CVE-2022-25163 — CRITICAL (9.8)

Q: How severe is CVE-2022-25163?

CVE-2022-25163 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2022-25163?

Check the references section above for vendor advisories and patch information. Affected products include: Mitsubishi Melsec Iq-R Rd81Mes96N Firmware, Mitsubishi Melsec Iq-R Rd81Mes96N, Mitsubishi Melsec Qj71E71-100 Firmware, Mistubishi Melsec Qj71E71-100, Mitsubishi Melsec Lj71E71-100 Firmware.

Vulnerability Description

Improper Input Validation vulnerability in Mitsubishi Electric MELSEC-Q Series QJ71E71-100 first 5 digits of serial number "24061" or prior, Mitsubishi Electric MELSEC-L series LJ71E71-100 first 5 digits of serial number "24061" or prior and Mitsubishi Electric MELSEC iQ-R Series RD81MES96N firmware version "08" or prior allows a remote unauthenticated attacker to cause a denial of service (DoS) condition or execute malicious code on the target products by sending specially crafted packets.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Mitsubishi	Melsec Iq-R Rd81Mes96N Firmware	< 09
Mitsubishi	Melsec Iq-R Rd81Mes96N	-
Mitsubishi	Melsec Qj71E71-100 Firmware	< 24062
Mistubishi	Melsec Qj71E71-100	-
Mitsubishi	Melsec Lj71E71-100 Firmware	< 24062
Mitsubishi	Melsec Lj71E71-100	-

Related Weaknesses (CWE)

CWE-20

References

https://jvn.jp/vu/JVNVU92561747/index.htmlThird Party Advisory
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-006_en.pdfVendor Advisory
https://jvn.jp/vu/JVNVU92561747/index.htmlThird Party Advisory
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-006_en.pdfVendor Advisory

FAQ

What is CVE-2022-25163?

CVE-2022-25163 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Improper Input Validation vulnerability in Mitsubishi Electric MELSEC-Q Series QJ71E71-100 first 5 digits of serial number "24061" or prior, Mitsubishi Electric MELSEC-L series LJ71E71-100 first 5 dig...

How severe is CVE-2022-25163?

CVE-2022-25163 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2022-25163?

Check the references section above for vendor advisories and patch information. Affected products include: Mitsubishi Melsec Iq-R Rd81Mes96N Firmware, Mitsubishi Melsec Iq-R Rd81Mes96N, Mitsubishi Melsec Qj71E71-100 Firmware, Mistubishi Melsec Qj71E71-100, Mitsubishi Melsec Lj71E71-100 Firmware.