PRIOn Logo

CVE-2022-33324 Design/Logic Flaw

Routine
Remediate Within 6 Months

CVE Information

Original CVE data

Published:
Updated:

Improper Resource Shutdown or Release vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series R00/01/02CPU Firmware versions "32" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions "65" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R08/16/32/120SFCPU Firmware versions "29" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R12CCPU-V Firmware versions "17" and prior, Mitsubishi Electric Corporation MELSEC iQ-L Series L04/08/16/32HCPU Firmware versions "05" and prior and Mitsubishi Electric Corporation MELIPC Series MI5122-VW Firmware versions "07" and prior allows a remote unauthenticated attacker to cause a Denial of Service condition in Ethernet communication on the module by sending specially crafted packets. A system reset of the module is required for recovery.

CWE: CWE-404
CVSS v2-
CVSS v37.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References
https://www.cisa.gov/uscert/ics/advisories/icsa-22-356-03
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-018_en.pdf
https://jvn.jp/vu/JVNVU96883262
Affected Vendors

Mitsubishi - (19)

Basic Analysis

Common vulnerability metrics

Vulnerabilty type as detected by PRIOnengine

Design/Logic Flaw

CVSS Scores as calculated by PRIOnengine
CVSS v27.8
AV:N/AC:L/AU:N/C:N/I:N/A:C
CVSS v37.5
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
MITRE CWE Top 25

-

Exploits

No exploit code is reported to exist.

Active Exploitation

Vulnerability is not in CISA's Known Exploited Vulnerabilities (KEV) catalog. See the KEV Catalog

Social Network Activity

-

Threat Actor Activity

No sightings of the vulnerability within threat reports.

Cybersecurity Frameworks

How the vulnerability maps against various cybersecurity frameworks

T1499 - Endpoint Denial of Service
T1498 - Network Denial of Service
T1203 - Exploitation for Client Execution
T1059 - Command and Scripting Interpreter

Compliance Impact

How the submited vulnerability affects compliance

PCI DSS v3.2.1-6.5.5 - Improper Error Handling

Web Application Security Frameworks

Applicable if the issue likely affects a web application

-