cvelistv5 - CVE-2022-40265

CVE-2022-40265 (GCVE-0-2022-40265)

Vulnerability from cvelistv5 – Published: 2022-11-30 00:04 – Updated: 2025-04-24 18:45

Summary

Severity ?

8.6 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

CWE

CWE-20 - Improper Input Validation

Assigner

Mitsubishi

References

URL

Tags

	https://www.mitsubishielectric.com/en/psirt/vulne…
	https://jvn.jp/vu/JVNVU94702422

Impacted products

Vendor

Product

Version

Mitsubishi Electric Corporation

MELSEC iQ-R Series RJ71EN71

Affected: Firmware version "65" and prior

Mitsubishi Electric Corporation

MELSEC iQ-R Series R04/08/16/32/120ENCPU

Affected: Network Part Firmware version "65" and prior

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T12:14:40.016Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-017_en.pdf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://jvn.jp/vu/JVNVU94702422"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-40265",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-24T18:44:56.498040Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-24T18:45:03.895Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "MELSEC iQ-R Series RJ71EN71",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Firmware version \"65\" and prior"
            }
          ]
        },
        {
          "product": "MELSEC iQ-R Series R04/08/16/32/120ENCPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Network Part Firmware version \"65\" and prior"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Improper Input Validation vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series RJ71EN71 Firmware version \"65\" and prior and Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120ENCPU Network Part Firmware version \"65\" and prior allows a remote unauthenticated attacker to cause a Denial of Service condition by sending specially crafted packets. A system reset is required for recovery."
            }
          ],
          "value": "Improper Input Validation vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series RJ71EN71 Firmware version \"65\" and prior and Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120ENCPU Network Part Firmware version \"65\" and prior allows a remote unauthenticated attacker to cause a Denial of Service condition by sending specially crafted packets. A system reset is required for recovery."
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "Denial of Service"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-11-30T00:04:43.069Z",
        "orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
        "shortName": "Mitsubishi"
      },
      "references": [
        {
          "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-017_en.pdf"
        },
        {
          "url": "https://jvn.jp/vu/JVNVU94702422"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Denial of Service (DoS) Vulnerability in MELSEC iQ-R Series Ethernet Interface Module",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
    "assignerShortName": "Mitsubishi",
    "cveId": "CVE-2022-40265",
    "datePublished": "2022-11-30T00:04:43.069Z",
    "dateReserved": "2022-09-08T19:40:16.931Z",
    "dateUpdated": "2025-04-24T18:45:03.895Z",
    "requesterUserId": "520cc88b-a1c8-44f6-9154-21a4d74c769f",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:mitsubishielectric:rj71en71_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"65\", \"matchCriteriaId\": \"5DA6E8D4-26B3-44EA-94EE-D2ABD0E34D5F\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:mitsubishielectric:rj71en71:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8BD2CE10-A6DB-4642-8FA8-DD1AFA726EC7\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:mitsubishielectric:r04encpu_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"65\", \"matchCriteriaId\": \"71105F2E-5D80-484B-AE91-964EE6BB00B7\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:mitsubishielectric:r04encpu:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C5862905-F77D-4DEE-88A8-59893362936F\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:mitsubishielectric:r08encpu_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"65\", \"matchCriteriaId\": \"882C402E-D0A4-46F9-B983-B86EBCB24E19\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:mitsubishielectric:r08encpu:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6B85DAD9-7F5B-4740-94A3-94835D82CE3C\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:mitsubishielectric:r16encpu_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"65\", \"matchCriteriaId\": \"054189D9-B6C3-487F-9FA4-97E2D69C69DD\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:mitsubishielectric:r16encpu:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"81F7DE17-AA44-4E78-B07B-3D9F641DF445\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:mitsubishielectric:r32encpu_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"65\", \"matchCriteriaId\": \"417F4AD4-8FF6-4804-A453-0BA857B68BED\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:mitsubishielectric:r32encpu:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9546A301-8039-4D42-B1A2-AAF6C3C17203\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:mitsubishielectric:r120encpu_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"65\", \"matchCriteriaId\": \"AF292C53-458C-4DE7-916C-ABD395EBF32B\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:mitsubishielectric:r120encpu:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"411C7828-D7C7-4B42-82E3-CAC21C15951C\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Improper Input Validation vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series RJ71EN71 Firmware version \\\"65\\\" and prior and Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120ENCPU Network Part Firmware version \\\"65\\\" and prior allows a remote unauthenticated attacker to cause a Denial of Service condition by sending specially crafted packets. A system reset is required for recovery.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad de Validaci\\u00f3n de Entrada Incorrecta en Mitsubishi Electric Corporation MELSEC iQ-R Series RJ71EN71 Versi\\u00f3n de firmware \\\"65\\\" y anteriores y Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120ENCPU Network Part Firmware versi\\u00f3n \\\"65\\\" y anteriores permite una un atacante remoto no autenticado provoque una condici\\u00f3n de Denegaci\\u00f3n de Servicio mediante el env\\u00edo de paquetes especialmente manipulados. Es necesario reiniciar el sistema para la recuperaci\\u00f3n.\"}]",
      "id": "CVE-2022-40265",
      "lastModified": "2024-11-21T07:21:09.477",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H\", \"baseScore\": 8.6, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 4.0}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}]}",
      "published": "2022-11-30T01:15:09.873",
      "references": "[{\"url\": \"https://jvn.jp/vu/JVNVU94702422\", \"source\": \"Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-017_en.pdf\", \"source\": \"Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://jvn.jp/vu/JVNVU94702422\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-017_en.pdf\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-40265\",\"sourceIdentifier\":\"Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp\",\"published\":\"2022-11-30T01:15:09.873\",\"lastModified\":\"2024-11-21T07:21:09.477\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Improper Input Validation vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series RJ71EN71 Firmware version \\\"65\\\" and prior and Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120ENCPU Network Part Firmware version \\\"65\\\" and prior allows a remote unauthenticated attacker to cause a Denial of Service condition by sending specially crafted packets. A system reset is required for recovery.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de Validaci\u00f3n de Entrada Incorrecta en Mitsubishi Electric Corporation MELSEC iQ-R Series RJ71EN71 Versi\u00f3n de firmware \\\"65\\\" y anteriores y Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120ENCPU Network Part Firmware versi\u00f3n \\\"65\\\" y anteriores permite una un atacante remoto no autenticado provoque una condici\u00f3n de Denegaci\u00f3n de Servicio mediante el env\u00edo de paquetes especialmente manipulados. Es necesario reiniciar el sistema para la recuperaci\u00f3n.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H\",\"baseScore\":8.6,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":4.0},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:mitsubishielectric:rj71en71_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"65\",\"matchCriteriaId\":\"5DA6E8D4-26B3-44EA-94EE-D2ABD0E34D5F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mitsubishielectric:rj71en71:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8BD2CE10-A6DB-4642-8FA8-DD1AFA726EC7\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:mitsubishielectric:r04encpu_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"65\",\"matchCriteriaId\":\"71105F2E-5D80-484B-AE91-964EE6BB00B7\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mitsubishielectric:r04encpu:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C5862905-F77D-4DEE-88A8-59893362936F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:mitsubishielectric:r08encpu_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"65\",\"matchCriteriaId\":\"882C402E-D0A4-46F9-B983-B86EBCB24E19\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mitsubishielectric:r08encpu:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6B85DAD9-7F5B-4740-94A3-94835D82CE3C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:mitsubishielectric:r16encpu_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"65\",\"matchCriteriaId\":\"054189D9-B6C3-487F-9FA4-97E2D69C69DD\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mitsubishielectric:r16encpu:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"81F7DE17-AA44-4E78-B07B-3D9F641DF445\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:mitsubishielectric:r32encpu_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"65\",\"matchCriteriaId\":\"417F4AD4-8FF6-4804-A453-0BA857B68BED\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mitsubishielectric:r32encpu:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9546A301-8039-4D42-B1A2-AAF6C3C17203\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:mitsubishielectric:r120encpu_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"65\",\"matchCriteriaId\":\"AF292C53-458C-4DE7-916C-ABD395EBF32B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mitsubishielectric:r120encpu:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"411C7828-D7C7-4B42-82E3-CAC21C15951C\"}]}]}],\"references\":[{\"url\":\"https://jvn.jp/vu/JVNVU94702422\",\"source\":\"Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-017_en.pdf\",\"source\":\"Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://jvn.jp/vu/JVNVU94702422\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-017_en.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-017_en.pdf\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://jvn.jp/vu/JVNVU94702422\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T12:14:40.016Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-40265\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-24T18:44:56.498040Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-04-24T18:45:00.486Z\"}}], \"cna\": {\"title\": \"Denial of Service (DoS) Vulnerability in MELSEC iQ-R Series Ethernet Interface Module\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"impacts\": [{\"descriptions\": [{\"lang\": \"en\", \"value\": \"Denial of Service\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 8.6, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Mitsubishi Electric Corporation\", \"product\": \"MELSEC iQ-R Series RJ71EN71\", \"versions\": [{\"status\": \"affected\", \"version\": \"Firmware version \\\"65\\\" and prior\"}]}, {\"vendor\": \"Mitsubishi Electric Corporation\", \"product\": \"MELSEC iQ-R Series R04/08/16/32/120ENCPU\", \"versions\": [{\"status\": \"affected\", \"version\": \"Network Part Firmware version \\\"65\\\" and prior\"}]}], \"references\": [{\"url\": \"https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-017_en.pdf\"}, {\"url\": \"https://jvn.jp/vu/JVNVU94702422\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Improper Input Validation vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series RJ71EN71 Firmware version \\\"65\\\" and prior and Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120ENCPU Network Part Firmware version \\\"65\\\" and prior allows a remote unauthenticated attacker to cause a Denial of Service condition by sending specially crafted packets. A system reset is required for recovery.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Improper Input Validation vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series RJ71EN71 Firmware version \\\"65\\\" and prior and Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120ENCPU Network Part Firmware version \\\"65\\\" and prior allows a remote unauthenticated attacker to cause a Denial of Service condition by sending specially crafted packets. A system reset is required for recovery.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-20\", \"description\": \"CWE-20 Improper Input Validation\"}]}], \"providerMetadata\": {\"orgId\": \"e0f77b61-78fd-4786-b3fb-1ee347a748ad\", \"shortName\": \"Mitsubishi\", \"dateUpdated\": \"2022-11-30T00:04:43.069Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2022-40265\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-04-24T18:45:03.895Z\", \"dateReserved\": \"2022-09-08T19:40:16.931Z\", \"assignerOrgId\": \"e0f77b61-78fd-4786-b3fb-1ee347a748ad\", \"datePublished\": \"2022-11-30T00:04:43.069Z\", \"requesterUserId\": \"520cc88b-a1c8-44f6-9154-21a4d74c769f\", \"assignerShortName\": \"Mitsubishi\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

VAR-202211-1878

Vulnerability from variot - Updated: 2023-12-18 12:15

Improper Input Validation vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series RJ71EN71 Firmware version "65" and prior and Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120ENCPU Network Part Firmware version "65" and prior allows a remote unauthenticated attacker to cause a Denial of Service condition by sending specially crafted packets. A system reset is required for recovery. This vulnerability information is provided by the developer for the purpose of dissemination to product users. JPCERT/CC Report to JPCERT/CC Coordinated with the developer.If the product receives a specially crafted packet by a remote third party, the product will cause a denial of service. (DoS) may become a state

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202211-1878",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "r04encpu",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "mitsubishielectric",
        "version": "65"
      },
      {
        "model": "r120encpu",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "mitsubishielectric",
        "version": "65"
      },
      {
        "model": "r16encpu",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "mitsubishielectric",
        "version": "65"
      },
      {
        "model": "r08encpu",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "mitsubishielectric",
        "version": "65"
      },
      {
        "model": "rj71en71",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "mitsubishielectric",
        "version": "65"
      },
      {
        "model": "r32encpu",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "mitsubishielectric",
        "version": "65"
      },
      {
        "model": "melsec iq-r \u30b7\u30ea\u30fc\u30ba",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u4e09\u83f1\u96fb\u6a5f",
        "version": null
      },
      {
        "model": "melsec iq-r \u30b7\u30ea\u30fc\u30ba",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "\u4e09\u83f1\u96fb\u6a5f",
        "version": "melsec iq-r  series  r04/08/16/32/120encpu ( network department )  firmware    \"65\"  and earlier"
      },
      {
        "model": "melsec iq-r \u30b7\u30ea\u30fc\u30ba",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "\u4e09\u83f1\u96fb\u6a5f",
        "version": "melsec iq-r  series  rj71en71  firmware    \"65\"  and earlier"
      },
      {
        "model": "melsec iq-r04",
        "scope": "lte",
        "trust": 0.6,
        "vendor": "mitsubishi electric",
        "version": "\u003c=65"
      },
      {
        "model": "melsec iq-r08",
        "scope": "lte",
        "trust": 0.6,
        "vendor": "mitsubishi electric",
        "version": "\u003c=65"
      },
      {
        "model": "melsec iq-r16",
        "scope": "lte",
        "trust": 0.6,
        "vendor": "mitsubishi electric",
        "version": "\u003c=65"
      },
      {
        "model": "melsec iq-r32",
        "scope": "lte",
        "trust": 0.6,
        "vendor": "mitsubishi electric",
        "version": "\u003c=65"
      },
      {
        "model": "melsec iq-r120encpu",
        "scope": "lte",
        "trust": 0.6,
        "vendor": "mitsubishi electric",
        "version": "\u003c=65"
      },
      {
        "model": "melsec iq-rj71en71",
        "scope": "lte",
        "trust": 0.6,
        "vendor": "mitsubishi electric",
        "version": "\u003c=65"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-85487"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-002767"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-40265"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:mitsubishielectric:rj71en71_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "65",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:mitsubishielectric:rj71en71:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:mitsubishielectric:r04encpu_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "65",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:mitsubishielectric:r04encpu:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:mitsubishielectric:r08encpu_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "65",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:mitsubishielectric:r08encpu:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:mitsubishielectric:r16encpu_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "65",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:mitsubishielectric:r16encpu:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:mitsubishielectric:r32encpu_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "65",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:mitsubishielectric:r32encpu:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:mitsubishielectric:r120encpu_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "65",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:mitsubishielectric:r120encpu:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-40265"
      }
    ]
  },
  "cve": "CVE-2022-40265",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2022-85487",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
            "availabilityImpact": "HIGH",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "impactScore": 4.0,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "OTHER",
            "availabilityImpact": "High",
            "baseScore": 8.6,
            "baseSeverity": "High",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "JVNDB-2022-002767",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Changed",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2022-40265",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
            "id": "CVE-2022-40265",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "OTHER",
            "id": "JVNDB-2022-002767",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2022-85487",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202211-3700",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-85487"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-002767"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-40265"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-40265"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202211-3700"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Improper Input Validation vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series RJ71EN71 Firmware version \"65\" and prior and Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120ENCPU Network Part Firmware version \"65\" and prior allows a remote unauthenticated attacker to cause a Denial of Service condition by sending specially crafted packets. A system reset is required for recovery. This vulnerability information is provided by the developer for the purpose of dissemination to product users. JPCERT/CC Report to JPCERT/CC Coordinated with the developer.If the product receives a specially crafted packet by a remote third party, the product will cause a denial of service. (DoS) may become a state",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-40265"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-002767"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2022-85487"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-40265"
      }
    ],
    "trust": 2.25
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2022-40265",
        "trust": 3.9
      },
      {
        "db": "JVN",
        "id": "JVNVU94702422",
        "trust": 3.1
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-22-335-01",
        "trust": 0.9
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-002767",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2022-85487",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.6281",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202211-3700",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-40265",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-85487"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-40265"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-002767"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-40265"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202211-3700"
      }
    ]
  },
  "id": "VAR-202211-1878",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-85487"
      }
    ],
    "trust": 1.5166666666666666
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-85487"
      }
    ]
  },
  "last_update_date": "2023-12-18T12:15:11.339000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "MELSEC\u00a0iQ-R\u00a0 series \u00a0Ethernet\u00a0 Denial of Service on Interface Units (DoS) Vulnerability",
        "trust": 0.8,
        "url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2022-017.pdf"
      },
      {
        "title": "Patch for Mitsubishi Electric Corporation MELSEC iQ-R Series Input Validation Error Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/365051"
      },
      {
        "title": "Mitsubishi Electric MELSEC iQ-R series Enter the fix for the verification error vulnerability",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=216560"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-85487"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-002767"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202211-3700"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-20",
        "trust": 1.0
      },
      {
        "problemtype": "Inappropriate input confirmation (CWE-20) [ others ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-002767"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-40265"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.3,
        "url": "https://jvn.jp/vu/jvnvu94702422"
      },
      {
        "trust": 1.7,
        "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-017_en.pdf"
      },
      {
        "trust": 0.9,
        "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-335-01"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu94702422/index.html"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-40265"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.6281"
      },
      {
        "trust": 0.6,
        "url": "https://cxsecurity.com/cveshow/cve-2022-40265/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-85487"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-40265"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-002767"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-40265"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202211-3700"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-85487"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-40265"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-002767"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-40265"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202211-3700"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-12-07T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2022-85487"
      },
      {
        "date": "2022-11-30T00:00:00",
        "db": "VULMON",
        "id": "CVE-2022-40265"
      },
      {
        "date": "2022-11-30T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-002767"
      },
      {
        "date": "2022-11-30T01:15:09.873000",
        "db": "NVD",
        "id": "CVE-2022-40265"
      },
      {
        "date": "2022-11-30T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202211-3700"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-12-07T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2022-85487"
      },
      {
        "date": "2022-11-30T00:00:00",
        "db": "VULMON",
        "id": "CVE-2022-40265"
      },
      {
        "date": "2022-12-16T01:17:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-002767"
      },
      {
        "date": "2022-12-06T19:36:10.460000",
        "db": "NVD",
        "id": "CVE-2022-40265"
      },
      {
        "date": "2022-12-07T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202211-3700"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202211-3700"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Made by Mitsubishi Electric \u00a0MELSEC\u00a0iQ-R\u00a0 series \u00a0Ethernet\u00a0 Improper Input Validation Vulnerability in Interface Unit",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-002767"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "input validation error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202211-3700"
      }
    ],
    "trust": 0.6
  }
}

ICSA-22-335-01

Vulnerability from csaf_cisa - Published: 2022-12-01 00:00 - Updated: 2022-12-01 00:00

Summary

Mitsubishi Electric MELSEC iQ-R Series

Notes

CISA Disclaimer

This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov

Legal Notice

All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.

Risk evaluation

Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to cause a denial-of-service condition on a target product by sending specially crafted packets.

Critical infrastructure sectors

Critical Manufacturing

Countries/areas deployed

Worldwide

Company headquarters location

Japan

Recommended Practices

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:

Recommended Practices

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

Recommended Practices

CISA also provides a section for control systems security recommended practices on the ICS webpage at cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Recommended Practices

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

Recommended Practices

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.

Exploitability

No known public exploits specifically target this vulnerability.

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "organization": "Mitsubishi Electric",
        "summary": "reporting this vulnerability to CISA"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://us-cert.cisa.gov/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
        "title": "CISA Disclaimer"
      },
      {
        "category": "legal_disclaimer",
        "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
        "title": "Legal Notice"
      },
      {
        "category": "summary",
        "text": "Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to cause a denial-of-service condition on a target product by sending specially crafted packets.",
        "title": "Risk evaluation"
      },
      {
        "category": "other",
        "text": "Critical Manufacturing",
        "title": "Critical infrastructure sectors"
      },
      {
        "category": "other",
        "text": "Worldwide",
        "title": "Countries/areas deployed"
      },
      {
        "category": "other",
        "text": "Japan",
        "title": "Company headquarters location"
      },
      {
        "category": "general",
        "text": "CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA also provides a section for control systems security recommended practices on the ICS webpage at cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "other",
        "text": "No known public exploits specifically target this vulnerability.",
        "title": "Exploitability"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-22-335-01 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2022/icsa-22-335-01.json"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-22-335-01 Web Version",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-335-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-335-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
      }
    ],
    "title": "Mitsubishi Electric MELSEC iQ-R Series",
    "tracking": {
      "current_release_date": "2022-12-01T00:00:00.000000Z",
      "generator": {
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.0.0"
        }
      },
      "id": "ICSA-22-335-01",
      "initial_release_date": "2022-12-01T00:00:00.000000Z",
      "revision_history": [
        {
          "date": "2022-12-01T00:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "Publication Date"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c= 65 ",
                "product": {
                  "name": "MELSEC iQ-R Series - RJ71EN71: Firmware version 65 and prior",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "MELSEC iQ-R RJ71EN71"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c= 65 ",
                "product": {
                  "name": "MELSEC iQ-R Series - R04/08/16/32/120ENCPU: Network part firmware version 65 and prior",
                  "product_id": "CSAFPID-0002"
                }
              }
            ],
            "category": "product_name",
            "name": "MELSEC iQ-R  R04/08/16/32/120ENCPU"
          }
        ],
        "category": "vendor",
        "name": "Mitsubishi Electric"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-40265",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "MELSEC iQ-R Series RJ71EN71 products with firmware versions prior to 65 and R04/08/16/32/120ENCPU products with Network firmware versions prior to 65 are vulnerable to improper input validation. A remote unauthenticated user could cause a denial-of-service condition on a target product by sending specially crafted packets. A system reset is required to recover from a denial-of-service condition.CVE-2022-40265 has been assigned to this vulnerability. A CVSS v3 base score of 8.6 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-40265"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "Mitsubishi Electric has fixed the vulnerability: RJ71EN71: Update firmware version to \u201c66\u201d or later. R04/08/16/32/120ENCPU: Update network part firmware version to \u201c66\u201d or later.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ]
        },
        {
          "category": "mitigation",
          "details": "Users should refer to the following product manual for instructions to update firmware",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ]
        },
        {
          "category": "mitigation",
          "details": "MELSEC iQ-R Module Configuration Manual \u201cFirmware Update Function.\u201d",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ],
          "url": "https://www.mitsubishielectric.com/fa/download/index.html"
        },
        {
          "category": "mitigation",
          "details": "Use a firewall, virtual private network (VPN), etc. to prevent unauthorized access when internet access is required.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ]
        },
        {
          "category": "mitigation",
          "details": "Use the product within a local area network (LAN)",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ]
        },
        {
          "category": "mitigation",
          "details": "Block access from untrusted networks and hosts through firewalls.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ]
        },
        {
          "category": "mitigation",
          "details": "Use the IP filter function to restrict the accessible IP addresses.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ]
        },
        {
          "category": "mitigation",
          "details": "Note: For using the IP filter function, users should see MELSEC iQ-R Ethernet User\u0027s Manual (Application) Security \u201cIP filter\u201d",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ]
        },
        {
          "category": "mitigation",
          "details": "Users can refer to the Mitsubishi Electric advisory for further details.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ],
          "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-017_en.pdf"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ]
        }
      ]
    }
  ]
}

GHSA-VGCX-CP27-7F7H

Vulnerability from github – Published: 2022-11-30 03:30 – Updated: 2022-12-06 21:30

Details

Severity ?

7.5 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2022-40265"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-11-30T01:15:00Z",
    "severity": "HIGH"
  },
  "details": "Improper Input Validation vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series RJ71EN71 Firmware version \"65\" and prior and Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120ENCPU Network Part Firmware version \"65\" and prior allows a remote unauthenticated attacker to cause a Denial of Service condition by sending specially crafted packets. A system reset is required for recovery.",
  "id": "GHSA-vgcx-cp27-7f7h",
  "modified": "2022-12-06T21:30:46Z",
  "published": "2022-11-30T03:30:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40265"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/vu/JVNVU94702422"
    },
    {
      "type": "WEB",
      "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-017_en.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2022-40265

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2022-40265

Aliases

CVE-2022-40265

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2022-40265",
    "id": "GSD-2022-40265"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-40265"
      ],
      "details": "Improper Input Validation vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series RJ71EN71 Firmware version \"65\" and prior and Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120ENCPU Network Part Firmware version \"65\" and prior allows a remote unauthenticated attacker to cause a Denial of Service condition by sending specially crafted packets. A system reset is required for recovery.",
      "id": "GSD-2022-40265",
      "modified": "2023-12-13T01:19:30.431245Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
        "ID": "CVE-2022-40265",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "MELSEC iQ-R Series RJ71EN71",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "Firmware version \"65\" and prior"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "MELSEC iQ-R Series R04/08/16/32/120ENCPU",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "Network Part Firmware version \"65\" and prior"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Mitsubishi Electric Corporation"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Improper Input Validation vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series RJ71EN71 Firmware version \"65\" and prior and Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120ENCPU Network Part Firmware version \"65\" and prior allows a remote unauthenticated attacker to cause a Denial of Service condition by sending specially crafted packets. A system reset is required for recovery."
          }
        ]
      },
      "generator": {
        "engine": "Vulnogram 0.1.0-dev"
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-20",
                "lang": "eng",
                "value": "CWE-20 Improper Input Validation"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-017_en.pdf",
            "refsource": "MISC",
            "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-017_en.pdf"
          },
          {
            "name": "https://jvn.jp/vu/JVNVU94702422",
            "refsource": "MISC",
            "url": "https://jvn.jp/vu/JVNVU94702422"
          }
        ]
      },
      "source": {
        "discovery": "UNKNOWN"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:mitsubishielectric:rj71en71_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "65",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:mitsubishielectric:rj71en71:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:mitsubishielectric:r04encpu_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "65",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:mitsubishielectric:r04encpu:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:mitsubishielectric:r08encpu_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "65",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:mitsubishielectric:r08encpu:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:mitsubishielectric:r16encpu_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "65",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:mitsubishielectric:r16encpu:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:mitsubishielectric:r32encpu_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "65",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:mitsubishielectric:r32encpu:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:mitsubishielectric:r120encpu_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "65",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:mitsubishielectric:r120encpu:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
          "ID": "CVE-2022-40265"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Improper Input Validation vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series RJ71EN71 Firmware version \"65\" and prior and Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120ENCPU Network Part Firmware version \"65\" and prior allows a remote unauthenticated attacker to cause a Denial of Service condition by sending specially crafted packets. A system reset is required for recovery."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://jvn.jp/vu/JVNVU94702422",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://jvn.jp/vu/JVNVU94702422"
            },
            {
              "name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-017_en.pdf",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-017_en.pdf"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2022-12-06T19:36Z",
      "publishedDate": "2022-11-30T01:15Z"
    }
  }
}

CNVD-2022-85487

Vulnerability from cnvd - Published: 2022-12-07

Title

Mitsubishi Electric Corporation MELSEC iQ-R Series输入验证错误漏洞

Description

MELSEC iQ-R series是日本三菱电机公司（Mitsubishi Electric Corporation）研制的一款可编程逻辑控制器。 MELSEC iQ-R Series网络部件固件版本65及之前版本存在输入验证错误漏洞，未经身份验证的远程攻击者可利用漏洞发起拒绝服务攻击。

Severity

高

Patch Name

Mitsubishi Electric Corporation MELSEC iQ-R Series输入验证错误漏洞的补丁

Patch Description

MELSEC iQ-R series是日本三菱电机公司（Mitsubishi Electric Corporation）研制的一款可编程逻辑控制器。 MELSEC iQ-R Series网络部件固件版本65及之前版本存在输入验证错误漏洞，未经身份验证的远程攻击者可利用漏洞发起拒绝服务攻击。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-017_en.pdf

Reference

https://jvn.jp/vu/JVNVU94702422

Impacted products

Name
['Mitsubishi Electric Corporation MELSEC iQ-R04 <=65', 'Mitsubishi Electric Corporation MELSEC iQ-R08 <=65', 'Mitsubishi Electric Corporation MELSEC iQ-R16 <=65', 'Mitsubishi Electric Corporation MELSEC iQ-R32 <=65', 'Mitsubishi Electric Corporation MELSEC iQ-R120ENCPU <=65', 'Mitsubishi Electric Corporation MELSEC iQ-RJ71EN71 <=65']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2022-40265",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2022-40265"
    }
  },
  "description": "MELSEC iQ-R series\u662f\u65e5\u672c\u4e09\u83f1\u7535\u673a\u516c\u53f8\uff08Mitsubishi Electric Corporation\uff09\u7814\u5236\u7684\u4e00\u6b3e\u53ef\u7f16\u7a0b\u903b\u8f91\u63a7\u5236\u5668\u3002\n\nMELSEC iQ-R Series\u7f51\u7edc\u90e8\u4ef6\u56fa\u4ef6\u7248\u672c65\u53ca\u4e4b\u524d\u7248\u672c\u5b58\u5728\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\uff0c\u672a\u7ecf\u8eab\u4efd\u9a8c\u8bc1\u7684\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u53d1\u8d77\u62d2\u7edd\u670d\u52a1\u653b\u51fb\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-017_en.pdf",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2022-85487",
  "openTime": "2022-12-07",
  "patchDescription": "MELSEC iQ-R series\u662f\u65e5\u672c\u4e09\u83f1\u7535\u673a\u516c\u53f8\uff08Mitsubishi Electric Corporation\uff09\u7814\u5236\u7684\u4e00\u6b3e\u53ef\u7f16\u7a0b\u903b\u8f91\u63a7\u5236\u5668\u3002\r\n\r\nMELSEC iQ-R Series\u7f51\u7edc\u90e8\u4ef6\u56fa\u4ef6\u7248\u672c65\u53ca\u4e4b\u524d\u7248\u672c\u5b58\u5728\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\uff0c\u672a\u7ecf\u8eab\u4efd\u9a8c\u8bc1\u7684\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u53d1\u8d77\u62d2\u7edd\u670d\u52a1\u653b\u51fb\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Mitsubishi Electric Corporation MELSEC iQ-R Series\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Mitsubishi Electric Corporation MELSEC iQ-R04 \u003c=65",
      "Mitsubishi Electric Corporation MELSEC iQ-R08 \u003c=65",
      "Mitsubishi Electric Corporation MELSEC iQ-R16 \u003c=65",
      "Mitsubishi Electric Corporation MELSEC iQ-R32 \u003c=65",
      "Mitsubishi Electric Corporation MELSEC iQ-R120ENCPU \u003c=65",
      "Mitsubishi Electric Corporation MELSEC iQ-RJ71EN71 \u003c=65"
    ]
  },
  "referenceLink": "https://jvn.jp/vu/JVNVU94702422",
  "serverity": "\u9ad8",
  "submitTime": "2022-12-04",
  "title": "Mitsubishi Electric Corporation MELSEC iQ-R Series\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e"
}

FKIE_CVE-2022-40265

Vulnerability from fkie_nvd - Published: 2022-11-30 01:15 - Updated: 2024-11-21 07:21

Severity ?

8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

References

URL	Tags
Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp	https://jvn.jp/vu/JVNVU94702422	Third Party Advisory
Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp	https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-017_en.pdf	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://jvn.jp/vu/JVNVU94702422	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-017_en.pdf	Vendor Advisory

Impacted products

Vendor	Product	Version
mitsubishielectric	rj71en71_firmware	*
mitsubishielectric	rj71en71	-
mitsubishielectric	r04encpu_firmware	*
mitsubishielectric	r04encpu	-
mitsubishielectric	r08encpu_firmware	*
mitsubishielectric	r08encpu	-
mitsubishielectric	r16encpu_firmware	*
mitsubishielectric	r16encpu	-
mitsubishielectric	r32encpu_firmware	*
mitsubishielectric	r32encpu	-
mitsubishielectric	r120encpu_firmware	*
mitsubishielectric	r120encpu	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:mitsubishielectric:rj71en71_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DA6E8D4-26B3-44EA-94EE-D2ABD0E34D5F",
              "versionEndIncluding": "65",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:mitsubishielectric:rj71en71:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BD2CE10-A6DB-4642-8FA8-DD1AFA726EC7",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:mitsubishielectric:r04encpu_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "71105F2E-5D80-484B-AE91-964EE6BB00B7",
              "versionEndIncluding": "65",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:mitsubishielectric:r04encpu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5862905-F77D-4DEE-88A8-59893362936F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:mitsubishielectric:r08encpu_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "882C402E-D0A4-46F9-B983-B86EBCB24E19",
              "versionEndIncluding": "65",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:mitsubishielectric:r08encpu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B85DAD9-7F5B-4740-94A3-94835D82CE3C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:mitsubishielectric:r16encpu_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "054189D9-B6C3-487F-9FA4-97E2D69C69DD",
              "versionEndIncluding": "65",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:mitsubishielectric:r16encpu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "81F7DE17-AA44-4E78-B07B-3D9F641DF445",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:mitsubishielectric:r32encpu_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "417F4AD4-8FF6-4804-A453-0BA857B68BED",
              "versionEndIncluding": "65",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:mitsubishielectric:r32encpu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9546A301-8039-4D42-B1A2-AAF6C3C17203",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:mitsubishielectric:r120encpu_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF292C53-458C-4DE7-916C-ABD395EBF32B",
              "versionEndIncluding": "65",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:mitsubishielectric:r120encpu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "411C7828-D7C7-4B42-82E3-CAC21C15951C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Improper Input Validation vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series RJ71EN71 Firmware version \"65\" and prior and Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120ENCPU Network Part Firmware version \"65\" and prior allows a remote unauthenticated attacker to cause a Denial of Service condition by sending specially crafted packets. A system reset is required for recovery."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de Validaci\u00f3n de Entrada Incorrecta en Mitsubishi Electric Corporation MELSEC iQ-R Series RJ71EN71 Versi\u00f3n de firmware \"65\" y anteriores y Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120ENCPU Network Part Firmware versi\u00f3n \"65\" y anteriores permite una un atacante remoto no autenticado provoque una condici\u00f3n de Denegaci\u00f3n de Servicio mediante el env\u00edo de paquetes especialmente manipulados. Es necesario reiniciar el sistema para la recuperaci\u00f3n."
    }
  ],
  "id": "CVE-2022-40265",
  "lastModified": "2024-11-21T07:21:09.477",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.6,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 4.0,
        "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-11-30T01:15:09.873",
  "references": [
    {
      "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://jvn.jp/vu/JVNVU94702422"
    },
    {
      "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-017_en.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://jvn.jp/vu/JVNVU94702422"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-017_en.pdf"
    }
  ],
  "sourceIdentifier": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2022-40265 (GCVE-0-2022-40265)

VAR-202211-1878

ICSA-22-335-01

GHSA-VGCX-CP27-7F7H

GSD-2022-40265

CNVD-2022-85487

FKIE_CVE-2022-40265

Tags

Sightings

Nomenclature