CVE-2022-33324

Denial-of-Service Vulnerability in Ethernet port of MELSEC iQ-R, iQ-L Series and MELIPC Series

Description

Improper Resource Shutdown or Release vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series R00/01/02CPU Firmware versions "32" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions "65" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R08/16/32/120SFCPU Firmware versions "29" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R08/16/32/120PSFCPU Firmware versions "08" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R12CCPU-V Firmware versions "17" and prior, Mitsubishi Electric Corporation MELSEC iQ-L Series L04/08/16/32HCPU Firmware versions "05" and prior and Mitsubishi Electric Corporation MELIPC Series MI5122-VW Firmware versions "07" and prior allows a remote unauthenticated attacker to cause a Denial of Service condition in Ethernet communication on the module by sending specially crafted packets. A system reset of the module is required for recovery.

References

Link	Tags
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-018_en.pdf	vendor advisory
https://jvn.jp/vu/JVNVU96883262	third party advisory government resource
https://www.cisa.gov/uscert/ics/advisories/icsa-22-356-03	patch government resource third party advisory us government resource

Frequently Asked Questions

What is the severity of CVE-2022-33324?: CVE-2022-33324 has been scored as a high severity vulnerability.
How to fix CVE-2022-33324?: To fix CVE-2022-33324, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2022-33324 being actively exploited in the wild?: It is possible that CVE-2022-33324 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~2% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-33324?: CVE-2022-33324 affects Mitsubishi Electric Corporation MELSEC iQ-R Series R00CPU, Mitsubishi Electric Corporation MELSEC iQ-R Series R01CPU, Mitsubishi Electric Corporation MELSEC iQ-R Series R02CPU, Mitsubishi Electric Corporation MELSEC iQ-R Series R04CPU, Mitsubishi Electric Corporation MELSEC iQ-R Series R08CPU, Mitsubishi Electric Corporation MELSEC iQ-R Series R16CPU, Mitsubishi Electric Corporation MELSEC iQ-R Series R32CPU, Mitsubishi Electric Corporation MELSEC iQ-R Series R120CPU, Mitsubishi Electric Corporation MELSEC iQ-R Series R04ENCPU, Mitsubishi Electric Corporation MELSEC iQ-R Series R08ENCPU, Mitsubishi Electric Corporation MELSEC iQ-R Series R16ENCPU, Mitsubishi Electric Corporation MELSEC iQ-R Series R32ENCPU, Mitsubishi Electric Corporation MELSEC iQ-R Series R120ENCPU, Mitsubishi Electric Corporation MELSEC iQ-R Series R08SFCPU, Mitsubishi Electric Corporation MELSEC iQ-R Series R16SFCPU, Mitsubishi Electric Corporation MELSEC iQ-R Series R32SFCPU, Mitsubishi Electric Corporation MELSEC iQ-R Series R120SFCPU, Mitsubishi Electric Corporation MELSEC iQ-R Series R12CCPU-V, Mitsubishi Electric Corporation MELSEC iQ-L Series L04HCPU, Mitsubishi Electric Corporation MELSEC iQ-L Series L08HCPU, Mitsubishi Electric Corporation MELSEC iQ-L Series L16HCPU, Mitsubishi Electric Corporation MELSEC iQ-L Series L32HCPU, Mitsubishi Electric Corporation MELIPC Series MI5122-VW, Mitsubishi Electric Corporation MELSEC iQ-R Series R08PSFCPU, Mitsubishi Electric Corporation MELSEC iQ-R Series R16PSFCPU, Mitsubishi Electric Corporation MELSEC iQ-R Series R32PSFCPU, Mitsubishi Electric Corporation MELSEC iQ-R Series R120PSFCPU.

Description

Category

CWE-404 – Improper Resource Shutdown or Release

References

Frequently Asked Questions