CVE-2022-25161 Information

Description

Improper Input Validation vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U-xMy/z(x=326480 y=TR z=ESDSESSDSS) with serial number 17X or later and versions prior to 1.270 Mitsubishi Electric Mitsubishi Electric MELSEC iQ-F series FX5U-xMy/z(x=326480 y=TR z=ESDSESSDSS) with serial number 179 and prior and versions prior to 1.073 MELSEC iQ-F series FX5UC-xMy/z(x=326496 y=TR z=DDSS) with serial number 17X or later and versions prior to 1.270 Mitsubishi Electric MELSEC iQ-F series FX5UC-xMy/z(x=326496 y=TR z=DDSS) with serial number 179 and prior and versions prior to 1.073 Mitsubishi Electric MELSEC iQ-F series FX5UC-32MT/DS-TS versions prior to 1.270 Mitsubishi Electric MELSEC iQ-F series FX5UC-32MT/DSS-TS versions prior to 1.270 Mitsubishi Electric MELSEC iQ-F series FX5UC-32MR/DS-TS versions prior to 1.270 Mitsubishi Electric MELSEC iQ-F series FX5UJ-xMy/z(x=244060 y=TR z=ESESS) versions prior to 1.030 Mitsubishi Electric MELSEC iQ-F series FX5UJ-xMy/ES-A(x=244060 y=TR) versions prior to 1.031 and Mitsubishi Electric MELSEC iQ-F series FX5S-xMy/z(x=30406080 y=TR z=ESESS) version 1.000 allows a remote unauthenticated attacker to cause a DoS condition for the product’s program execution or communication by sending specially crafted packets. System reset of the product is required for recovery.

Reference

https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-004_en.pdf https://jvn.jp/vu/JVNVU95926817/index.html https://www.cisa.gov/uscert/ics/advisories/icsa-22-139-01