Mitsubishi Electric MELSEC iQ-R, iQ-L Series and MELIPC Series Improper Resource Shutdown or Release (CVE-2022-33324)

high Tenable OT Security Plugin ID 500897

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Improper Resource Shutdown or Release vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series R00/01/02CPU Firmware versions 32 and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions 65 and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R08/16/32/120SFCPU Firmware versions 29 and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R08/16/32/120PSFCPU Firmware versions 08 and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R12CCPU-V Firmware versions 17 and prior, Mitsubishi Electric Corporation MELSEC iQ-L Series L04/08/16/32HCPU Firmware versions 05 and prior and Mitsubishi Electric Corporation MELIPC Series MI5122-VW Firmware versions 07 and prior allows a remote unauthenticated attacker to cause a Denial of Service condition in Ethernet communication on the module by sending specially crafted packets. A system reset of the module is required for recovery.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Mitsubishi Electric fixed the following products (and plans future fixes for affected products):

- MELSEC iQ-R Series R00/01/02CPU: Update to firmware versions "33" or later
- MELSEC iQ-R Series R04/08/16/32/120(EN)CPU: Update to firmware versions "66" or later

- MELSEC iQ-R Series R08/16/32/120SFCPU: Update to firmware versions "30" or later

Mitsubishi Electric recommends users take mitigation measures to minimize the risk of exploiting this vulnerability:

- Use a firewall, virtual private network (VPN), or other means to prevent unauthorized access when internet access is required.
- Use the product inside a local area network (LAN) and use firewalls to block access from untrusted networks and hosts.
- Use an IP filter function to block access from untrusted hosts. For details on the remote password function and IP filter function, users can refer to the following manual for each product:
- MELSEC iQ-R Ethernet User’s Manual (Application) 1.13 Security "IP filter."
- MELSEC iQ-L CPU module User’s Manual (Application) 24.1 "IP filter Function."
- MELSEC iQ-R C Controller Module User's Manual (Application) 6.6 Security Function "IP filter."
- MELIPC MI5000 Series User's Manual (Application) "11.3 IP Filter Function."

For specific update instructions and additional details, see the Mitsubishi Electric advisory.

See Also

https://www.cisa.gov/uscert/ics/advisories/icsa-22-356-03

http://www.nessus.org/u?88cf0962

https://jvn.jp/vu/JVNVU96883262

Plugin Details

Severity: High

ID: 500897

Version: 1.19

Type: remote

Family: Tenable.ot

Published: 3/23/2023

Updated: 9/6/2024

Supported Sensors: Tenable OT Security

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 5.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS Score Source: CVE-2022-33324

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:mitsubishi:melsec_iq-r_r00_cpu_firmware

Required KB Items: Tenable.ot/Mitsubishi

Exploit Ease: No known exploits are available

Patch Publication Date: 12/23/2022

Vulnerability Publication Date: 12/23/2022

Reference Information

CVE: CVE-2022-33324

CWE: 404

ICSA: 22-356-03