Mitsubishi (CVE-2022-25161)

high Tenable.ot Plugin ID 500652

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Improper Input Validation vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U-xMy/z(x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) with serial number 17X**** or later and versions prior to 1.270, Mitsubishi Electric Mitsubishi Electric MELSEC iQ-F series FX5U-xMy/z(x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) with serial number 179**** and prior and versions prior to 1.073, MELSEC iQ-F series FX5UC-xMy/z(x=32,64,96, y=T,R, z=D,DSS) with serial number 17X**** or later and versions prior to 1.270, Mitsubishi Electric MELSEC iQ-F series FX5UC- xMy/z(x=32,64,96, y=T,R, z=D,DSS) with serial number 179**** and prior and versions prior to 1.073, Mitsubishi Electric MELSEC iQ-F series FX5UC-32MT/DS-TS versions prior to 1.270, Mitsubishi Electric MELSEC iQ-F series FX5UC-32MT/DSS-TS versions prior to 1.270, Mitsubishi Electric MELSEC iQ-F series FX5UC-32MR/DS-TS versions prior to 1.270, Mitsubishi Electric MELSEC iQ-F series FX5UJ-xMy/z(x=24,40,60, y=T,R, z=ES,ESS) versions prior to 1.030, Mitsubishi Electric MELSEC iQ-F series FX5UJ-xMy/ES-A(x=24,40,60, y=T,R) versions prior to 1.031 and Mitsubishi Electric MELSEC iQ-F series FX5S-xMy/z(x=30,40,60,80, y=T,R, z=ES,ESS) version 1.000 allows a remote unauthenticated attacker to cause a DoS condition for the product's program execution or communication by sending specially crafted packets. System reset of the product is required for recovery.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

See Also

http://www.nessus.org/u?73a9e81b

https://jvn.jp/vu/JVNVU95926817/index.html

https://www.cisa.gov/uscert/ics/advisories/icsa-22-139-01

Plugin Details

Severity: High

ID: 500652

Version: 1.1

Type: remote

Family: Tenable.ot

Published: 6/7/2022

Updated: 6/7/2022

Risk Information

VPR

Risk Factor: Medium

Score: 5.2

CVSS v2

Risk Factor: High

Base Score: 7.8

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS Score Source: CVE-2022-25161

CVSS v3

Risk Factor: High

Base Score: 8.6

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Vulnerability Information

CPE: cpe:/o:mitsubishielectric:melsec_iq-fx5s-30mr%2fes_firmware:1.000, cpe:/o:mitsubishielectric:melsec_iq-fx5s-30mr%2fess_firmware:1.000, cpe:/o:mitsubishielectric:melsec_iq-fx5s-30mt%2fes_firmware:1.000, cpe:/o:mitsubishielectric:melsec_iq-fx5s-30mt%2fess_firmware:1.000, cpe:/o:mitsubishielectric:melsec_iq-fx5s-40mr%2fes_firmware:1.000, cpe:/o:mitsubishielectric:melsec_iq-fx5s-40mr%2fess_firmware:1.000, cpe:/o:mitsubishielectric:melsec_iq-fx5s-40mt%2fes_firmware:1.000, cpe:/o:mitsubishielectric:melsec_iq-fx5s-40mt%2fess_firmware:1.000, cpe:/o:mitsubishielectric:melsec_iq-fx5s-60mr%2fes_firmware:1.000, cpe:/o:mitsubishielectric:melsec_iq-fx5s-60mr%2fess_firmware:1.000, cpe:/o:mitsubishielectric:melsec_iq-fx5s-60mt%2fes_firmware:1.000, cpe:/o:mitsubishielectric:melsec_iq-fx5s-60mt%2fess_firmware:1.000, cpe:/o:mitsubishielectric:melsec_iq-fx5s-80mr%2fes_firmware:1.000, cpe:/o:mitsubishielectric:melsec_iq-fx5s-80mr%2fess_firmware:1.000, cpe:/o:mitsubishielectric:melsec_iq-fx5s-80mt%2fes_firmware:1.000, cpe:/o:mitsubishielectric:melsec_iq-fx5s-80mt%2fess_firmware:1.000, cpe:/o:mitsubishielectric:melsec_iq-fx5u-32mr%2fds_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5u-32mr%2fdss_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5u-32mr%2fes_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5u-32mr%2fess_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5u-32mt%2fds_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5u-32mt%2fdss_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5u-32mt%2fes_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5u-32mt%2fess_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5u-64mr%2fds_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5u-64mr%2fdss_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5u-64mr%2fes_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5u-64mr%2fess_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5u-64mt%2fds_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5u-64mt%2fdss_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5u-64mt%2fes_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5u-64mt%2fess_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5u-80mr%2fds_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5u-80mr%2fdss_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5u-80mr%2fes_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5u-80mr%2fess_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5u-80mt%2fds_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5u-80mt%2fdss_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5u-80mt%2fes_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5u-80mt%2fess_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uc-32mr%2fdds_firmware:1, cpe:/o:mitsubishielectric:melsec_iq-fx5uc-32mr%2fds-ts_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uc-32mr%2fds_firmware:1, cpe:/o:mitsubishielectric:melsec_iq-fx5uc-32mt%2fdds_firmware:1, cpe:/o:mitsubishielectric:melsec_iq-fx5uc-32mt%2fds-ts_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uc-32mt%2fds_firmware:1, cpe:/o:mitsubishielectric:melsec_iq-fx5uc-32mt%2fdss-ts_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uc-64mr%2fdds_firmware:1, cpe:/o:mitsubishielectric:melsec_iq-fx5uc-64mr%2fds_firmware:1, cpe:/o:mitsubishielectric:melsec_iq-fx5uc-64mt%2fdds_firmware:1, cpe:/o:mitsubishielectric:melsec_iq-fx5uc-64mt%2fds_firmware:1, cpe:/o:mitsubishielectric:melsec_iq-fx5uc-96mr%2fdds_firmware:1, cpe:/o:mitsubishielectric:melsec_iq-fx5uc-96mr%2fds_firmware:1, cpe:/o:mitsubishielectric:melsec_iq-fx5uc-96mt%2fdds_firmware:1, cpe:/o:mitsubishielectric:melsec_iq-fx5uc-96mt%2fds_firmware:1, cpe:/o:mitsubishielectric:melsec_iq-fx5uj-24mr%2fes-a_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uj-24mr%2fes_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uj-24mr%2fess_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uj-24mt%2fes-a_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uj-24mt%2fes_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uj-24mt%2fess_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uj-40mr%2fes-a_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uj-40mr%2fes_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uj-40mr%2fess_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uj-40mt%2fes-a_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uj-40mt%2fes_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uj-40mt%2fess_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uj-60mr%2fes-a_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uj-60mr%2fes_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uj-60mr%2fess_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uj-60mt%2fes-a_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uj-60mt%2fes_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uj-60mt%2fess_firmware

Required KB Items: Tenable.ot/Mitsubishi

Exploit Ease: No known exploits are available

Patch Publication Date: 5/18/2022

Vulnerability Publication Date: 5/18/2022

Reference Information

CVE: CVE-2022-25161

CWE: 20