Electric MELSEC-L series LJ71E71-100; Mitsubishi Electric MELSEC iQ-R Series RD81MES96N", "version": {"version_data": [{"version_value": "Mitsubishi Electric MELSEC-Q Series QJ71E71-100 first 5 digits of serial number \"24061\" or prior"}, {"version_value": "Mitsubishi Electric MELSEC-L series LJ71E71-100 first 5 digits of serial number \"24061\" or prior"}, {"version_value": "Mitsubishi Electric MELSEC iQ-R Series RD81MES96N firmware version \"08\" or prior"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Improper Input Validation vulnerability in Mitsubishi Electric MELSEC-Q Series QJ71E71-100 first 5 digits of serial number \"24061\" or prior, Mitsubishi Electric MELSEC-L series LJ71E71-100 first 5 digits of serial number \"24061\" or prior and Mitsubishi Electric MELSEC iQ-R Series RD81MES96N firmware version \"08\" or prior allows a remote unauthenticated attacker to cause a denial of service (DoS) condition or execute malicious code on the target products by sending specially crafted packets."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Improper Input Validation"}]}]}, "references": {"reference_data": [{"name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-006_en.pdf", "refsource": "MISC", "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-006_en.pdf"}, {"name": "https://jvn.jp/vu/JVNVU92561747/index.html", "refsource": "MISC", "url": "https://jvn.jp/vu/JVNVU92561747/index.html"}]}}}}, "cveMetadata": {"assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad", "assignerShortName": "Mitsubishi", "cveId": "CVE-2022-25163", "datePublished": "2022-06-02T16:54:11", "dateReserved": "2022-02-14T00:00:00", "dateUpdated": "2022-06-02T16:54:11", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mitsubishi:melsec_iq-r_rd81mes96n_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "EEED33FF-797E-483C-9425-BC2E1C61BA8D", "versionEndExcluding": "09", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mitsubishi:melsec_iq-r_rd81mes96n:-:*:*:*:*:*:*:*", "matchCriteriaId": "0645C132-7D68-4F30-B307-BE374C05078C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mitsubishi:melsec_qj71e71-100_firmware:*:*:*:*:*:*:*:f", "matchCriteriaId": "AB9663B8-FB95-43B6-8D43-66E2E6D58D34", "versionEndExcluding": "24062", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mistubishi:melsec_qj71e71-100:-:*:*:*:*:*:*:*", "matchCriteriaId": "AB6F085D-9389-4C55-8648-1319D9B324DD", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mitsubishi:melsec_lj71e71-100_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "CCCFACB4-9F1C-47AA-AD21-75B18F5E37DB", "versionEndExcluding": "24062", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mitsubishi:melsec_lj71e71-100:-:*:*:*:*:*:*:*", "matchCriteriaId": "4366844C-D226-4C08-9911-BB699216224F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Improper Input Validation vulnerability in Mitsubishi Electric MELSEC-Q Series QJ71E71-100 first 5 digits of serial number \"24061\" or prior, Mitsubishi Electric MELSEC-L series LJ71E71-100 first 5 digits of serial number \"24061\" or prior and Mitsubishi Electric MELSEC iQ-R Series RD81MES96N firmware version \"08\" or prior allows a remote unauthenticated attacker to cause a denial of service (DoS) condition or execute malicious code on the target products by sending specially crafted packets."}, {"lang": "es", "value": "Una vulnerabilidad de comprobaci\u00f3n de entrada inapropiada en Mitsubishi Electric MELSEC-Q Series QJ71E71-100 primeros 5 d\u00edgitos del n\u00famero de serie \"24061\" o anterior, Mitsubishi Electric MELSEC-L series LJ71E71-100 primeros 5 d\u00edgitos del n\u00famero de serie \"24061\" o anterior y Mitsubishi Electric MELSEC iQ-R Series RD81MES96N versi\u00f3n de firmware \"08\" o anterior permite a un atacante remoto no autenticado causar una condici\u00f3n de denegaci\u00f3n de servicio (DoS) o ejecutar c\u00f3digo malicioso en los productos de destino mediante el env\u00edo de paquetes especialmente dise\u00f1ados"}], "id": "CVE-2022-25163", "lastModified": "2022-06-17T14:26:55.340", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-06-02T18:15:09.527", "references": [{"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", "tags": ["Third Party Advisory"], "url": "https://jvn.jp/vu/JVNVU92561747/index.html"}, {"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", "tags": ["Vendor Advisory"], "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-006_en.pdf"}], "sourceIdentifier": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}