Login
Start Free Trial
Research Center
CVE-2022-25161 Research Center

CVE-2022-25161

Improper Input Validation vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U-xMy/z(x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) with serial number 17X**** or later and versions prior to 1.270, Mitsubishi Electric Mitsubishi Electric MELSEC iQ-F series FX5U-xMy/z(x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) with serial number 179**** and prior and versions prior to 1.073, MELSEC iQ-F series FX5UC-xMy/z(x=32,64,96, y=T,R, z=D,DSS) with serial number 17X**** or later and versions prior to 1.270, Mitsubishi Electric MELSEC iQ-F series FX5UC-xMy/z(x=32,64,96, y=T,R, z=D,DSS) with serial number 179**** and prior and versions prior to 1.073, Mitsubishi Electric MELSEC iQ-F series FX5UC-32MT/DS-TS versions prior to 1.270, Mitsubishi Electric MELSEC iQ-F series FX5UC-32MT/DSS-TS versions prior to 1.270, Mitsubishi Electric MELSEC iQ-F series FX5UC-32MR/DS-TS versions prior to 1.270, Mitsubishi Electric MELSEC iQ-F series FX5UJ-xMy/z(x=24,40,60, y=T,R, z=ES,ESS) versions prior to 1.030, Mitsubishi Electric MELSEC iQ-F series FX5UJ-xMy/ES-A(x=24,40,60, y=T,R) versions prior to 1.031 and Mitsubishi Electric MELSEC iQ-F series FX5S-xMy/z(x=30,40,60,80, y=T,R, z=ES,ESS) version 1.000 allows a remote unauthenticated attacker to cause a DoS condition for the product's program execution or communication by sending specially crafted packets. System reset of the product is required for recovery.

  • 8.6 critical severity

  • CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

  • 18/05/2022

Operating Systems 97

Me

Melsec Iq-Fx5s-30mr/es Firmware

by Mitsubishielectric

1 Version

3 months ago

Me

Melsec Iq-Fx5s-30mr/ess Firmware

by Mitsubishielectric

1 Version

3 months ago

Me

Melsec Iq-Fx5s-30mt/es Firmware

by Mitsubishielectric

1 Version

3 months ago

Me

Melsec Iq-Fx5s-30mt/ess Firmware

by Mitsubishielectric

1 Version

3 months ago

Me

Melsec Iq-Fx5s-40mr/es Firmware

by Mitsubishielectric

1 Version

3 months ago

Me

Melsec Iq-Fx5s-40mr/ess Firmware

by Mitsubishielectric

1 Version

3 months ago

Me

Melsec Iq-Fx5s-40mt/es Firmware

by Mitsubishielectric

1 Version

3 months ago

Me

Melsec Iq-Fx5s-40mt/ess Firmware

by Mitsubishielectric

1 Version

3 months ago

Me

Melsec Iq-Fx5s-60mr/es Firmware

by Mitsubishielectric

1 Version

3 months ago

Me

Melsec Iq-Fx5s-60mr/ess Firmware

by Mitsubishielectric

1 Version

3 months ago

Vulnerability Categories 1

Improper Input Validation

xTags 5

#exposed_to_DOS_Attack
#easy_to_exploit
#known_vulnerability
#availability_impact_if_exploited
#new_vulnerability_published

Advisory Links 3

https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-004_en.pdf
https://jvn.jp/vu/JVNVU95926817/index.html
https://www.cisa.gov/uscert/ics/advisories/icsa-22-139-01
http://www.vicarius.io is owned and operated by Vicarius Ltd. (the “Company”). All information contained on the Website is purely for informational, and educational purposes and should be independently verified and confirmed. Vicarius does not accept any liability for any loss or damage whatsoever caused in reliance upon such information or services. No statements or information presented in any form by Vicarius is intended as fact, and you agree that you will not consider the statements or information presented on the Website as fact or as a guarantee of performance.

Related CVEs

Security Research Topics

By John Kilhefner
Aug 09, 2022

Analyzing the Quantum Threat

This isn’t just another “next step” of computing… The application of emerging quantum computing tech in the cybersecurity industry will result in arguably the most significant disruption the world has ever seen. Just how can a new evolution of computing do all this? Through the strange world of quantum mechanics.
By Michael Assraf
Aug 08, 2022

An Origin Story: vsociety

Welcome to vsociety – the open, independent, and user-centered community with features built specifically to make vulnerability research shareable and actionable at scale. We don't make many self-posts, but wanted to share our origins with you...
By M /
Aug 08, 2022

Exploiting Google SLO Generator with Python YAML Deserialization Attack

In this blog post, we will be detailing a new vector to exploit a vulnerable version of Google SLO Generator, a widely used Python library publicly available on Github. In other words, we will be searching for an older version that we can exploit to highlight the importance of keeping software packages up to date.
By John Kilhefner
Aug 08, 2022

Blockchain Security -- The New Threat. Part 1.

A new threat is on the horizon. And this new paradigm promises to be the most profound shift for security professionals since the dot-com boom of the nineties. I’m talking about blockchains and decentralized economies in the 2020s. To get a sense for the scope of change in front of us, we need to take a trip down memory lane – to the advent of the internet.
By Kent Weigle
Aug 05, 2022

CISAnalysis 05 August 2022

CVE-2022-27924, a vulnerability published in May 2022, has been added to CISA's Known Exploited Vulnerabilities Catalog.
last_chanse_02.png

Start Closing Security Gaps

  • Risk reduction from Day 1
  • Fast set-up and deployment
  • Unified platform
  • Full-featured 30-day trial
Get a Demo
Start Free Trial!