PT-2022-25310 · Mitsubishi · Melsec Iq-R Series Rj71En71+1
Published
2022-11-30
·
Updated
2022-12-06
·
CVE-2022-40265
CVSS v3.1
8.6
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Mitsubishi Electric Corporation MELSEC iQ-R Series RJ71EN71 Firmware versions prior to 65
Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120ENCPU Network Part Firmware versions prior to 65
Description
The issue is related to improper input validation, allowing a remote unauthenticated attacker to cause a Denial of Service condition by sending specially crafted packets. A system reset is required for recovery.
Recommendations
For Mitsubishi Electric Corporation MELSEC iQ-R Series RJ71EN71 Firmware versions prior to 65, update to a version later than 65 to resolve the issue.
For Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120ENCPU Network Part Firmware versions prior to 65, update to a version later than 65 to resolve the issue.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Melsec Iq-R Series R04/08/16/32/120(En)Cpu
Melsec Iq-R Series Rj71En71