Detections
Analytics

Mitsubishi Electric MELSEC iQ-R Series Improper Input Validation (CVE-2022-40265)

high Tenable OT Security Plugin ID 500712

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Improper Input Validation vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series RJ71EN71 Firmware version 65 and prior and Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120ENCPU Network Part Firmware version 65 and prior allows a remote unauthenticated attacker to cause a Denial of Service condition by sending specially crafted packets. A system reset is required for recovery.

 - Improper Input Validation vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series RJ71EN71 Firmware version 65 and prior and Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120ENCPU Network Part Firmware version 65 and prior allows a remote unauthenticated attacker to cause a Denial of Service condition by sending specially crafted packets. A system reset is required for recovery. (CVE-2022-40265)

This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Mitsubishi Electric has fixed the vulnerability in the following MELSEC iQ-R Series products:

- RJ71EN71: Update firmware version to “66” or later.
- R04/08/16/32/120ENCPU: Update network part firmware version to “66” or later.

Users should refer to the following product manual for instructions to update firmware:

- MELSEC iQ-R Module Configuration Manual “Firmware Update Function.”

Mitsubishi Electric recommends users take the following mitigation measures to minimize the risk of an unauthenticated user exploiting this vulnerability:

- Use a firewall, virtual private network (VPN), etc. to prevent unauthorized access when internet access is required.
- Use the product within a local area network (LAN)
- Block access from untrusted networks and hosts through firewalls.
- Use the IP filter function to restrict the accessible IP addresses.

Note: For using the IP filter function, users should see MELSEC iQ-R Ethernet User’s Manual (Application) Security “IP filter”

Users can refer to the Mitsubishi Electric advisory for further details.

See Also

https://jvn.jp/vu/JVNVU94702422

https://www.cisa.gov/news-events/ics-advisories/icsa-22-335-01

http://www.nessus.org/u?b586e1ff

Plugin Details

Severity: High

ID: 500712

Version: 1.9

Type: remote

Family: Tenable.ot

Published: 12/6/2022

Updated: 9/4/2024

Supported Sensors: Tenable OT Security

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 5.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS Score Source: CVE-2022-40265

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:mitsubishielectric:r32encpu_firmware, cpe:/o:mitsubishielectric:r04encpu_firmware, cpe:/o:mitsubishielectric:rj71en71_firmware, cpe:/o:mitsubishielectric:r120encpu_firmware, cpe:/o:mitsubishielectric:r16encpu_firmware, cpe:/o:mitsubishielectric:r08encpu_firmware

Required KB Items: Tenable.ot/Mitsubishi

Exploit Ease: No known exploits are available

Patch Publication Date: 11/30/2022

Vulnerability Publication Date: 11/30/2022

Reference Information

CVE: CVE-2022-40265

CWE: 20

ICSA: 22-335-01