CVE-2022-33324

CVSS V2 None CVSS V3 None
Description
Improper Resource Shutdown or Release vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series R00/01/02CPU Firmware versions "32" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions "65" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R08/16/32/120SFCPU all versions, Mitsubishi Electric Corporation MELSEC iQ-R Series R12CCPU-V all versions, Mitsubishi Electric Corporation MELSEC iQ-L Series L04/08/16/32HCPU all versions and Mitsubishi Electric Corporation MELIPC Series MI5122-VW all versions allows a remote unauthenticated attacker to cause a Denial of Service condition in Ethernet communication on the module by sending specially crafted packets. A system reset of the module is required for recovery.
Overview
  • CVE ID
  • CVE-2022-33324
  • Assigner
  • Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2022-12-23T03:15:08
  • Last Modified Date
  • 2023-01-04T21:21:39
Weakness Enumerations
CWE URL
CWE-404 http://cwe.mitre.org/data/definitions/404.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
AND
cpe:2.3:o:mitsubishi:melsec_iq-r_r00_cpu_firmware:*:*:*:*:*:*:*:* 1 OR 33.0
cpe:2.3:h:mitsubishi:melsec_iq-r_r00_cpu:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:mitsubishi:melsec_iq-r_r01_cpu_firmware:*:*:*:*:*:*:*:* 1 OR 33.0
cpe:2.3:h:mitsubishi:melsec_iq-r_r01_cpu:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:mitsubishi:melsec_iq-r_r02_cpu_firmware:*:*:*:*:*:*:*:* 1 OR 33.0
cpe:2.3:h:mitsubishi:melsec_iq-r_r02_cpu:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:mitsubishi:melsec_iq-r_r04_cpu_firmware:*:*:*:*:*:*:*:* 1 OR 66.0
cpe:2.3:h:mitsubishi:melsec_iq-r_r04_cpu:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:mitsubishi:melsec_iq-r_r08_cpu_firmware:*:*:*:*:*:*:*:* 1 OR 66.0
cpe:2.3:h:mitsubishi:melsec_iq-r_r08_cpu:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:mitsubishi:melsec_iq-r_r16_cpu_firmware:*:*:*:*:*:*:*:* 1 OR 66.0
cpe:2.3:h:mitsubishi:melsec_iq-r_r16_cpu:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:mitsubishi:melsec_iq-r_r32_cpu_firmware:*:*:*:*:*:*:*:* 1 OR 66.0
cpe:2.3:h:mitsubishi:melsec_iq-r_r32_cpu:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:mitsubishi:melsec_iq-r_r120_cpu_firmware:*:*:*:*:*:*:*:* 1 OR 66.0
cpe:2.3:h:mitsubishi:melsec_iq-r_r120_cpu:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:mitsubishi:melsec_iq-r_r04_sfcpu_firmware:*:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:mitsubishi:melsec_iq-r_r04_sfcpu:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:mitsubishi:melsec_iq-r_r08_sfcpu_firmware:*:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:mitsubishi:melsec_iq-r_r08_sfcpu:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:mitsubishi:melsec_iq-r_r120_sfcpu_firmware:*:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:mitsubishi:melsec_iq-r_r120_sfcpu:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:mitsubishi:melsec_iq-r_r16_sfcpu_firmware:*:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:mitsubishi:melsec_iq-r_r16_sfcpu:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:mitsubishi:melsec_iq-r_r32_sfcpu_firmware:*:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:mitsubishi:melsec_iq-r_r32_sfcpu:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:mitsubishi:melsec_iq-r_r12_ccpu-v_firmware:*:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:mitsubishi:melsec_iq-r_r12_ccpu-v:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:mitsubishi:melipc_mi5122-vw_firmware:*:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:mitsubishi:melipc_mi5122-vw:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:mitsubishi:melsec_iq-l_l04_hcpu_firmware:*:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:mitsubishi:melsec_iq-l_l04_hcpu:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:mitsubishi:melsec_iq-l_l08_hcpu_firmware:*:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:mitsubishi:melsec_iq-l_l08_hcpu:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:mitsubishi:melsec_iq-l_l16_hcpu_firmware:*:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:mitsubishi:melsec_iq-l_l16_hcpu:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:mitsubishi:melsec_iq-l_l32_hcpu_firmware:*:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:mitsubishi:melsec_iq-l_l32_hcpu:-:*:*:*:*:*:*:* 0 OR
References
Reference URL Reference Tags
https://jvn.jp/vu/JVNVU96883262
https://www.cisa.gov/uscert/ics/advisories/icsa-22-356-03
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-018_en.pdf
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2022-33324
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33324
History
Created Old Value New Value Data Type Notes
2022-12-23 03:17:34 Added to TrackCVE
2022-12-23 03:17:34 Weakness Enumeration new
2022-12-23 04:15:37 2022-12-23T03:31:02 CVE Modified Date updated
2022-12-23 04:15:37 Received Awaiting Analysis Vulnerability Status updated
2022-12-29 15:13:49 Awaiting Analysis Undergoing Analysis Vulnerability Status updated
2023-01-04 22:17:11 2023-01-04T21:21:39 CVE Modified Date updated
2023-01-04 22:17:11 Undergoing Analysis Analyzed Vulnerability Status updated
2023-01-04 22:17:12 CPE Information updated