← Back

CVE-2022-25163

nvd nist
Published: Jun 2, 2022Modified: Nov 21, 2024

JSON object

Loading...
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD

Description

Improper Input Validation vulnerability in Mitsubishi Electric MELSEC-Q Series QJ71E71-100 first 5 digits of serial number "24061" or prior, Mitsubishi Electric MELSEC-L series LJ71E71-100 first 5 digits of serial number "24061" or prior and Mitsubishi Electric MELSEC iQ-R Series RD81MES96N firmware version "08" or prior allows a remote unauthenticated attacker to cause a denial of service (DoS) condition or execute malicious code on the target products by sending specially crafted packets.

Affected (3)

Mitsubishi
3 products
Melsec Iq R Rd81mes96n Firmware
Melsec Qj71e71 100 Firmware
Melsec Lj71e71 100 Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Melsec Iq R Rd81mes96n Firmware
Before 09
Running on/withPlatform Versions
Mitsubishi
Melsec Iq R Rd81mes96n
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Melsec Qj71e71 100 Firmware
Before 24062
Running on/withPlatform Versions
Mistubishi
Melsec Qj71e71 100
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Melsec Lj71e71 100 Firmware
Before 24062
Running on/withPlatform Versions
Mitsubishi
Melsec Lj71e71 100
All versions

Related CWEs

CWE-20
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (4)

Source: Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
Third Party Advisory
Source: Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.