PT-2022-3876 · Mitsubishi · Melsec Iq-R Series Rd81Mes96N+2
Published
2022-06-02
·
Updated
2022-06-17
·
CVE-2022-25163
CVSS v2.0
10
Critical
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Mitsubishi Electric MELSEC-Q Series QJ71E71-100 versions with first 5 digits of serial number 24061 or prior
Mitsubishi Electric MELSEC-L Series LJ71E71-100 versions with first 5 digits of serial number 24061 or prior
Mitsubishi Electric MELSEC iQ-R Series RD81MES96N versions with firmware version 08 or prior
Description
The issue is caused by improper input validation, allowing a remote unauthenticated attacker to cause a denial of service (DoS) condition or execute malicious code on the target products by sending specially crafted packets.
Recommendations
For Mitsubishi Electric MELSEC-Q Series QJ71E71-100 with first 5 digits of serial number 24061 or prior, update to a version with a serial number later than 24061.
For Mitsubishi Electric MELSEC-L Series LJ71E71-100 with first 5 digits of serial number 24061 or prior, update to a version with a serial number later than 24061.
For Mitsubishi Electric MELSEC iQ-R Series RD81MES96N with firmware version 08 or prior, update to a firmware version later than 08.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Melsec Iq-R Series Rd81Mes96N
Melsec L Series Lj71E71-100
Melsec Q Series Qj71E71-100