PT-2021-7079 · Mitsubishi · Melsec Iq-F Series Fx5Uc-32Mr/Ds-Ts+2

Anton Dorfman

·

Published

2021-12-15

·

Updated

2022-06-06

·

CVE-2022-25162

CVSS v3.1

5.3

Medium

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Name of the Vulnerable Software and Affected Versions Mitsubishi Electric MELSEC iQ-F series FX5U-xMy/z versions prior to 1.270 Mitsubishi Electric MELSEC iQ-F series FX5U-xMy/z with serial number 179**** and prior versions prior to 1.073 Mitsubishi Electric MELSEC iQ-F series FX5UC-xMy/z versions prior to 1.270 Mitsubishi Electric MELSEC iQ-F series FX5UC-xMy/z with serial number 179**** and prior versions prior to 1.073 Mitsubishi Electric MELSEC iQ-F series FX5UC-32MT/DS-TS versions prior to 1.270 Mitsubishi Electric MELSEC iQ-F series FX5UC-32MT/DSS-TS versions prior to 1.270 Mitsubishi Electric MELSEC iQ-F series FX5UC-32MR/DS-TS versions prior to 1.270 Mitsubishi Electric MELSEC iQ-F series FX5UJ-xMy/z versions prior to 1.030 Mitsubishi Electric MELSEC iQ-F series FX5UJ-xMy/ES-A versions prior to 1.031 Mitsubishi Electric MELSEC iQ-F series FX5S-xMy/z version 1.000
Description The issue is related to improper input validation, allowing a remote unauthenticated attacker to cause a temporary denial of service condition for the product's communication by sending specially crafted packets. This can be exploited by sending a specially formed file, enabling an attacker to disrupt the service.
Recommendations For Mitsubishi Electric MELSEC iQ-F series FX5U-xMy/z versions prior to 1.270, update to version 1.270 or later. For Mitsubishi Electric MELSEC iQ-F series FX5U-xMy/z with serial number 179**** and prior versions prior to 1.073, update to version 1.073 or later. For Mitsubishi Electric MELSEC iQ-F series FX5UC-xMy/z versions prior to 1.270, update to version 1.270 or later. For Mitsubishi Electric MELSEC iQ-F series FX5UC-xMy/z with serial number 179**** and prior versions prior to 1.073, update to version 1.073 or later. For Mitsubishi Electric MELSEC iQ-F series FX5UC-32MT/DS-TS versions prior to 1.270, update to version 1.270 or later. For Mitsubishi Electric MELSEC iQ-F series FX5UC-32MT/DSS-TS versions prior to 1.270, update to version 1.270 or later. For Mitsubishi Electric MELSEC iQ-F series FX5UC-32MR/DS-TS versions prior to 1.270, update to version 1.270 or later. For Mitsubishi Electric MELSEC iQ-F series FX5UJ-xMy/z versions prior to 1.030, update to version 1.030 or later. For Mitsubishi Electric MELSEC iQ-F series FX5UJ-xMy/ES-A versions prior to 1.031, update to version 1.031 or later. For Mitsubishi Electric MELSEC iQ-F series FX5S-xMy/z version 1.000, update to a version later than 1.000.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

BDU:2022-03241
CVE-2022-25162

Affected Products

Melsec Iq-F Series Fx5S-Xmy/Z
Melsec Iq-F Series Fx5Uc-32Mr/Ds-Ts
Melsec Iq-F Series Fx5Uj-Xmy/Es-A