CVE-2022-33324

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2022-33324
Improper Resource Shutdown or Release vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series R00/01/02CPU Firmware versions "32" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions "65" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R08/16/32/120SFCPU Firmware versions "29" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R12CCPU-V Firmware versions "17" and prior, Mitsubishi Electric Corporation MELSEC iQ-L Series L04/08/16/32HCPU all versions and Mitsubishi Electric Corporation MELIPC Series MI5122-VW all versions allows a remote unauthenticated attacker to cause a Denial of Service condition in Ethernet communication on the module by sending specially crafted packets. A system reset of the module is required for recovery.

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://jvn.jp/vu/JVNVU96883262 Third Party Advisory
https://www.cisa.gov/uscert/ics/advisories/icsa-22-356-03 Patch Third Party Advisory US Government Resource
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-018_en.pdf Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:mitsubishi:melsec_iq-r_r00_cpu_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishi:melsec_iq-r_r00_cpu:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:mitsubishi:melsec_iq-r_r01_cpu_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishi:melsec_iq-r_r01_cpu:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:mitsubishi:melsec_iq-r_r02_cpu_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishi:melsec_iq-r_r02_cpu:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:mitsubishi:melsec_iq-r_r04_cpu_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishi:melsec_iq-r_r04_cpu:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:mitsubishi:melsec_iq-r_r08_cpu_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishi:melsec_iq-r_r08_cpu:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:mitsubishi:melsec_iq-r_r16_cpu_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishi:melsec_iq-r_r16_cpu:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:mitsubishi:melsec_iq-r_r32_cpu_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishi:melsec_iq-r_r32_cpu:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:mitsubishi:melsec_iq-r_r120_cpu_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishi:melsec_iq-r_r120_cpu:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:mitsubishi:melsec_iq-r_r04_sfcpu_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishi:melsec_iq-r_r04_sfcpu:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:mitsubishi:melsec_iq-r_r08_sfcpu_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishi:melsec_iq-r_r08_sfcpu:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:mitsubishi:melsec_iq-r_r120_sfcpu_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishi:melsec_iq-r_r120_sfcpu:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:mitsubishi:melsec_iq-r_r16_sfcpu_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishi:melsec_iq-r_r16_sfcpu:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:mitsubishi:melsec_iq-r_r32_sfcpu_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishi:melsec_iq-r_r32_sfcpu:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:mitsubishi:melsec_iq-r_r12_ccpu-v_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishi:melsec_iq-r_r12_ccpu-v:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:mitsubishi:melipc_mi5122-vw_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishi:melipc_mi5122-vw:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
cpe:2.3:o:mitsubishi:melsec_iq-l_l04_hcpu_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishi:melsec_iq-l_l04_hcpu:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND
cpe:2.3:o:mitsubishi:melsec_iq-l_l08_hcpu_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishi:melsec_iq-l_l08_hcpu:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND
cpe:2.3:o:mitsubishi:melsec_iq-l_l16_hcpu_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishi:melsec_iq-l_l16_hcpu:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND
cpe:2.3:o:mitsubishi:melsec_iq-l_l32_hcpu_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishi:melsec_iq-l_l32_hcpu:-:*:*:*:*:*:*:*
History

13 Dec 2023, 05:15

Type Values Removed Values Added
Summary (en) Improper Resource Shutdown or Release vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series R00/01/02CPU Firmware versions "32" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions "65" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R08/16/32/120SFCPU Firmware versions "29" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R12CCPU-V all versions, Mitsubishi Electric Corporation MELSEC iQ-L Series L04/08/16/32HCPU all versions and Mitsubishi Electric Corporation MELIPC Series MI5122-VW all versions allows a remote unauthenticated attacker to cause a Denial of Service condition in Ethernet communication on the module by sending specially crafted packets. A system reset of the module is required for recovery. (en) Improper Resource Shutdown or Release vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series R00/01/02CPU Firmware versions "32" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions "65" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R08/16/32/120SFCPU Firmware versions "29" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R12CCPU-V Firmware versions "17" and prior, Mitsubishi Electric Corporation MELSEC iQ-L Series L04/08/16/32HCPU all versions and Mitsubishi Electric Corporation MELIPC Series MI5122-VW all versions allows a remote unauthenticated attacker to cause a Denial of Service condition in Ethernet communication on the module by sending specially crafted packets. A system reset of the module is required for recovery.

14 Jul 2023, 03:15

Type Values Removed Values Added
Summary Improper Resource Shutdown or Release vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series R00/01/02CPU Firmware versions "32" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions "65" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R08/16/32/120SFCPU all versions, Mitsubishi Electric Corporation MELSEC iQ-R Series R12CCPU-V all versions, Mitsubishi Electric Corporation MELSEC iQ-L Series L04/08/16/32HCPU all versions and Mitsubishi Electric Corporation MELIPC Series MI5122-VW all versions allows a remote unauthenticated attacker to cause a Denial of Service condition in Ethernet communication on the module by sending specially crafted packets. A system reset of the module is required for recovery. Improper Resource Shutdown or Release vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series R00/01/02CPU Firmware versions "32" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions "65" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R08/16/32/120SFCPU Firmware versions "29" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R12CCPU-V all versions, Mitsubishi Electric Corporation MELSEC iQ-L Series L04/08/16/32HCPU all versions and Mitsubishi Electric Corporation MELIPC Series MI5122-VW all versions allows a remote unauthenticated attacker to cause a Denial of Service condition in Ethernet communication on the module by sending specially crafted packets. A system reset of the module is required for recovery.

04 Jan 2023, 21:21

Type Values Removed Values Added
First Time Mitsubishi melsec Iq-r R16 Cpu
Mitsubishi
Mitsubishi melsec Iq-r R120 Cpu
Mitsubishi melsec Iq-r R08 Sfcpu Firmware
Mitsubishi melsec Iq-r R120 Sfcpu
Mitsubishi melsec Iq-l L16 Hcpu
Mitsubishi melsec Iq-l L16 Hcpu Firmware
Mitsubishi melsec Iq-r R04 Sfcpu Firmware
Mitsubishi melsec Iq-r R04 Sfcpu
Mitsubishi melsec Iq-l L04 Hcpu Firmware
Mitsubishi melsec Iq-l L04 Hcpu
Mitsubishi melsec Iq-l L32 Hcpu Firmware
Mitsubishi melsec Iq-r R16 Cpu Firmware
Mitsubishi melsec Iq-r R16 Sfcpu Firmware
Mitsubishi melsec Iq-l L08 Hcpu
Mitsubishi melsec Iq-r R32 Cpu
Mitsubishi melsec Iq-r R32 Sfcpu Firmware
Mitsubishi melsec Iq-r R08 Cpu
Mitsubishi melsec Iq-r R00 Cpu Firmware
Mitsubishi melsec Iq-r R08 Sfcpu
Mitsubishi melsec Iq-r R32 Cpu Firmware
Mitsubishi melipc Mi5122-vw Firmware
Mitsubishi melipc Mi5122-vw
Mitsubishi melsec Iq-r R08 Cpu Firmware
Mitsubishi melsec Iq-l L32 Hcpu
Mitsubishi melsec Iq-r R120 Sfcpu Firmware
Mitsubishi melsec Iq-r R01 Cpu
Mitsubishi melsec Iq-r R16 Sfcpu
Mitsubishi melsec Iq-l L08 Hcpu Firmware
Mitsubishi melsec Iq-r R12 Ccpu-v
Mitsubishi melsec Iq-r R12 Ccpu-v Firmware
Mitsubishi melsec Iq-r R02 Cpu
Mitsubishi melsec Iq-r R01 Cpu Firmware
Mitsubishi melsec Iq-r R00 Cpu
Mitsubishi melsec Iq-r R04 Cpu Firmware
Mitsubishi melsec Iq-r R120 Cpu Firmware
Mitsubishi melsec Iq-r R02 Cpu Firmware
Mitsubishi melsec Iq-r R04 Cpu
Mitsubishi melsec Iq-r R32 Sfcpu
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.5
CWE CWE-404
References (MISC) https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-018_en.pdf - (MISC) https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-018_en.pdf - Vendor Advisory
References (MISC) https://jvn.jp/vu/JVNVU96883262 - (MISC) https://jvn.jp/vu/JVNVU96883262 - Third Party Advisory
References (MISC) https://www.cisa.gov/uscert/ics/advisories/icsa-22-356-03 - (MISC) https://www.cisa.gov/uscert/ics/advisories/icsa-22-356-03 - Patch, Third Party Advisory, US Government Resource
CPE cpe:2.3:h:mitsubishi:melsec_iq-r_r04_cpu:-:*:*:*:*:*:*:*
cpe:2.3:o:mitsubishi:melsec_iq-r_r00_cpu_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishi:melsec_iq-r_r16_sfcpu:-:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishi:melsec_iq-r_r120_cpu:-:*:*:*:*:*:*:*
cpe:2.3:o:mitsubishi:melsec_iq-r_r120_cpu_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:mitsubishi:melsec_iq-l_l32_hcpu_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:mitsubishi:melsec_iq-r_r120_sfcpu_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishi:melsec_iq-l_l16_hcpu:-:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishi:melsec_iq-r_r12_ccpu-v:-:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishi:melipc_mi5122-vw:-:*:*:*:*:*:*:*
cpe:2.3:o:mitsubishi:melsec_iq-r_r04_sfcpu_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:mitsubishi:melsec_iq-l_l16_hcpu_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:mitsubishi:melsec_iq-r_r04_cpu_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:mitsubishi:melsec_iq-r_r32_sfcpu_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishi:melsec_iq-l_l08_hcpu:-:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishi:melsec_iq-l_l04_hcpu:-:*:*:*:*:*:*:*
cpe:2.3:o:mitsubishi:melsec_iq-r_r16_cpu_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:mitsubishi:melsec_iq-l_l04_hcpu_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishi:melsec_iq-r_r120_sfcpu:-:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishi:melsec_iq-r_r32_sfcpu:-:*:*:*:*:*:*:*
cpe:2.3:o:mitsubishi:melsec_iq-r_r08_cpu_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:mitsubishi:melsec_iq-r_r16_sfcpu_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishi:melsec_iq-r_r01_cpu:-:*:*:*:*:*:*:*
cpe:2.3:o:mitsubishi:melsec_iq-r_r32_cpu_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishi:melsec_iq-r_r02_cpu:-:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishi:melsec_iq-l_l32_hcpu:-:*:*:*:*:*:*:*
cpe:2.3:o:mitsubishi:melipc_mi5122-vw_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishi:melsec_iq-r_r08_sfcpu:-:*:*:*:*:*:*:*
cpe:2.3:o:mitsubishi:melsec_iq-r_r01_cpu_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishi:melsec_iq-r_r04_sfcpu:-:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishi:melsec_iq-r_r08_cpu:-:*:*:*:*:*:*:*
cpe:2.3:o:mitsubishi:melsec_iq-l_l08_hcpu_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishi:melsec_iq-r_r32_cpu:-:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishi:melsec_iq-r_r00_cpu:-:*:*:*:*:*:*:*
cpe:2.3:o:mitsubishi:melsec_iq-r_r02_cpu_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishi:melsec_iq-r_r16_cpu:-:*:*:*:*:*:*:*
cpe:2.3:o:mitsubishi:melsec_iq-r_r12_ccpu-v_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:mitsubishi:melsec_iq-r_r08_sfcpu_firmware:*:*:*:*:*:*:*:*

23 Dec 2022, 03:31

Type Values Removed Values Added
New CVE
Information

Published : 2022-12-23 03:15

Updated : 2023-12-13 05:15

NVD link : CVE-2022-33324

Mitre link : CVE-2022-33324

CVE.ORG link : CVE-2022-33324

JSON object : View

Products Affected

mitsubishi

  • melsec_iq-l_l08_hcpu_firmware
  • melsec_iq-r_r02_cpu_firmware
  • melsec_iq-r_r12_ccpu-v
  • melsec_iq-r_r08_cpu
  • melsec_iq-r_r32_sfcpu
  • melsec_iq-r_r16_sfcpu_firmware
  • melipc_mi5122-vw
  • melsec_iq-r_r04_sfcpu
  • melsec_iq-r_r01_cpu_firmware
  • melsec_iq-r_r00_cpu
  • melsec_iq-r_r04_cpu
  • melsec_iq-r_r01_cpu
  • melsec_iq-r_r16_cpu_firmware
  • melsec_iq-l_l32_hcpu
  • melsec_iq-r_r02_cpu
  • melsec_iq-r_r120_sfcpu
  • melsec_iq-r_r32_cpu
  • melsec_iq-r_r16_sfcpu
  • melipc_mi5122-vw_firmware
  • melsec_iq-l_l16_hcpu_firmware
  • melsec_iq-l_l32_hcpu_firmware
  • melsec_iq-r_r32_cpu_firmware
  • melsec_iq-r_r04_cpu_firmware
  • melsec_iq-r_r16_cpu
  • melsec_iq-l_l04_hcpu_firmware
  • melsec_iq-r_r32_sfcpu_firmware
  • melsec_iq-l_l04_hcpu
  • melsec_iq-l_l08_hcpu
  • melsec_iq-r_r120_cpu_firmware
  • melsec_iq-r_r08_sfcpu_firmware
  • melsec_iq-r_r120_cpu
  • melsec_iq-r_r12_ccpu-v_firmware
  • melsec_iq-r_r00_cpu_firmware
  • melsec_iq-r_r08_sfcpu
  • melsec_iq-l_l16_hcpu
  • melsec_iq-r_r120_sfcpu_firmware
  • melsec_iq-r_r08_cpu_firmware
  • melsec_iq-r_r04_sfcpu_firmware
CWE
CWE-404

Improper Resource Shutdown or Release