Strix
26.1K

CVE-2022-24946

HIGHCVSS 7.5/10EPSS 1.54%

Last modified

CVE-2022-24946 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. Improper Resource Locking vulnerability in Mitsubishi Electric MELSEC iQ-R Series R12CCPU-V firmware versions "16" and prior, Mitsubishi Electric MELSEC-Q Series Q03UDECPU the first 5 digits of serial No. "24061" and prior, Mitsubishi Electric MELSEC-Q Series Q04/06/10/13/20/26/50/100UDEHCPU the first 5 digits of serial No. EPSS estimates a 1.54% chance of exploitation in the next 30 days.

Description

Improper Resource Locking vulnerability in Mitsubishi Electric MELSEC iQ-R Series R12CCPU-V firmware versions "16" and prior, Mitsubishi Electric MELSEC-Q Series Q03UDECPU the first 5 digits of serial No. "24061" and prior, Mitsubishi Electric MELSEC-Q Series Q04/06/10/13/20/26/50/100UDEHCPU the first 5 digits of serial No. "24061" and prior, Mitsubishi Electric MELSEC-Q Series Q03/04/06/13/26UDVCPU the first 5 digits of serial number "24051" and prior, Mitsubishi Electric MELSEC-Q Series Q04/06/13/26UDPVCPU the first 5 digits of serial number "24051" and prior, Mitsubishi Electric MELSEC-Q Series Q12DCCPU-V all versions, Mitsubishi Electric MELSEC-Q Series Q24DHCCPU-V(G) all versions, Mitsubishi Electric MELSEC-Q Series Q24/26DHCCPU-LS all versions, Mitsubishi Electric MELSEC-L series L02/06/26CPU(-P) the first 5 digits of serial number "24051" and prior, Mitsubishi Electric MELSEC-L series L26CPU-(P)BT the first 5 digits of serial number "24051" and prior and Mitsubishi Electric MELIPC Series MI5122-VW firmware versions "05" and prior allows a remote unauthenticated attacker to cause a denial of service (DoS) condition in Ethernet communications by sending specially crafted packets. A system reset of the products is required for recovery.

Metrics

CVSS 3.1
7.5/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Probability
1.54%

71.8th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
MitsubishielectricQ03udecpu FirmwareAll versions
MitsubishielectricQ04udehcpu FirmwareAll versions
MitsubishielectricQ04udpvcpu FirmwareAll versions
MitsubishielectricQ04udvcpu FirmwareAll versions
MitsubishielectricQ100udehcpu FirmwareAll versions
MitsubishielectricQ50udehcpu FirmwareAll versions
MitsubishielectricQ26dhccpu-Ls FirmwareAll versions
MitsubishielectricQ26udehcpu FirmwareAll versions
MitsubishielectricQ26udpvcpu FirmwareAll versions
MitsubishielectricQ26udvcpu FirmwareAll versions
MitsubishielectricQ20udehcpu FirmwareAll versions
MitsubishielectricQ13udehcpu FirmwareAll versions
MitsubishielectricQ13udpvcpu FirmwareAll versions
MitsubishielectricQ13udvcpu FirmwareAll versions
MitsubishielectricQ10udehcpu FirmwareAll versions
MitsubishielectricQ06ccpu-V FirmwareAll versions
MitsubishielectricQ06phcpu FirmwareAll versions
MitsubishielectricQ06udehcpu FirmwareAll versions
MitsubishielectricQ06udpvcpu FirmwareAll versions
MitsubishielectricQ06udvcpu FirmwareAll versions
MitsubishielectricL02cpu FirmwareAll versions
MitsubishielectricL02cpu-P FirmwareAll versions
MitsubishielectricL02scpu FirmwareAll versions
MitsubishielectricL02scpu-P FirmwareAll versions
MitsubishielectricL06cpu FirmwareAll versions
MitsubishielectricL06cpu-P FirmwareAll versions
MitsubishielectricL26cpu FirmwareAll versions
MitsubishielectricL26cpu-\(P\)Bt FirmwareAll versions
MitsubishielectricL26cpu-Bt FirmwareAll versions
MitsubishielectricL26cpu-Bt-Cm FirmwareAll versions
MitsubishielectricL26cpu-P FirmwareAll versions
MitsubishielectricL26cpu-Pbt FirmwareAll versions

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2022-24946?
Improper Resource Locking vulnerability in Mitsubishi Electric MELSEC iQ-R Series R12CCPU-V firmware versions "16" and prior, Mitsubishi Electric MELSEC-Q Series Q03UDECPU the first 5 digits of serial No. "24061" and prior, Mitsubishi Electric MELSEC-Q Series Q04/06/10/13/20/26/50/100UDEHCPU the first 5 digits of serial No. "24061" and prior, Mitsubishi Electric MELSEC-Q Series Q03/04/06/13/26UDVCPU the first 5 digits of serial number "24051" and prior, Mitsubishi Electric MELSEC-Q Series Q04/06/13/26UDPVCPU the first 5 digits of serial number "24051" and prior, Mitsubishi Electric MELSEC-Q Series Q12DCCPU-V all versions, Mitsubishi Electric MELSEC-Q Series Q24DHCCPU-V(G) all versions, Mitsubishi Electric MELSEC-Q Series Q24/26DHCCPU-LS all versions, Mitsubishi Electric MELSEC-L series L02/06/26CPU(-P) the first 5 digits of serial number "24051" and prior, Mitsubishi Electric MELSEC-L series L26CPU-(P)BT the first 5 digits of serial number "24051" and prior and Mitsubishi Electric MELIPC Series MI5122-VW firmware versions "05" and prior allows a remote unauthenticated attacker to cause a denial of service (DoS) condition in Ethernet communications by sending specially crafted packets. A system reset of the products is required for recovery.
How severe is CVE-2022-24946?
CVE-2022-24946 has a CVSS score of 7.5/10 (HIGH severity). The EPSS model estimates a 1.54% probability of exploitation in the next 30 days.
How do I fix CVE-2022-24946?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2022-24946?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST