CVE-2022-33324 - Vulnerability Details - OpenCVE

Description

Improper Resource Shutdown or Release vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series R00/01/02CPU Firmware versions "32" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions "65" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R08/16/32/120SFCPU Firmware versions "29" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R08/16/32/120PSFCPU Firmware versions "08" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R12CCPU-V Firmware versions "17" and prior, Mitsubishi Electric Corporation MELSEC iQ-L Series L04/08/16/32HCPU Firmware versions "05" and prior and Mitsubishi Electric Corporation MELIPC Series MI5122-VW Firmware versions "07" and prior allows a remote unauthenticated attacker to cause a Denial of Service condition in Ethernet communication on the module by sending specially crafted packets. A system reset of the module is required for recovery.

Published: 2022-12-23

Score: 7.5 High

EPSS: 1.5% Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Mitsubishi Electric Corporation

MELSEC iQ-R Series R00CPU

unaffected

Version	Status	Constraints
`Firmware versions "32" and prior`	affected	—

Mitsubishi Electric Corporation

MELSEC iQ-R Series R01CPU

unaffected

Version	Status	Constraints
`Firmware versions "32" and prior`	affected	—

Mitsubishi Electric Corporation

MELSEC iQ-R Series R02CPU

unaffected

Version	Status	Constraints
`Firmware versions "32" and prior`	affected	—

Mitsubishi Electric Corporation

MELSEC iQ-R Series R04CPU

unaffected

Version	Status	Constraints
`Firmware versions "65" and prior`	affected	—

Mitsubishi Electric Corporation

MELSEC iQ-R Series R08CPU

unaffected

Version	Status	Constraints
`Firmware versions "65" and prior`	affected	—

Mitsubishi Electric Corporation

MELSEC iQ-R Series R16CPU

unaffected

Version	Status	Constraints
`Firmware versions "65" and prior`	affected	—

Mitsubishi Electric Corporation

MELSEC iQ-R Series R32CPU

unaffected

Version	Status	Constraints
`Firmware versions "65" and prior`	affected	—

Mitsubishi Electric Corporation

MELSEC iQ-R Series R120CPU

unaffected

Version	Status	Constraints
`Firmware versions "65" and prior`	affected	—

Mitsubishi Electric Corporation

MELSEC iQ-R Series R04ENCPU

unaffected

Version	Status	Constraints
`Firmware versions "65" and prior`	affected	—

Mitsubishi Electric Corporation

MELSEC iQ-R Series R08ENCPU

unaffected

Version	Status	Constraints
`Firmware versions "65" and prior`	affected	—

Mitsubishi Electric Corporation

MELSEC iQ-R Series R16ENCPU

unaffected

Version	Status	Constraints
`Firmware versions "65" and prior`	affected	—

Mitsubishi Electric Corporation

MELSEC iQ-R Series R32ENCPU

unaffected

Version	Status	Constraints
`Firmware versions "65" and prior`	affected	—

Mitsubishi Electric Corporation

MELSEC iQ-R Series R120ENCPU

unaffected

Version	Status	Constraints
`Firmware versions "65" and prior`	affected	—

Mitsubishi Electric Corporation

MELSEC iQ-R Series R08SFCPU

unaffected

Version	Status	Constraints
`Firmware versions "29" and prior`	affected	—

Mitsubishi Electric Corporation

MELSEC iQ-R Series R16SFCPU

unaffected

Version	Status	Constraints
`Firmware versions "29" and prior`	affected	—

Mitsubishi Electric Corporation

MELSEC iQ-R Series R32SFCPU

unaffected

Version	Status	Constraints
`Firmware versions "29" and prior`	affected	—

Mitsubishi Electric Corporation

MELSEC iQ-R Series R120SFCPU

unaffected

Version	Status	Constraints
`Firmware versions "29" and prior`	affected	—

Mitsubishi Electric Corporation

MELSEC iQ-R Series R12CCPU-V

unaffected

Version	Status	Constraints
`Firmware versions "17" and prior`	affected	—

Mitsubishi Electric Corporation

MELSEC iQ-L Series L04HCPU

unaffected

Version	Status	Constraints
`Firmware versions "05" and prior`	affected	—

Mitsubishi Electric Corporation

MELSEC iQ-L Series L08HCPU

unaffected

Version	Status	Constraints
`Firmware versions "05" and prior`	affected	—

Mitsubishi Electric Corporation

MELSEC iQ-L Series L16HCPU

unaffected

Version	Status	Constraints
`Firmware versions "05" and prior`	affected	—

Mitsubishi Electric Corporation

MELSEC iQ-L Series L32HCPU

unaffected

Version	Status	Constraints
`Firmware versions "05" and prior`	affected	—

Mitsubishi Electric Corporation

MELIPC Series MI5122-VW

unaffected

Version	Status	Constraints
`Firmware versions "07" and prior`	affected	—

Mitsubishi Electric Corporation

MELSEC iQ-R Series R08PSFCPU

unaffected

Version	Status	Constraints
`Firmware versions "08" and prior`	affected	—

Mitsubishi Electric Corporation

MELSEC iQ-R Series R16PSFCPU

unaffected

Version	Status	Constraints
`Firmware versions "08" and prior`	affected	—

Mitsubishi Electric Corporation

MELSEC iQ-R Series R32PSFCPU

unaffected

Version	Status	Constraints
`Firmware versions "08" and prior`	affected	—

Mitsubishi Electric Corporation

MELSEC iQ-R Series R120PSFCPU

unaffected

Version	Status	Constraints
`Firmware versions "08" and prior`	affected	—

Configuration 1 [-]

AND

cpe:2.3:o:mitsubishi:melsec_iq-r_r00_cpu_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishi:melsec_iq-r_r00_cpu:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:mitsubishi:melsec_iq-r_r01_cpu_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishi:melsec_iq-r_r01_cpu:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:mitsubishi:melsec_iq-r_r02_cpu_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishi:melsec_iq-r_r02_cpu:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:mitsubishi:melsec_iq-r_r04_cpu_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishi:melsec_iq-r_r04_cpu:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:mitsubishi:melsec_iq-r_r08_cpu_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishi:melsec_iq-r_r08_cpu:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:mitsubishi:melsec_iq-r_r16_cpu_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishi:melsec_iq-r_r16_cpu:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:mitsubishi:melsec_iq-r_r32_cpu_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishi:melsec_iq-r_r32_cpu:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:mitsubishi:melsec_iq-r_r120_cpu_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishi:melsec_iq-r_r120_cpu:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:mitsubishi:melsec_iq-r_r04_sfcpu_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishi:melsec_iq-r_r04_sfcpu:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:mitsubishi:melsec_iq-r_r08_sfcpu_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishi:melsec_iq-r_r08_sfcpu:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:mitsubishi:melsec_iq-r_r120_sfcpu_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishi:melsec_iq-r_r120_sfcpu:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:mitsubishi:melsec_iq-r_r16_sfcpu_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishi:melsec_iq-r_r16_sfcpu:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:mitsubishi:melsec_iq-r_r32_sfcpu_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishi:melsec_iq-r_r32_sfcpu:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:mitsubishi:melsec_iq-r_r12_ccpu-v_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishi:melsec_iq-r_r12_ccpu-v:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:mitsubishi:melipc_mi5122-vw_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishi:melipc_mi5122-vw:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:mitsubishi:melsec_iq-l_l04_hcpu_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishi:melsec_iq-l_l04_hcpu:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:mitsubishi:melsec_iq-l_l08_hcpu_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishi:melsec_iq-l_l08_hcpu:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:mitsubishi:melsec_iq-l_l16_hcpu_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishi:melsec_iq-l_l16_hcpu:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:o:mitsubishi:melsec_iq-l_l32_hcpu_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishi:melsec_iq-l_l32_hcpu:-:*:*:*:*:*:*:*

No data.

No data available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2022-36367	Improper Resource Shutdown or Release vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series R00/01/02CPU Firmware versions "32" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions "65" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R08/16/32/120SFCPU Firmware versions "29" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R08/16/32/120PSFCPU Firmware versions "08" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R12CCPU-V Firmware versions "17" and prior, Mitsubishi Electric Corporation MELSEC iQ-L Series L04/08/16/32HCPU Firmware versions "05" and prior and Mitsubishi Electric Corporation MELIPC Series MI5122-VW Firmware versions "07" and prior allows a remote unauthenticated attacker to cause a Denial of Service condition in Ethernet communication on the module by sending specially crafted packets. A system reset of the module is required for recovery.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.01467.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://jvn.jp/vu/JVNVU96883262
https://www.cisa.gov/uscert/ics/advisories/icsa-22-356-03
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-018_en.pdf

History

Thu, 05 Sep 2024 05:45:00 +0000

Type	Values Removed	Values Added
Description	Improper Resource Shutdown or Release vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series R00/01/02CPU Firmware versions "32" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions "65" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R08/16/32/120SFCPU Firmware versions "29" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R12CCPU-V Firmware versions "17" and prior, Mitsubishi Electric Corporation MELSEC iQ-L Series L04/08/16/32HCPU Firmware versions "05" and prior and Mitsubishi Electric Corporation MELIPC Series MI5122-VW Firmware versions "07" and prior allows a remote unauthenticated attacker to cause a Denial of Service condition in Ethernet communication on the module by sending specially crafted packets. A system reset of the module is required for recovery.	Improper Resource Shutdown or Release vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series R00/01/02CPU Firmware versions "32" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions "65" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R08/16/32/120SFCPU Firmware versions "29" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R08/16/32/120PSFCPU Firmware versions "08" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R12CCPU-V Firmware versions "17" and prior, Mitsubishi Electric Corporation MELSEC iQ-L Series L04/08/16/32HCPU Firmware versions "05" and prior and Mitsubishi Electric Corporation MELIPC Series MI5122-VW Firmware versions "07" and prior allows a remote unauthenticated attacker to cause a Denial of Service condition in Ethernet communication on the module by sending specially crafted packets. A system reset of the module is required for recovery.

Subscriptions

Mitsubishi Melipc Mi5122-vw Melipc Mi5122-vw Firmware Melsec Iq-l L04 Hcpu Melsec Iq-l L04 Hcpu Firmware Melsec Iq-l L08 Hcpu Melsec Iq-l L08 Hcpu Firmware Melsec Iq-l L16 Hcpu Melsec Iq-l L16 Hcpu Firmware Melsec Iq-l L32 Hcpu Melsec Iq-l L32 Hcpu Firmware Melsec Iq-r R00 Cpu Melsec Iq-r R00 Cpu Firmware Melsec Iq-r R01 Cpu Melsec Iq-r R01 Cpu Firmware Melsec Iq-r R02 Cpu Melsec Iq-r R02 Cpu Firmware Melsec Iq-r R04 Cpu Melsec Iq-r R04 Cpu Firmware Melsec Iq-r R04 Sfcpu Melsec Iq-r R04 Sfcpu Firmware Melsec Iq-r R08 Cpu Melsec Iq-r R08 Cpu Firmware Melsec Iq-r R08 Sfcpu Melsec Iq-r R08 Sfcpu Firmware Melsec Iq-r R120 Cpu Melsec Iq-r R120 Cpu Firmware Melsec Iq-r R120 Sfcpu Melsec Iq-r R120 Sfcpu Firmware Melsec Iq-r R12 Ccpu-v Melsec Iq-r R12 Ccpu-v Firmware Melsec Iq-r R16 Cpu Melsec Iq-r R16 Cpu Firmware Melsec Iq-r R16 Sfcpu Melsec Iq-r R16 Sfcpu Firmware Melsec Iq-r R32 Cpu Melsec Iq-r R32 Cpu Firmware Melsec Iq-r R32 Sfcpu Melsec Iq-r R32 Sfcpu Firmware

MITRE

Status: PUBLISHED

Assigner: Mitsubishi

Published: 2022-12-23T02:24:15.274Z

Updated: 2024-09-05T05:25:44.061Z

Reserved: 2022-06-14T17:50:53.644Z

Link: CVE-2022-33324

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-12-23T03:15:08.723

Modified: 2024-11-21T07:08:11.880

Link: CVE-2022-33324

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-404

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-33324", "assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad", "state": "PUBLISHED", "assignerShortName": "Mitsubishi", "dateReserved": "2022-06-14T17:50:53.644Z", "datePublished": "2022-12-23T02:24:15.274Z", "dateUpdated": "2024-09-05T05:25:44.061Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "MELSEC iQ-R Series R00CPU", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "Firmware versions \"32\" and prior"}]}, {"defaultStatus": "unaffected", "product": "MELSEC iQ-R Series R01CPU", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "Firmware versions \"32\" and prior"}]}, {"defaultStatus": "unaffected", "product": "MELSEC iQ-R Series R02CPU", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "Firmware versions \"32\" and prior"}]}, {"defaultStatus": "unaffected", "product": "MELSEC iQ-R Series R04CPU", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "Firmware versions \"65\" and prior"}]}, {"defaultStatus": "unaffected", "product": "MELSEC iQ-R Series R08CPU", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "Firmware versions \"65\" and prior"}]}, {"defaultStatus": "unaffected", "product": "MELSEC iQ-R Series R16CPU", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "Firmware versions \"65\" and prior"}]}, {"defaultStatus": "unaffected", "product": "MELSEC iQ-R Series R32CPU", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "Firmware versions \"65\" and prior"}]}, {"defaultStatus": "unaffected", "product": "MELSEC iQ-R Series R120CPU", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "Firmware versions \"65\" and prior"}]}, {"defaultStatus": "unaffected", "product": "MELSEC iQ-R Series R04ENCPU", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "Firmware versions \"65\" and prior"}]}, {"defaultStatus": "unaffected", "product": "MELSEC iQ-R Series R08ENCPU", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "Firmware versions \"65\" and prior"}]}, {"defaultStatus": "unaffected", "product": "MELSEC iQ-R Series R16ENCPU", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "Firmware versions \"65\" and prior"}]}, {"defaultStatus": "unaffected", "product": "MELSEC iQ-R Series R32ENCPU", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "Firmware versions \"65\" and prior"}]}, {"defaultStatus": "unaffected", "product": "MELSEC iQ-R Series R120ENCPU", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "Firmware versions \"65\" and prior"}]}, {"defaultStatus": "unaffected", "product": "MELSEC iQ-R Series R08SFCPU", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "Firmware versions \"29\" and prior"}]}, {"defaultStatus": "unaffected", "product": "MELSEC iQ-R Series R16SFCPU", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "Firmware versions \"29\" and prior"}]}, {"defaultStatus": "unaffected", "product": "MELSEC iQ-R Series R32SFCPU", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "Firmware versions \"29\" and prior"}]}, {"defaultStatus": "unaffected", "product": "MELSEC iQ-R Series R120SFCPU", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "Firmware versions \"29\" and prior"}]}, {"defaultStatus": "unaffected", "product": "MELSEC iQ-R Series R12CCPU-V", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "Firmware versions \"17\" and prior"}]}, {"defaultStatus": "unaffected", "product": "MELSEC iQ-L Series L04HCPU", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "Firmware versions \"05\" and prior"}]}, {"defaultStatus": "unaffected", "product": "MELSEC iQ-L Series L08HCPU", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "Firmware versions \"05\" and prior"}]}, {"defaultStatus": "unaffected", "product": "MELSEC iQ-L Series L16HCPU", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "Firmware versions \"05\" and prior"}]}, {"defaultStatus": "unaffected", "product": "MELSEC iQ-L Series L32HCPU", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "Firmware versions \"05\" and prior"}]}, {"defaultStatus": "unaffected", "product": "MELIPC Series MI5122-VW", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "Firmware versions \"07\" and prior"}]}, {"defaultStatus": "unaffected", "product": "MELSEC iQ-R Series R08PSFCPU", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "Firmware versions \"08\" and prior"}]}, {"defaultStatus": "unaffected", "product": "MELSEC iQ-R Series R16PSFCPU", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "Firmware versions \"08\" and prior"}]}, {"defaultStatus": "unaffected", "product": "MELSEC iQ-R Series R32PSFCPU", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "Firmware versions \"08\" and prior"}]}, {"defaultStatus": "unaffected", "product": "MELSEC iQ-R Series R120PSFCPU", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "Firmware versions \"08\" and prior"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper Resource Shutdown or Release vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series R00/01/02CPU Firmware versions \"32\" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions \"65\" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R08/16/32/120SFCPU Firmware versions \"29\" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R08/16/32/120PSFCPU Firmware versions \"08\" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R12CCPU-V Firmware versions \"17\" and prior, Mitsubishi Electric Corporation MELSEC iQ-L Series L04/08/16/32HCPU Firmware versions \"05\" and prior and Mitsubishi Electric Corporation MELIPC Series MI5122-VW Firmware versions \"07\" and prior allows a remote unauthenticated attacker to cause a Denial of Service condition in Ethernet communication on the module by sending specially crafted packets. A system reset of the module is required for recovery."}], "value": "Improper Resource Shutdown or Release vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series R00/01/02CPU Firmware versions \"32\" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions \"65\" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R08/16/32/120SFCPU Firmware versions \"29\" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R08/16/32/120PSFCPU Firmware versions \"08\" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R12CCPU-V Firmware versions \"17\" and prior, Mitsubishi Electric Corporation MELSEC iQ-L Series L04/08/16/32HCPU Firmware versions \"05\" and prior and Mitsubishi Electric Corporation MELIPC Series MI5122-VW Firmware versions \"07\" and prior allows a remote unauthenticated attacker to cause a Denial of Service condition in Ethernet communication on the module by sending specially crafted packets. A system reset of the module is required for recovery."}], "impacts": [{"descriptions": [{"lang": "en", "value": "Denial of Service"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-404", "description": "CWE-404 Improper Resource Shutdown or Release", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad", "shortName": "Mitsubishi", "dateUpdated": "2024-09-05T05:25:44.061Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-018_en.pdf"}, {"tags": ["government-resource"], "url": "https://jvn.jp/vu/JVNVU96883262"}, {"tags": ["government-resource"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-356-03"}], "source": {"discovery": "UNKNOWN"}, "title": "Denial-of-Service Vulnerability in Ethernet port of MELSEC iQ-R, iQ-L Series and MELIPC Series", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T08:09:21.336Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-018_en.pdf", "tags": ["x_transferred"]}, {"url": "https://jvn.jp/vu/JVNVU96883262", "tags": ["x_transferred"]}, {"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-356-03", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mitsubishi:melsec_iq-r_r00_cpu_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "EFC979CD-10C3-400C-A7EA-9E9B3637E1D7", "versionEndExcluding": "33.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mitsubishi:melsec_iq-r_r00_cpu:-:*:*:*:*:*:*:*", "matchCriteriaId": "FC6B7E9C-C56C-4452-9A8A-3E8BF51ED354", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mitsubishi:melsec_iq-r_r01_cpu_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "7E13BF4F-3D5A-4FAD-BCD8-7261920AE06F", "versionEndExcluding": "33.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mitsubishi:melsec_iq-r_r01_cpu:-:*:*:*:*:*:*:*", "matchCriteriaId": "560D6AFE-4CDC-40D0-8C35-6749375B9B3C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mitsubishi:melsec_iq-r_r02_cpu_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "60BEF351-E337-4302-8D82-E90B2834370F", "versionEndExcluding": "33.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mitsubishi:melsec_iq-r_r02_cpu:-:*:*:*:*:*:*:*", "matchCriteriaId": "E4D5746A-B9BC-4A4C-AF09-D2B16D54BF4D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mitsubishi:melsec_iq-r_r04_cpu_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "0B733AD2-E857-47F4-89D5-A8F8B45F4A52", "versionEndExcluding": "66.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mitsubishi:melsec_iq-r_r04_cpu:-:*:*:*:*:*:*:*", "matchCriteriaId": "DA6B52DA-0EF4-46BF-A36D-92F717F70987", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mitsubishi:melsec_iq-r_r08_cpu_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "94D88549-B35E-4E27-84D1-3A828604BAED", "versionEndExcluding": "66.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mitsubishi:melsec_iq-r_r08_cpu:-:*:*:*:*:*:*:*", "matchCriteriaId": "CF4496AD-1EFC-4B1D-8122-799FA34B40CB", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mitsubishi:melsec_iq-r_r16_cpu_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "64A9C5A6-401D-4E28-A0DB-0BCD84B4E62B", "versionEndExcluding": "66.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mitsubishi:melsec_iq-r_r16_cpu:-:*:*:*:*:*:*:*", "matchCriteriaId": "CA42D2F8-7856-4983-8FA9-0421E039AE8C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mitsubishi:melsec_iq-r_r32_cpu_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3F397671-FF15-45B0-8CEE-BC807B402019", "versionEndExcluding": "66.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mitsubishi:melsec_iq-r_r32_cpu:-:*:*:*:*:*:*:*", "matchCriteriaId": "46D73C1A-3B81-4E81-A56D-0A75CEA4F92C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mitsubishi:melsec_iq-r_r120_cpu_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "4F2250E2-BDB4-4D12-BE4A-9BFBE83736D6", "versionEndExcluding": "66.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mitsubishi:melsec_iq-r_r120_cpu:-:*:*:*:*:*:*:*", "matchCriteriaId": "3EB4326B-B4F4-40DD-8220-204D490FFB38", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mitsubishi:melsec_iq-r_r04_sfcpu_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "608399AA-EC27-4AB2-B78A-1EF604CE9B9C", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mitsubishi:melsec_iq-r_r04_sfcpu:-:*:*:*:*:*:*:*", "matchCriteriaId": "A654F03D-CBAC-45FB-8E5D-248E170C0AAE", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mitsubishi:melsec_iq-r_r08_sfcpu_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "31AC9FB9-1E38-4F72-8C5F-C92D47A859CD", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mitsubishi:melsec_iq-r_r08_sfcpu:-:*:*:*:*:*:*:*", "matchCriteriaId": "781540CA-FCA3-4AA6-8A10-8534C31B34DA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mitsubishi:melsec_iq-r_r120_sfcpu_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "2670099B-E05E-4918-B509-8D501CB60DD5", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mitsubishi:melsec_iq-r_r120_sfcpu:-:*:*:*:*:*:*:*", "matchCriteriaId": "34AA698B-A83A-4844-8E6C-7A674FEACC95", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mitsubishi:melsec_iq-r_r16_sfcpu_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "4D581B2C-94BC-4BBD-B4D2-EC5D4A6503D7", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mitsubishi:melsec_iq-r_r16_sfcpu:-:*:*:*:*:*:*:*", "matchCriteriaId": "6F98C064-A2E6-435C-8EB8-02E51B66ABA4", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mitsubishi:melsec_iq-r_r32_sfcpu_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "35C64BD2-E3E1-42BE-A05F-4AB4EA067BF2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mitsubishi:melsec_iq-r_r32_sfcpu:-:*:*:*:*:*:*:*", "matchCriteriaId": "293AD605-CF64-4136-820D-CCA74979534C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mitsubishi:melsec_iq-r_r12_ccpu-v_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "BD61A664-AB0A-404D-894D-B8923F00F0F2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mitsubishi:melsec_iq-r_r12_ccpu-v:-:*:*:*:*:*:*:*", "matchCriteriaId": "05A9F81B-DA09-483C-899C-05714192031E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mitsubishi:melipc_mi5122-vw_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "36A44C7C-6ABE-42B3-AAE9-D946FA0F35AC", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mitsubishi:melipc_mi5122-vw:-:*:*:*:*:*:*:*", "matchCriteriaId": "C853C13A-91EB-473A-A170-41CD2FF71D67", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mitsubishi:melsec_iq-l_l04_hcpu_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "1F615AE5-A216-4EED-813A-F530AD7BE225", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mitsubishi:melsec_iq-l_l04_hcpu:-:*:*:*:*:*:*:*", "matchCriteriaId": "41167484-1F65-44C1-AB44-FCAAC7CC0D13", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mitsubishi:melsec_iq-l_l08_hcpu_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "EAA81031-EA3F-435A-B65C-8110061DA134", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mitsubishi:melsec_iq-l_l08_hcpu:-:*:*:*:*:*:*:*", "matchCriteriaId": "BCE70487-E8F3-48D7-A4B7-FD85CFACDE81", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mitsubishi:melsec_iq-l_l16_hcpu_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "DAA0255C-5233-485C-A997-606094D90486", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mitsubishi:melsec_iq-l_l16_hcpu:-:*:*:*:*:*:*:*", "matchCriteriaId": "9C91C52A-6ECB-498C-9DB9-563B6E6C6D70", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mitsubishi:melsec_iq-l_l32_hcpu_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "70B58655-D030-4ED1-B412-56F025B069D1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mitsubishi:melsec_iq-l_l32_hcpu:-:*:*:*:*:*:*:*", "matchCriteriaId": "CFCB3495-4859-4935-AB75-549A67E61D43", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Improper Resource Shutdown or Release vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series R00/01/02CPU Firmware versions \"32\" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions \"65\" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R08/16/32/120SFCPU Firmware versions \"29\" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R08/16/32/120PSFCPU Firmware versions \"08\" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R12CCPU-V Firmware versions \"17\" and prior, Mitsubishi Electric Corporation MELSEC iQ-L Series L04/08/16/32HCPU Firmware versions \"05\" and prior and Mitsubishi Electric Corporation MELIPC Series MI5122-VW Firmware versions \"07\" and prior allows a remote unauthenticated attacker to cause a Denial of Service condition in Ethernet communication on the module by sending specially crafted packets. A system reset of the module is required for recovery."}, {"lang": "es", "value": "Vulnerabilidad de liberaci\u00f3n o cierre incorrecto de recursos en Mitsubishi Electric Corporation MELSEC iQ-R Series R00/01/02CPU Firmware versiones \"32\" y anteriores, Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware Versiones \"65\" y anteriores, Mitsubishi Electric Corporation MELSEC iQ-R Series R08/16/32/120SFCPU Versiones de firmware \"29\" y anteriores, Mitsubishi Electric Corporation MELSEC iQ-R Series R12CCPU-V todas las versiones, Mitsubishi Electric Corporation MELSEC iQ- Serie L L04/08/16/32HCPU todas las versiones y Mitsubishi Electric Corporation MELIPC Serie MI5122-VW todas las versiones permiten a un atacante remoto no autenticado provocar una condici\u00f3n de Denegaci\u00f3n de Servicio (DoS) en la comunicaci\u00f3n Ethernet en el m\u00f3dulo mediante el env\u00edo de paquetes especialmente manipulados. Se requiere un reinicio del sistema del m\u00f3dulo para la recuperaci\u00f3n."}], "id": "CVE-2022-33324", "lastModified": "2024-11-21T07:08:11.880", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-12-23T03:15:08.723", "references": [{"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", "tags": ["Third Party Advisory"], "url": "https://jvn.jp/vu/JVNVU96883262"}, {"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", "tags": ["Patch", "Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-356-03"}, {"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", "tags": ["Vendor Advisory"], "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-018_en.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://jvn.jp/vu/JVNVU96883262"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-356-03"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-018_en.pdf"}], "sourceIdentifier": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-404"}], "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-404"}], "source": "nvd@nist.gov", "type": "Primary"}]}