Detections
Analytics

Mitsubishi Electric MELSEC iQ-R, iQ-L Series and MELIPC Series Improper Resource Shutdown or Release (CVE-2022-33324)

high Tenable OT Security Plugin ID 500897

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Improper Resource Shutdown or Release vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series R00/01/02CPU Firmware versions 32 and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions 65 and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R08/16/32/120SFCPU Firmware versions 29 and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R08/16/32/120PSFCPU Firmware versions 08 and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R12CCPU-V Firmware versions 17 and prior, Mitsubishi Electric Corporation MELSEC iQ-L Series L04/08/16/32HCPU Firmware versions 05 and prior and Mitsubishi Electric Corporation MELIPC Series MI5122-VW Firmware versions 07 and prior allows a remote unauthenticated attacker to cause a Denial of Service condition in Ethernet communication on the module by sending specially crafted packets. A system reset of the module is required for recovery.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Mitsubishi Electric fixed the following products:

- MELSEC iQ-R Series R00CPU: firmware versions 33 or later
- MELSEC iQ-R Series R01CPU: firmware versions 33 or later
- MELSEC iQ-R Series R02CPU: firmware versions 33 or later
- MELSEC iQ-R Series R04(EN)CPU: firmware versions 66 or later
- MELSEC iQ-R Series R08(EN)CPU: firmware versions 66 or later
- MELSEC iQ-R Series R16(EN)CPU: firmware versions 66 or later
- MELSEC iQ-R Series R32(EN)CPU: firmware versions 66 or later
- MELSEC iQ-R Series R120(EN)CPU: firmware versions 66 or later
- MELSEC iQ-R Series R08SFCPU: firmware versions 30 or later
- MELSEC iQ-R Series R16SFCPU: firmware versions 30 or later
- MELSEC iQ-R Series R32SFCPU: firmware versions 30 or later
- MELSEC iQ-R Series R120SFCPU: firmware versions 30 or later
- MELSEC iQ-R Series R08PSFCPU: firmware versions 09 or later
- MELSEC iQ-R Series R16PSFCPU: firmware versions 09 or later
- MELSEC iQ-R Series R32PSFCPU: firmware versions 09 or later
- MELSEC iQ-R Series R120PSFCPU: firmware versions 09 or later
- MELSEC iQ-R Series R12CCPU-V: firmware versions 18 or later
- MELSEC iQ-L Series L04HCPU: firmware versions 06 or later
- MELSEC iQ-L Series L08HCPU: firmware versions 06 or later
- MELSEC iQ-L Series L16HCPU: firmware versions 06 or later
- MELSEC iQ-L Series L32HCPU: firmware versions 06 or later
- MELIPC Series MI5122-VW: firmware versions 08 or later

Mitsubishi Electric offers the following countermeasures for users:

- MELSEC iQ-R series products: Refer to "Appendix 2 Firmware Update Function" in the MELSEC iQ-R Module Configuration Manual to check if the firmware version of your product is updatable.
 - For updatable products: Download a fixed firmware update file from the Mitsubishi Electric site and update the firmware. Refer to "Appendix 2 Firmware Update Function" in the MELSEC iQ-R Module Configuration Manual for information on how to update the firmware.
 - For non-updatable products: Follow the mitigation measures below. Mitsubishi Electric has released fixed versions as shown above, but the products cannot be updated.
- MELIPC Series or MELSEC iQ-L Series products: Follow the mitigation measures below. Mitsubishi Electric has released fixed versions as shown above, but the products cannot be updated.

Mitsubishi Electric recommends users take mitigation measures to minimize the risk of exploiting this vulnerability:

- Use a firewall, virtual private network (VPN), or other means to prevent unauthorized access when internet access is required.
- Use the product inside a local area network (LAN) and use firewalls to block access from untrusted networks and hosts.
- Use an IP filter function to block access from untrusted hosts. For details on the remote password function and IP filter function, users can refer to the following manual for each product:
 - MELSEC iQ-R Ethernet User's Manual (Application) 1.13 Security "IP filter."
 - MELSEC iQ-L CPU module User's Manual (Application) 24.1 "IP filter Function."
 - MELSEC iQ-R C Controller Module User's Manual (Application) 6.6 Security Function "IP filter."
 - MELIPC MI5000 Series User's Manual (Application) "11.3 IP Filter Function."

For specific update instructions and additional details, see Mitsubishi Electric advisory 2022-018.

See Also

https://www.cisa.gov/uscert/ics/advisories/icsa-22-356-03

http://www.nessus.org/u?88cf0962

https://jvn.jp/vu/JVNVU96883262

Plugin Details

Severity: High

ID: 500897

File Name: tenable_ot_mitsubishi_CVE-2022-33324.nasl

Version: 1.20

Type: remote

Family: Tenable.ot

Published: 3/23/2023

Updated: 2/14/2026

Supported Sensors: Tenable OT Security

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 5.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS Score Source: CVE-2022-33324

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:mitsubishi:melsec_iq-r_r00_cpu_firmware

Required KB Items: Tenable.ot/Mitsubishi

Exploit Ease: No known exploits are available

Patch Publication Date: 12/23/2022

Vulnerability Publication Date: 12/23/2022

Reference Information

CVE: CVE-2022-33324

CWE: 404

ICSA: 22-356-03