Mitsubishi Electric MELSEC iQ-F Series Improper Input Validation (CVE-2022-25161)

high Tenable OT Security Plugin ID 500652

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Improper Input Validation vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U-xMy/z(x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) with serial number 17X**** or later and versions prior to 1.270, Mitsubishi Electric Mitsubishi Electric MELSEC iQ-F series FX5U-xMy/z(x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) with serial number 179**** and prior and versions prior to 1.073, MELSEC iQ-F series FX5UC-xMy/z(x=32,64,96, y=T,R, z=D,DSS) with serial number 17X**** or later and versions prior to 1.270, Mitsubishi Electric MELSEC iQ-F series FX5UC- xMy/z(x=32,64,96, y=T,R, z=D,DSS) with serial number 179**** and prior and versions prior to 1.073, Mitsubishi Electric MELSEC iQ-F series FX5UC-32MT/DS-TS versions prior to 1.270, Mitsubishi Electric MELSEC iQ-F series FX5UC-32MT/DSS-TS versions prior to 1.270, Mitsubishi Electric MELSEC iQ-F series FX5UC-32MR/DS-TS versions prior to 1.270, Mitsubishi Electric MELSEC iQ-F series FX5UJ-xMy/z(x=24,40,60, y=T,R, z=ES,ESS) versions prior to 1.030, Mitsubishi Electric MELSEC iQ-F series FX5UJ-xMy/ES-A(x=24,40,60, y=T,R) versions prior to 1.031 and Mitsubishi Electric MELSEC iQ-F series FX5S-xMy/z(x=30,40,60,80, y=T,R, z=ES,ESS) version 1.000 allows a remote unauthenticated attacker to cause a DoS condition for the product's program execution or communication by sending specially crafted packets. System reset of the product is required for recovery.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Mitsubishi Electric has provided the following mitigations or workarounds:

- MELSEC iQ-F FX5U-xMy/z x=32,64,80, y=T,R, z=ES,DS,ESS,DSS with Serial number 17X**** or later update to v1.270 or later
- MELSEC iQ-F FX5U-xMy/z x=32,64,80, y=T,R, z=ES, DS, ESS, DSS with serial number 179**** and prior update to v1.073 or later
- MELSEC iQ-F FX5UC-xMy/z x=32,64,96, y=T,R, z=D,DSS with serial number 17X**** or later update to v1.270 or later
- MELSEC iQ-F FX5UC-xMy/z x=32,64,96, y=T,R, z=D,DSS with Serial number 179**** and prior update to v1.073 or later
- MELSEC iQ-F FX5UC-32MT/DS-TS, FX5UC-32MT/DSS-TS, FX5UC-32MR/DS-TS update to v1.270 or later
- MELSEC iQ-F FX5UJ-xMy/z x=24,40,60, y=T,R, z=ES,ESS update to v1.030 or later
- MELSEC iQ-F FX5UJ-xMy/ES-A x=24,40,60, y=T.R please contact a Mitsubishi Electric representative
- MELSEC iQ-F FX5S-xMy/z x-30,40,60,80, y=T.R, z=ES,ESS please contact a Mitsubishi Electric representative

Use a firewall or virtual private network to prevent unauthorized access when Internet access is required.

Use firewalls or an IP filter function to restrict connections to these products and prevent access from untrusted networks or hosts. For details on the IP filter function, refer to 12.1 IP Filter Function in MELSEC iQ-F FX5 User’s Manual (Ethernet Communication).

See Also

http://www.nessus.org/u?73a9e81b

https://jvn.jp/vu/JVNVU95926817/index.html

https://www.cisa.gov/uscert/ics/advisories/icsa-22-139-01

Plugin Details

Severity: High

ID: 500652

Version: 1.5

Type: remote

Family: Tenable.ot

Published: 6/7/2022

Updated: 9/4/2024

Supported Sensors: Tenable OT Security

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 5.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS Score Source: CVE-2022-25161

CVSS v3

Risk Factor: High

Base Score: 8.6

Temporal Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:mitsubishielectric:melsec_iq-fx5u-64mt%2fes_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uj-40mr%2fes-a_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5s-80mr%2fes_firmware:1.000, cpe:/o:mitsubishielectric:melsec_iq-fx5u-32mr%2fes_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uj-24mr%2fes-a_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5u-32mr%2fdss_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5u-32mt%2fds_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uc-32mr%2fds_firmware:1, cpe:/o:mitsubishielectric:melsec_iq-fx5u-32mr%2fess_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5u-80mr%2fds_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uc-32mr%2fds-ts_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5s-60mt%2fess_firmware:1.000, cpe:/o:mitsubishielectric:melsec_iq-fx5u-32mt%2fdss_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uc-64mt%2fdds_firmware:1, cpe:/o:mitsubishielectric:melsec_iq-fx5uj-24mt%2fes-a_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5s-60mr%2fess_firmware:1.000, cpe:/o:mitsubishielectric:melsec_iq-fx5s-80mt%2fess_firmware:1.000, cpe:/o:mitsubishielectric:melsec_iq-fx5uj-24mr%2fess_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5s-60mr%2fes_firmware:1.000, cpe:/o:mitsubishielectric:melsec_iq-fx5s-30mt%2fess_firmware:1.000, cpe:/o:mitsubishielectric:melsec_iq-fx5s-30mr%2fess_firmware:1.000, cpe:/o:mitsubishielectric:melsec_iq-fx5u-64mt%2fdss_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uc-64mr%2fdds_firmware:1, cpe:/o:mitsubishielectric:melsec_iq-fx5uj-24mr%2fes_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uj-24mt%2fes_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uj-60mr%2fess_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5s-30mt%2fes_firmware:1.000, cpe:/o:mitsubishielectric:melsec_iq-fx5uj-60mt%2fes_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uc-64mr%2fds_firmware:1, cpe:/o:mitsubishielectric:melsec_iq-fx5uc-96mr%2fds_firmware:1, cpe:/o:mitsubishielectric:melsec_iq-fx5uc-96mr%2fdds_firmware:1, cpe:/o:mitsubishielectric:melsec_iq-fx5u-80mr%2fess_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5u-32mr%2fds_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5u-80mt%2fdss_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uj-40mt%2fes_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5u-80mt%2fds_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5s-40mt%2fess_firmware:1.000, cpe:/o:mitsubishielectric:melsec_iq-fx5s-40mt%2fes_firmware:1.000, cpe:/o:mitsubishielectric:melsec_iq-fx5u-64mr%2fds_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uj-40mr%2fess_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5s-40mr%2fes_firmware:1.000, cpe:/o:mitsubishielectric:melsec_iq-fx5uc-32mt%2fdss-ts_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uj-40mt%2fess_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uj-60mr%2fes_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5u-64mr%2fess_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5s-40mr%2fess_firmware:1.000, cpe:/o:mitsubishielectric:melsec_iq-fx5uj-40mt%2fes-a_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5u-80mt%2fess_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5u-80mr%2fdss_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uc-96mt%2fdds_firmware:1, cpe:/o:mitsubishielectric:melsec_iq-fx5s-80mr%2fess_firmware:1.000, cpe:/o:mitsubishielectric:melsec_iq-fx5u-64mt%2fds_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uc-32mt%2fdds_firmware:1, cpe:/o:mitsubishielectric:melsec_iq-fx5s-60mt%2fes_firmware:1.000, cpe:/o:mitsubishielectric:melsec_iq-fx5u-32mt%2fess_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5u-64mr%2fdss_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uj-24mt%2fess_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uj-40mr%2fes_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5s-80mt%2fes_firmware:1.000, cpe:/o:mitsubishielectric:melsec_iq-fx5uj-60mt%2fess_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5u-32mt%2fes_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uc-32mr%2fdds_firmware:1, cpe:/o:mitsubishielectric:melsec_iq-fx5uc-64mt%2fds_firmware:1, cpe:/o:mitsubishielectric:melsec_iq-fx5uj-60mr%2fes-a_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uj-60mt%2fes-a_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5s-30mr%2fes_firmware:1.000, cpe:/o:mitsubishielectric:melsec_iq-fx5uc-32mt%2fds-ts_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5uc-96mt%2fds_firmware:1, cpe:/o:mitsubishielectric:melsec_iq-fx5uc-32mt%2fds_firmware:1, cpe:/o:mitsubishielectric:melsec_iq-fx5u-64mr%2fes_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5u-80mr%2fes_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5u-64mt%2fess_firmware, cpe:/o:mitsubishielectric:melsec_iq-fx5u-80mt%2fes_firmware

Required KB Items: Tenable.ot/Mitsubishi

Exploit Ease: No known exploits are available

Patch Publication Date: 5/18/2022

Vulnerability Publication Date: 5/18/2022

Reference Information

CVE: CVE-2022-25161

CWE: 20

ICSA: 22-139-01