Mitsubishi (CVE-2022-25162)

medium Tenable.ot Plugin ID 500651

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Improper Input Validation vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U-xMy/z(x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) with serial number 17X**** or later and versions prior to 1.270, Mitsubishi Electric Mitsubishi Electric MELSEC iQ-F series FX5U-xMy/z(x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) with serial number 179**** and prior and versions prior to 1.073, MELSEC iQ-F series FX5UC-xMy/z(x=32,64,96, y=T,R, z=D,DSS) with serial number 17X**** or later and versions prior to 1.270, Mitsubishi Electric MELSEC iQ-F series FX5UC- xMy/z(x=32,64,96, y=T,R, z=D,DSS) with serial number 179**** and prior and versions prior to 1.073, Mitsubishi Electric MELSEC iQ-F series FX5UC-32MT/DS-TS versions prior to 1.270, Mitsubishi Electric MELSEC iQ-F series FX5UC-32MT/DSS-TS versions prior to 1.270, Mitsubishi Electric MELSEC iQ-F series FX5UC-32MR/DS-TS versions prior to 1.270, Mitsubishi Electric MELSEC iQ-F series FX5UJ-xMy/z(x=24,40,60, y=T,R, z=ES,ESS) versions prior to 1.030, Mitsubishi Electric MELSEC iQ-F series FX5UJ-xMy/ES-A(x=24,40,60, y=T,R) versions prior to 1.031 and Mitsubishi Electric MELSEC iQ-F series FX5S-xMy/z(x=30,40,60,80, y=T,R, z=ES,ESS) version 1.000 allows a remote unauthenticated attacker to cause a temporary DoS condition for the product's communication by sending specially crafted packets.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

See Also

http://www.nessus.org/u?73a9e81b

https://jvn.jp/vu/JVNVU95926817/index.html

https://www.cisa.gov/uscert/ics/advisories/icsa-22-139-01

Plugin Details

Severity: Medium

ID: 500651

Version: 1.1

Type: remote

Family: Tenable.ot

Published: 6/7/2022

Updated: 6/7/2022

Risk Information

VPR

Risk Factor: Low

Score: 2.2

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS Score Source: CVE-2022-25162

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Vulnerability Information

CPE: cpe:/o:mitsubishielectric:melsec_iq-fx5s-30mr%2fes_firmware:1.000, cpe:/o:mitsubishielectric:melsec_iq-fx5s-30mr%2fess_firmware:1.000, cpe:/o:mitsubishielectric:melsec_iq-fx5s-30mt%2fes_firmware:1.000, cpe:/o:mitsubishielectric:melsec_iq-fx5s-30mt%2fess_firmware:1.000, cpe:/o:mitsubishielectric:melsec_iq-fx5s-40mr%2fes_firmware:1.000, cpe:/o:mitsubishielectric:melsec_iq-fx5s-40mr%2fess_firmware:1.000, cpe:/o:mitsubishielectric:melsec_iq-fx5s-40mt%2fes_firmware:1.000, cpe:/o:mitsubishielectric:melsec_iq-fx5s-40mt%2fess_firmware:1.000, cpe:/o:mitsubishielectric:melsec_iq-fx5s-60mr%2fes_firmware:1.000, cpe:/o:mitsubishielectric:melsec_iq-fx5s-60mr%2fess_firmware:1.000, cpe:/o:mitsubishielectric:melsec_iq-fx5s-60mt%2fes_firmware:1.000, cpe:/o:mitsubishielectric:melsec_iq-fx5s-60mt%2fess_firmware:1.000, cpe:/o:mitsubishielectric:melsec_iq-fx5s-80mr%2fes_firmware:1.000, cpe:/o:mitsubishielectric:melsec_iq-fx5s-80mr%2fess_firmware:1.000, cpe:/o:mitsubishielectric:melsec_iq-fx5s-80mt%2fes_firmware:1.000, cpe:/o:mitsubishielectric:melsec_iq-fx5s-80mt%2fess_firmware:1.000, cpe:/o:mitsubishielectric:melsec_iq-fx5u-32mr%2fds_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5u-32mr%2fdss_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5u-32mr%2fes_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5u-32mr%2fess_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5u-32mt%2fds_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5u-32mt%2fdss_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5u-32mt%2fes_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5u-32mt%2fess_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5u-64mr%2fds_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5u-64mr%2fdss_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5u-64mr%2fes_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5u-64mr%2fess_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5u-64mt%2fds_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5u-64mt%2fdss_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5u-64mt%2fes_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5u-64mt%2fess_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5u-80mr%2fds_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5u-80mr%2fdss_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5u-80mr%2fes_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5u-80mr%2fess_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5u-80mt%2fds_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5u-80mt%2fdss_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5u-80mt%2fes_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5u-80mt%2fess_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uc-32mr%2fdds_firmware:1, cpe:/o:mitsubishielectric:melsec_iq-fx5uc-32mr%2fds-ts_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uc-32mr%2fds_firmware:1, cpe:/o:mitsubishielectric:melsec_iq-fx5uc-32mt%2fdds_firmware:1, cpe:/o:mitsubishielectric:melsec_iq-fx5uc-32mt%2fds-ts_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uc-32mt%2fds_firmware:1, cpe:/o:mitsubishielectric:melsec_iq-fx5uc-32mt%2fdss-ts_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uc-64mr%2fdds_firmware:1, cpe:/o:mitsubishielectric:melsec_iq-fx5uc-64mr%2fds_firmware:1, cpe:/o:mitsubishielectric:melsec_iq-fx5uc-64mt%2fdds_firmware:1, cpe:/o:mitsubishielectric:melsec_iq-fx5uc-64mt%2fds_firmware:1, cpe:/o:mitsubishielectric:melsec_iq-fx5uc-96mr%2fdds_firmware:1, cpe:/o:mitsubishielectric:melsec_iq-fx5uc-96mr%2fds_firmware:1, cpe:/o:mitsubishielectric:melsec_iq-fx5uc-96mt%2fdds_firmware:1, cpe:/o:mitsubishielectric:melsec_iq-fx5uc-96mt%2fds_firmware:1, cpe:/o:mitsubishielectric:melsec_iq-fx5uj-24mr%2fes-a_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uj-24mr%2fes_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uj-24mr%2fess_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uj-24mt%2fes-a_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uj-24mt%2fes_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uj-24mt%2fess_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uj-40mr%2fes-a_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uj-40mr%2fes_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uj-40mr%2fess_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uj-40mt%2fes-a_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uj-40mt%2fes_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uj-40mt%2fess_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uj-60mr%2fes-a_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uj-60mr%2fes_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uj-60mr%2fess_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uj-60mt%2fes-a_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uj-60mt%2fes_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uj-60mt%2fess_firmware

Required KB Items: Tenable.ot/Mitsubishi

Exploit Ease: No known exploits are available

Patch Publication Date: 5/18/2022

Vulnerability Publication Date: 5/18/2022

Reference Information

CVE: CVE-2022-25162

CWE: 20