1. Home
  2. CVE Database
  3. CVE-2022-25161
HIGH · 8.6

CVE-2022-25161

Improper Input Validation vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U-xMy/z(x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) with serial number 17X**** or later and versions prior to 1.270, Mitsub...

Vulnerability Description

Improper Input Validation vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U-xMy/z(x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) with serial number 17X**** or later and versions prior to 1.270, Mitsubishi Electric Mitsubishi Electric MELSEC iQ-F series FX5U-xMy/z(x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) with serial number 179**** and prior and versions prior to 1.073, MELSEC iQ-F series FX5UC-xMy/z(x=32,64,96, y=T,R, z=D,DSS) with serial number 17X**** or later and versions prior to 1.270, Mitsubishi Electric MELSEC iQ-F series FX5UC-xMy/z(x=32,64,96, y=T,R, z=D,DSS) with serial number 179**** and prior and versions prior to 1.073, Mitsubishi Electric MELSEC iQ-F series FX5UC-32MT/DS-TS versions prior to 1.270, Mitsubishi Electric MELSEC iQ-F series FX5UC-32MT/DSS-TS versions prior to 1.270, Mitsubishi Electric MELSEC iQ-F series FX5UC-32MR/DS-TS versions prior to 1.270, Mitsubishi Electric MELSEC iQ-F series FX5UJ-xMy/z(x=24,40,60, y=T,R, z=ES,ESS) versions prior to 1.030, Mitsubishi Electric MELSEC iQ-F series FX5UJ-xMy/ES-A(x=24,40,60, y=T,R) versions prior to 1.031 and Mitsubishi Electric MELSEC iQ-F series FX5S-xMy/z(x=30,40,60,80, y=T,R, z=ES,ESS) version 1.000 allows a remote unauthenticated attacker to cause a DoS condition for the product's program execution or communication by sending specially crafted packets. System reset of the product is required for recovery.

CVSS Score

8.6

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality
NONE
Integrity
NONE
Availability
HIGH

Affected Products

VendorProductVersions
MitsubishielectricMelsec Iq-Fx5U-32Mt\/Es Firmware< 1.270
MitsubishielectricMelsec Iq-Fx5U-32Mt\/Es-
MitsubishielectricMelsec Iq-Fx5U-32Mt\/Ds Firmware< 1.270
MitsubishielectricMelsec Iq-Fx5U-32Mt\/Ds-
MitsubishielectricMelsec Iq-Fx5U-32Mt\/Ess Firmware< 1.270
MitsubishielectricMelsec Iq-Fx5U-32Mt\/Ess-
MitsubishielectricMelsec Iq-Fx5U-32Mt\/Dss Firmware< 1.270
MitsubishielectricMelsec Iq-Fx5U-32Mt\/Dss-
MitsubishielectricMelsec Iq-Fx5U-32Mr\/Es Firmware< 1.270
MitsubishielectricMelsec Iq-Fx5U-32Mr\/Es-
MitsubishielectricMelsec Iq-Fx5U-32Mr\/Ds Firmware< 1.270
MitsubishielectricMelsec Iq-Fx5U-32Mr\/Ds-
MitsubishielectricMelsec Iq-Fx5U-32Mr\/Ess Firmware< 1.270
MitsubishielectricMelsec Iq-Fx5U-32Mr\/Ess-
MitsubishielectricMelsec Iq-Fx5U-32Mr\/Dss Firmware< 1.270
MitsubishielectricMelsec Iq-Fx5U-32Mr\/Dss-
MitsubishielectricMelsec Iq-Fx5U-64Mt\/Es Firmware< 1.270
MitsubishielectricMelsec Iq-Fx5U-64Mt\/Es-
MitsubishielectricMelsec Iq-Fx5U-64Mt\/Ds Firmware< 1.270
MitsubishielectricMelsec Iq-Fx5U-64Mt\/Ds-

Related Weaknesses (CWE)

CWE-20

References

FAQ

What is CVE-2022-25161?

CVE-2022-25161 is a vulnerability with a CVSS score of 8.6 (HIGH). Improper Input Validation vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U-xMy/z(x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) with serial number 17X**** or later and versions prior to 1.270, Mitsub...

How severe is CVE-2022-25161?

CVE-2022-25161 has been rated HIGH with a CVSS base score of 8.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-25161?

Check the references section above for vendor advisories and patch information. Affected products include: Mitsubishielectric Melsec Iq-Fx5U-32Mt\/Es Firmware, Mitsubishielectric Melsec Iq-Fx5U-32Mt\/Es, Mitsubishielectric Melsec Iq-Fx5U-32Mt\/Ds Firmware, Mitsubishielectric Melsec Iq-Fx5U-32Mt\/Ds, Mitsubishielectric Melsec Iq-Fx5U-32Mt\/Ess Firmware.