CVE-2022-33324 Information

Description

Improper Resource Shutdown or Release vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series R00/01/02CPU Firmware versions \32\ and prior Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions \65\ and prior Mitsubishi Electric Corporation MELSEC iQ-R Series R08/16/32/120SFCPU all versions Mitsubishi Electric Corporation MELSEC iQ-R Series R12CCPU-V all versions Mitsubishi Electric Corporation MELSEC iQ-L Series L04/08/16/32HCPU all versions and Mitsubishi Electric Corporation MELIPC Series MI5122-VW all versions allows a remote unauthenticated attacker to cause a Denial of Service condition in Ethernet communication on the module by sending specially crafted packets. A system reset of the module is required for recovery.

Reference

https://www.cisa.gov/uscert/ics/advisories/icsa-22-356-03 https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-018_en.pdf https://jvn.jp/vu/JVNVU96883262