MidnightBSD

Advisories for mitsubishi

CVE-2021-20589 MEDIUM

Buffer access with incorrect length value vulnerability in GOT2000 series GT27 model communication driver versions 01.19.000 through 01.38.000, GT25 model communication driver versions 01.19.000 through 01.38.000, GT23 model communication driver versions 01.19.000 through 01.38.000 and GT21 model communication driver versions 01.21.000 through 01.39.000, GOT SIMPLE series GS21 model communication driver versions 01.21.000 through 01.39.000, GT SoftGOT2000 versions 1.170C through 1.250L and Tension Controller LE7-40GU-L Screen package data for MODBUS/TCP V1.00 allows a remote unauthenticated attacker to stop the communication function of the products via specially crafted packets.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
mitsubishi gt27_firmware *
mitsubishi gt21_firmware *
mitsubishi gt_softgot2000_firmware *
mitsubishi gt25_firmware *
mitsubishi gt23_firmware *
mitsubishi gs21_firmware *
CVE-2021-20593 MEDIUM

Incorrect Implementation of Authentication Algorithm in Mitsubishi Electric Air Conditioning System/Centralized Controllers (G-50A Ver.2.50 to Ver. 3.35, GB-50A Ver.2.50 to Ver. 3.35, AG-150A-A Ver.3.20 and prior, AG-150A-J Ver.3.20 and prior, GB-50ADA-A Ver.3.20 and prior, GB-50ADA-J Ver.3.20 and prior, EB-50GU-A Ver 7.09 and prior, EB-50GU-J Ver 7.09 and prior, AE-200A Ver 7.93 and prior, AE-200E Ver 7.93 and prior, AE-50A Ver 7.93 and prior, AE-50E Ver 7.93 and prior, EW-50A Ver 7.93 and prior, EW-50E Ver 7.93 and prior, TE-200A Ver 7.93 and prior, TE-50A Ver 7.93 and prior, TW-50A Ver 7.93 and prior, CMS-RMD-J Ver.1.30 and prior) and Air Conditioning System/Expansion Controllers (PAC-YG50ECA Ver.2.20 and prior) allows a remote authenticated attacker to impersonate administrators to disclose configuration information of the air conditioning system and tamper information (e.g. operation information and configuration of air conditioning system) by exploiting this vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N 2.8 4.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
mitsubishi te-200a_firmware *
mitsubishi ae-200e_firmware *
mitsubishi gb-50ada-j_firmware *
mitsubishi ae-50e_firmware *
mitsubishi te-50a_firmware *
mitsubishi ag-150a-a_firmware *
mitsubishi ew-50e_firmware *
mitsubishi ew-50a_firmware *
mitsubishi gb-50a_firmware *
mitsubishi ae-200a_firmware *
mitsubishi tw-50a_firmware *
mitsubishi ae-50a_firmware *
mitsubishi eb-50gu-a_firmware *
mitsubishi eb-50gu-j_firmware *
mitsubishi cms-rmd-j_firmware *
mitsubishi g-50a_firmware *
mitsubishi pac-yg50eca_firmware *
mitsubishi ag-150a-j_firmware *
mitsubishi gb-50ada-a_firmware *
CVE-2021-20595 HIGH

Improper Restriction of XML External Entity Reference vulnerability in Mitsubishi Electric Air Conditioning System/Centralized Controllers (G-50A Ver.3.35 and prior, GB-50A Ver.3.35 and prior, GB-24A Ver.9.11 and prior, AG-150A-A Ver.3.20 and prior, AG-150A-J Ver.3.20 and prior, GB-50ADA-A Ver.3.20 and prior, GB-50ADA-J Ver.3.20 and prior, EB-50GU-A Ver 7.09 and prior, EB-50GU-J Ver 7.09 and prior, AE-200A Ver 7.93 and prior, AE-200E Ver 7.93 and prior, AE-50A Ver 7.93 and prior, AE-50E Ver 7.93 and prior, EW-50A Ver 7.93 and prior, EW-50E Ver 7.93 and prior, TE-200A Ver 7.93 and prior, TE-50A Ver 7.93 and prior, TW-50A Ver 7.93 and prior, CMS-RMD-J Ver.1.30 and prior), Air Conditioning System/Expansion Controllers (PAC-YG50ECA Ver.2.20 and prior) and Air Conditioning System/BM adapter(BAC-HD150 Ver.2.21 and prior) allows a remote unauthenticated attacker to disclose some of data in the air conditioning system or cause a DoS condition by sending specially crafted packets.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.2 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H 3.9 4.2

CVSS 2.0

Severity: HIGH

Problem Type: CWE-611,

Products Affected

Vendor Product Version
mitsubishi te-200a_firmware *
mitsubishi ae-200e_firmware *
mitsubishi gb-50ada-j_firmware *
mitsubishi ae-50e_firmware *
mitsubishi te-50a_firmware *
mitsubishi ag-150a-a_firmware *
mitsubishi ew-50e_firmware *
mitsubishi ew-50a_firmware *
mitsubishi gb-50a_firmware *
mitsubishi ae-200a_firmware *
mitsubishi tw-50a_firmware *
mitsubishi ae-50a_firmware *
mitsubishi eb-50gu-a_firmware *
mitsubishi eb-50gu-j_firmware *
mitsubishi cms-rmd-j_firmware *
mitsubishi g-50a_firmware *
mitsubishi pac-yg50eca_firmware *
mitsubishi ag-150a-j_firmware *
mitsubishi gb-50ada-a_firmware *
CVE-2021-20609 HIGH

Uncontrolled Resource Consumption vulnerability in Mitsubishi Electric MELSEC iQ-R Series R00/01/02CPU, MELSEC iQ-R Series R04/08/16/32/120(EN)CPU, MELSEC iQ-R Series R08/16/32/120SFCPU, MELSEC iQ-R Series R08/16/32/120PCPU, MELSEC iQ-R Series R08/16/32/120PSFCPU, MELSEC iQ-R Series R16/32/64MTCPU, MELSEC iQ-R Series R12CCPU-V, MELSEC Q Series Q03UDECPU, MELSEC Q Series Q04/06/10/13/20/26/50/100UDEHCPU, MELSEC Q Series Q03/04/06/13/26UDVCPU, MELSEC Q Series Q04/06/13/26UDPVCPU, MELSEC Q Series Q12DCCPU-V, MELSEC Q Series Q24DHCCPU-V(G), MELSEC Q Series Q24/26DHCCPU-LS, MELSEC Q Series MR-MQ100, MELSEC Q Series Q172/173DCPU-S1, MELSEC Q Series Q172/173DSCPU, MELSEC Q Series Q170MCPU, MELSEC Q Series Q170MSCPU(-S1), MELSEC L Series L02/06/26CPU(-P), MELSEC L Series L26CPU-(P)BT and MELIPC Series MI5122-VW allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by sending specially crafted packets. System reset is required for recovery.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-400,CWE-400,

Products Affected

Vendor Product Version
mitsubishi melsec_q170mscpu(-s1)_firmware *
mitsubishi melsec_q20udecpu_firmware *
mitsubishi melsec_iq-r_r12_ccpu-v_firmware *
mitsubishi melsec_q26udpvcpu_firmware -
mitsubishi melsec_iq-r_r04_pcpu_firmware *
mitsubishi melsec_l26cpu-(p)bt_firmware *
mitsubishi melsec_iq-r_r32_sfcpu_firmware *
mitsubishi melsec_l02cpu(-p)_firmware *
mitsubishi melsec_q172dcpu-s1_firmware *
mitsubishi melsec_iq-r_r08_cpu_firmware *
mitsubishi melsec_iq-r_r16_sfcpu_firmware *
mitsubishi melsec_iq-r_r32_mtcpu_firmware *
mitsubishi melsec_iq-r_r01_cpu_firmware *
mitsubishi melsec_q04udpvcpu_firmware -
mitsubishi melsec_q04udecpu_firmware *
mitsubishi melsec_q26dhccpu-ls_firmware -
mitsubishi melsec_q03udvcpu_firmware -
mitsubishi melsec_q173dscpu_firmware -
mitsubishi melsec_iq-r_r120_pcpu_firmware *
mitsubishi melsec_iq-r_r08_sfcpu_firmware *
mitsubishi melsec_q04udvcpu_firmware -
mitsubishi melsec_iq-r_r120_cpu_firmware *
mitsubishi melsec_q172dscpu_firmware *
mitsubishi melsec_iq-r_r04_cpu_firmware *
mitsubishi melsec_q06udvcpu_firmware -
mitsubishi melsec_iq-r_r02_cpu_firmware *
mitsubishi melsec_l26cpu(-p)_firmware *
mitsubishi melsec_q24dhccpu-ls_firmware *
mitsubishi melsec_q100udecpu_firmware *
mitsubishi melsec_iq-r_r00_cpu_firmware *
mitsubishi melsec_q13udpvcpu_firmware -
mitsubishi melsec_mr-mq100_firmware *
mitsubishi melsec_iq-r_r16_mtcpu_firmware *
mitsubishi melsec_q03udecpu_firmware *
mitsubishi melsec_iq-r_r32_pcpu_firmware *
mitsubishi melsec_q173dcpu-s1_firmware *
mitsubishi melsec_iq-r_r08_pcpu_firmware *
mitsubishi melsec_q50udecpu_firmware *
mitsubishi melsec_q06udpvcpu_firmware -
mitsubishi melsec_q13udecpu_firmware *
mitsubishi melsec_q26udecpu_firmware *
mitsubishi melsec_q170mcpu_firmware *
mitsubishi melsec_q06udecpu_firmware *
mitsubishi melipc_mi5122-vw_firmware *
mitsubishi melsec_q10udecpu_firmware *
mitsubishi melsec_iq-r_r120_sfcpu_firmware *
mitsubishi melsec_iq-r_r16_cpu_firmware *
mitsubishi melsec_iq-r_r64_mtcpu_firmware *
mitsubishi melsec_iq-r_r16_pcpu_firmware *
mitsubishi melsec_iq-r_r32_cpu_firmware *
mitsubishi melsec_q13udvcpu_firmware -
mitsubishi melsec_l06cpu(-p)_firmware *
mitsubishi melsec_q26udvcpu_firmware -
mitsubishi melsec_q12dccpu-v_firmware *
mitsubishi melsec_q24dhccpu-v(g)_firmware *
CVE-2021-20610 HIGH

Improper Handling of Length Parameter Inconsistency vulnerability in Mitsubishi Electric MELSEC iQ-R Series R00/01/02CPU, MELSEC iQ-R Series R04/08/16/32/120(EN)CPU, MELSEC iQ-R Series R08/16/32/120SFCPU, MELSEC iQ-R Series R08/16/32/120PCPU, MELSEC iQ-R Series R08/16/32/120PSFCPU, MELSEC iQ-R Series R16/32/64MTCPU, MELSEC iQ-R Series R12CCPU-V, MELSEC Q Series Q03UDECPU, MELSEC Q Series Q04/06/10/13/20/26/50/100UDEHCPU, MELSEC Q Series Q03/04/06/13/26UDVCPU, MELSEC Q Series Q04/06/13/26UDPVCPU, MELSEC Q Series Q12DCCPU-V, MELSEC Q Series Q24DHCCPU-V(G), MELSEC Q Series Q24/26DHCCPU-LS, MELSEC Q Series MR-MQ100, MELSEC Q Series Q172/173DCPU-S1, MELSEC Q Series Q172/173DSCPU, MELSEC Q Series Q170MCPU, MELSEC Q Series Q170MSCPU(-S1), MELSEC L Series L02/06/26CPU(-P), MELSEC L Series L26CPU-(P)BT and MELIPC Series MI5122-VW allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by sending specially crafted packets. System reset is required for recovery.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-130,NVD-CWE-Other,

Products Affected

Vendor Product Version
mitsubishi melsec_q170mscpu(-s1)_firmware *
mitsubishi melsec_q20udecpu_firmware *
mitsubishi melsec_iq-r_r12_ccpu-v_firmware *
mitsubishi melsec_q26udpvcpu_firmware -
mitsubishi melsec_iq-r_r04_pcpu_firmware *
mitsubishi melsec_l26cpu-(p)bt_firmware *
mitsubishi melsec_iq-r_r32_sfcpu_firmware *
mitsubishi melsec_l02cpu(-p)_firmware *
mitsubishi melsec_q172dcpu-s1_firmware *
mitsubishi melsec_iq-r_r08_cpu_firmware *
mitsubishi melsec_iq-r_r16_sfcpu_firmware *
mitsubishi melsec_iq-r_r32_mtcpu_firmware *
mitsubishi melsec_iq-r_r01_cpu_firmware *
mitsubishi melsec_q04udpvcpu_firmware -
mitsubishi melsec_q04udecpu_firmware *
mitsubishi melsec_q26dhccpu-ls_firmware -
mitsubishi melsec_q03udvcpu_firmware -
mitsubishi melsec_q173dscpu_firmware -
mitsubishi melsec_iq-r_r120_pcpu_firmware *
mitsubishi melsec_iq-r_r08_sfcpu_firmware *
mitsubishi melsec_q04udvcpu_firmware -
mitsubishi melsec_iq-r_r120_cpu_firmware *
mitsubishi melsec_q172dscpu_firmware *
mitsubishi melsec_iq-r_r04_cpu_firmware *
mitsubishi melsec_q06udvcpu_firmware -
mitsubishi melsec_iq-r_r02_cpu_firmware *
mitsubishi melsec_l26cpu(-p)_firmware *
mitsubishi melsec_q24dhccpu-ls_firmware *
mitsubishi melsec_q100udecpu_firmware *
mitsubishi melsec_iq-r_r00_cpu_firmware *
mitsubishi melsec_q13udpvcpu_firmware -
mitsubishi melsec_mr-mq100_firmware *
mitsubishi melsec_iq-r_r16_mtcpu_firmware *
mitsubishi melsec_q03udecpu_firmware *
mitsubishi melsec_iq-r_r32_pcpu_firmware *
mitsubishi melsec_q173dcpu-s1_firmware *
mitsubishi melsec_iq-r_r08_pcpu_firmware *
mitsubishi melsec_q50udecpu_firmware *
mitsubishi melsec_q06udpvcpu_firmware -
mitsubishi melsec_q13udecpu_firmware *
mitsubishi melsec_q26udecpu_firmware *
mitsubishi melsec_q170mcpu_firmware *
mitsubishi melsec_q06udecpu_firmware *
mitsubishi melipc_mi5122-vw_firmware *
mitsubishi melsec_q10udecpu_firmware *
mitsubishi melsec_iq-r_r120_sfcpu_firmware *
mitsubishi melsec_iq-r_r16_cpu_firmware *
mitsubishi melsec_iq-r_r64_mtcpu_firmware *
mitsubishi melsec_iq-r_r16_pcpu_firmware *
mitsubishi melsec_iq-r_r32_cpu_firmware *
mitsubishi melsec_q13udvcpu_firmware -
mitsubishi melsec_l06cpu(-p)_firmware *
mitsubishi melsec_q26udvcpu_firmware -
mitsubishi melsec_q12dccpu-v_firmware *
mitsubishi melsec_q24dhccpu-v(g)_firmware *
CVE-2021-20611 HIGH

Improper Input Validation vulnerability in Mitsubishi Electric MELSEC iQ-R Series R00/01/02CPU, MELSEC iQ-R Series R04/08/16/32/120(EN)CPU, MELSEC iQ-R Series R08/16/32/120SFCPU, MELSEC iQ-R Series R08/16/32/120PCPU, MELSEC iQ-R Series R08/16/32/120PSFCPU, MELSEC iQ-R Series R16/32/64MTCPU, MELSEC iQ-R Series R12CCPU-V, MELSEC Q Series Q03UDECPU, MELSEC Q Series Q04/06/10/13/20/26/50/100UDEHCPU, MELSEC Q Series Q03/04/06/13/26UDVCPU, MELSEC Q Series Q04/06/13/26UDPVCPU, MELSEC Q Series Q12DCCPU-V, MELSEC Q Series Q24DHCCPU-V(G), MELSEC Q Series Q24/26DHCCPU-LS, MELSEC Q Series MR-MQ100, MELSEC Q Series Q172/173DCPU-S1, MELSEC Q Series Q172/173DSCPU, MELSEC Q Series Q170MCPU, MELSEC Q Series Q170MSCPU(-S1), MELSEC L Series L02/06/26CPU(-P), MELSEC L Series L26CPU-(P)BT and MELIPC Series MI5122-VW allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by sending specially crafted packets. System reset is required for recovery.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,CWE-20,

Products Affected

Vendor Product Version
mitsubishi melsec_q170mscpu(-s1)_firmware *
mitsubishi melsec_q20udecpu_firmware *
mitsubishi melsec_iq-r_r12_ccpu-v_firmware *
mitsubishi melsec_q26udpvcpu_firmware -
mitsubishi melsec_iq-r_r04_pcpu_firmware *
mitsubishi melsec_l26cpu-(p)bt_firmware *
mitsubishi melsec_iq-r_r32_sfcpu_firmware *
mitsubishi melsec_l02cpu(-p)_firmware *
mitsubishi melsec_q172dcpu-s1_firmware *
mitsubishi melsec_iq-r_r08_cpu_firmware *
mitsubishi melsec_iq-r_r16_sfcpu_firmware *
mitsubishi melsec_iq-r_r32_mtcpu_firmware *
mitsubishi melsec_iq-r_r01_cpu_firmware *
mitsubishi melsec_q04udpvcpu_firmware -
mitsubishi melsec_q04udecpu_firmware *
mitsubishi melsec_q26dhccpu-ls_firmware -
mitsubishi melsec_q03udvcpu_firmware -
mitsubishi melsec_q173dscpu_firmware -
mitsubishi melsec_iq-r_r120_pcpu_firmware *
mitsubishi melsec_iq-r_r08_sfcpu_firmware *
mitsubishi melsec_q04udvcpu_firmware -
mitsubishi melsec_iq-r_r120_cpu_firmware *
mitsubishi melsec_q172dscpu_firmware *
mitsubishi melsec_iq-r_r04_cpu_firmware *
mitsubishi melsec_q06udvcpu_firmware -
mitsubishi melsec_iq-r_r02_cpu_firmware *
mitsubishi melsec_l26cpu(-p)_firmware *
mitsubishi melsec_q24dhccpu-ls_firmware *
mitsubishi melsec_q100udecpu_firmware *
mitsubishi melsec_iq-r_r00_cpu_firmware *
mitsubishi melsec_q13udpvcpu_firmware -
mitsubishi melsec_mr-mq100_firmware *
mitsubishi melsec_iq-r_r16_mtcpu_firmware *
mitsubishi melsec_q03udecpu_firmware *
mitsubishi melsec_iq-r_r32_pcpu_firmware *
mitsubishi melsec_q173dcpu-s1_firmware *
mitsubishi melsec_iq-r_r08_pcpu_firmware *
mitsubishi melsec_q50udecpu_firmware *
mitsubishi melsec_q06udpvcpu_firmware -
mitsubishi melsec_q13udecpu_firmware *
mitsubishi melsec_q26udecpu_firmware *
mitsubishi melsec_q170mcpu_firmware *
mitsubishi melsec_q06udecpu_firmware *
mitsubishi melipc_mi5122-vw_firmware *
mitsubishi melsec_q10udecpu_firmware *
mitsubishi melsec_iq-r_r120_sfcpu_firmware *
mitsubishi melsec_iq-r_r16_cpu_firmware *
mitsubishi melsec_iq-r_r64_mtcpu_firmware *
mitsubishi melsec_iq-r_r16_pcpu_firmware *
mitsubishi melsec_iq-r_r32_cpu_firmware *
mitsubishi melsec_q13udvcpu_firmware -
mitsubishi melsec_l06cpu(-p)_firmware *
mitsubishi melsec_q26udvcpu_firmware -
mitsubishi melsec_q12dccpu-v_firmware *
mitsubishi melsec_q24dhccpu-v(g)_firmware *
CVE-2022-24296 MEDIUM

Use of a Broken or Risky Cryptographic Algorithm vulnerability in Air Conditioning System G-150AD Ver. 3.21 and prior, Air Conditioning System AG-150A-A Ver. 3.21 and prior, Air Conditioning System AG-150A-J Ver. 3.21 and prior, Air Conditioning System GB-50AD Ver. 3.21 and prior, Air Conditioning System GB-50ADA-A Ver. 3.21 and prior, Air Conditioning System GB-50ADA-J Ver. 3.21 and prior, Air Conditioning System EB-50GU-A Ver. 7.10 and prior, Air Conditioning System EB-50GU-J Ver. 7.10 and prior, Air Conditioning System AE-200J Ver. 7.97 and prior, Air Conditioning System AE-200A Ver. 7.97 and prior, Air Conditioning System AE-200E Ver. 7.97 and prior, Air Conditioning System AE-50J Ver. 7.97 and prior, Air Conditioning System AE-50A Ver. 7.97 and prior, Air Conditioning System AE-50E Ver. 7.97 and prior, Air Conditioning System EW-50J Ver. 7.97 and prior, Air Conditioning System EW-50A Ver. 7.97 and prior, Air Conditioning System EW-50E Ver. 7.97 and prior, Air Conditioning System TE-200A Ver. 7.97 and prior, Air Conditioning System TE-50A Ver. 7.97 and prior and Air Conditioning System TW-50A Ver. 7.97 and prior allows a remote unauthenticated attacker to cause a disclosure of encrypted message of the air conditioning systems by sniffing encrypted communications.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-327,

Products Affected

Vendor Product Version
mitsubishi g-150ad_firmware *
mitsubishi te-200a_firmware *
mitsubishi ae-200e_firmware *
mitsubishi gb-50ada-j_firmware *
mitsubishi ae-50e_firmware *
mitsubishi te-50a_firmware *
mitsubishi ag-150a-a_firmware *
mitsubishi ew-50e_firmware *
mitsubishi ew-50a_firmware *
mitsubishi ew-50j_firmware *
mitsubishi gb-50a_firmware *
mitsubishi ae-200a_firmware *
mitsubishi tw-50a_firmware *
mitsubishi ae-50a_firmware *
mitsubishi ae-50j_firmware *
mitsubishi ae-200j_firmware *
mitsubishi eb-50gu-a_firmware *
mitsubishi eb-50gu-j_firmware *
mitsubishi ag-150a-j_firmware *
mitsubishi gb-50ada-a_firmware *
CVE-2022-25163 HIGH

Improper Input Validation vulnerability in Mitsubishi Electric MELSEC-Q Series QJ71E71-100 first 5 digits of serial number "24061" or prior, Mitsubishi Electric MELSEC-L series LJ71E71-100 first 5 digits of serial number "24061" or prior and Mitsubishi Electric MELSEC iQ-R Series RD81MES96N firmware version "08" or prior allows a remote unauthenticated attacker to cause a denial of service (DoS) condition or execute malicious code on the target products by sending specially crafted packets.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
mitsubishi melsec_iq-r_rd81mes96n_firmware *
mitsubishi melsec_lj71e71-100_firmware *
mitsubishi melsec_qj71e71-100_firmware *
CVE-2022-33324

Improper Resource Shutdown or Release vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series R00/01/02CPU Firmware versions "32" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions "65" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R08/16/32/120SFCPU Firmware versions "29" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R08/16/32/120PSFCPU Firmware versions "08" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R12CCPU-V Firmware versions "17" and prior, Mitsubishi Electric Corporation MELSEC iQ-L Series L04/08/16/32HCPU Firmware versions "05" and prior and Mitsubishi Electric Corporation MELIPC Series MI5122-VW Firmware versions "07" and prior allows a remote unauthenticated attacker to cause a Denial of Service condition in Ethernet communication on the module by sending specially crafted packets. A system reset of the module is required for recovery.

Products Affected

Vendor Product Version
mitsubishi melipc_mi5122-vw_firmware *
mitsubishi melsec_iq-l_l32_hcpu_firmware *
mitsubishi melsec_iq-r_r12_ccpu-v_firmware *
mitsubishi melsec_iq-l_l16_hcpu_firmware *
mitsubishi melsec_iq-r_r00_cpu_firmware *
mitsubishi melsec_iq-l_l04_hcpu_firmware *
mitsubishi melsec_iq-l_l08_hcpu_firmware *
mitsubishi melsec_iq-r_r08_sfcpu_firmware *
mitsubishi melsec_iq-r_r120_sfcpu_firmware *
mitsubishi melsec_iq-r_r16_cpu_firmware *
mitsubishi melsec_iq-r_r32_sfcpu_firmware *
mitsubishi melsec_iq-r_r04_sfcpu_firmware *
mitsubishi melsec_iq-r_r120_cpu_firmware *
mitsubishi melsec_iq-r_r32_cpu_firmware *
mitsubishi melsec_iq-r_r08_cpu_firmware *
mitsubishi melsec_iq-r_r04_cpu_firmware *
mitsubishi melsec_iq-r_r16_sfcpu_firmware *
mitsubishi melsec_iq-r_r02_cpu_firmware *
mitsubishi melsec_iq-r_r01_cpu_firmware *