CVE-2022-25161

Name: CVE-2022-25161
Creator: NVD / NIST
Published: 2022-05-18T17:15:08.687+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 8.6/10EPSS 3.68%

Last modified Jun 17, 2026

CVE-2022-25161 is a high-severity vulnerability rated 8.6/10 on the CVSS scale. Improper Input Validation vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U-xMy/z(x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) with serial number 17X**** or later and versions prior to 1.270, Mitsubishi Electric Mitsubishi Electric MELSEC iQ-F series FX5U-xMy/z(x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) with serial number 179**** and prior and versions prior to 1.073, MELSEC iQ-F series FX5UC-xMy/z(x=32,64,96, y=T,R, z=D,DSS) with serial number 17X**** or later and versions prior to 1.270, Mitsubishi Electric MELSEC iQ-F series FX5UC-xMy/z(x=32,64,96, y=T,R, z=D,DSS) with serial number 179**** and prior and versions prior to 1.073, Mitsubishi Electric MELSEC iQ-F series FX5UC-32MT/DS-TS versions prior to 1.270, Mitsubishi Electric MELSEC iQ-F series FX5UC-32MT/DSS-TS versions prior to 1.270, Mitsubishi Electric MELSEC iQ-F series FX5UC-32MR/DS-TS versions prior to 1.270, Mitsubishi Electric MELSEC iQ-F series FX5UJ-xMy/z(x=24,40,60, y=T,R, z=ES,ESS) versions prior to 1.030, Mitsubishi Electric MELSEC iQ-F series FX5UJ-xMy/ES-A(x=24,40,60, y=T,R) versions prior to 1.031 and Mitsubishi Electric MELSEC iQ-F series FX5S-xMy/z(x=30,40,60,80, y=T,R, z=ES,ESS) version 1.000 allows a remote unauthenticated attacker to cause a DoS condition for the product's program execution or communication by sending specially crafted packets. System reset of the product is required for recovery.. EPSS estimates a 3.68% chance of exploitation in the next 30 days.

Description

Improper Input Validation vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U-xMy/z(x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) with serial number 17X**** or later and versions prior to 1.270, Mitsubishi Electric Mitsubishi Electric MELSEC iQ-F series FX5U-xMy/z(x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) with serial number 179**** and prior and versions prior to 1.073, MELSEC iQ-F series FX5UC-xMy/z(x=32,64,96, y=T,R, z=D,DSS) with serial number 17X**** or later and versions prior to 1.270, Mitsubishi Electric MELSEC iQ-F series FX5UC-xMy/z(x=32,64,96, y=T,R, z=D,DSS) with serial number 179**** and prior and versions prior to 1.073, Mitsubishi Electric MELSEC iQ-F series FX5UC-32MT/DS-TS versions prior to 1.270, Mitsubishi Electric MELSEC iQ-F series FX5UC-32MT/DSS-TS versions prior to 1.270, Mitsubishi Electric MELSEC iQ-F series FX5UC-32MR/DS-TS versions prior to 1.270, Mitsubishi Electric MELSEC iQ-F series FX5UJ-xMy/z(x=24,40,60, y=T,R, z=ES,ESS) versions prior to 1.030, Mitsubishi Electric MELSEC iQ-F series FX5UJ-xMy/ES-A(x=24,40,60, y=T,R) versions prior to 1.031 and Mitsubishi Electric MELSEC iQ-F series FX5S-xMy/z(x=30,40,60,80, y=T,R, z=ES,ESS) version 1.000 allows a remote unauthenticated attacker to cause a DoS condition for the product's program execution or communication by sending specially crafted packets. System reset of the product is required for recovery.

Metrics

CVSS 3.1

8.6/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

EPSS Probability

3.68%

88.3th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-20

Affected Software

Vendor	Product	Versions
Mitsubishielectric	Melsec Iq-Fx5u-32mt\/Es Firmware	< 1.270
Mitsubishielectric	Melsec Iq-Fx5u-32mt\/Ds Firmware	< 1.270
Mitsubishielectric	Melsec Iq-Fx5u-32mt\/Ess Firmware	< 1.270
Mitsubishielectric	Melsec Iq-Fx5u-32mt\/Dss Firmware	< 1.270
Mitsubishielectric	Melsec Iq-Fx5u-32mr\/Es Firmware	< 1.270
Mitsubishielectric	Melsec Iq-Fx5u-32mr\/Ds Firmware	< 1.270
Mitsubishielectric	Melsec Iq-Fx5u-32mr\/Ess Firmware	< 1.270
Mitsubishielectric	Melsec Iq-Fx5u-32mr\/Dss Firmware	< 1.270
Mitsubishielectric	Melsec Iq-Fx5u-64mt\/Es Firmware	< 1.270
Mitsubishielectric	Melsec Iq-Fx5u-64mt\/Ds Firmware	< 1.270
Mitsubishielectric	Melsec Iq-Fx5u-64mt\/Ess Firmware	< 1.270
Mitsubishielectric	Melsec Iq-Fx5u-64mt\/Dss Firmware	< 1.270
Mitsubishielectric	Melsec Iq-Fx5u-64mr\/Es Firmware	< 1.270
Mitsubishielectric	Melsec Iq-Fx5u-64mr\/Ds Firmware	< 1.270
Mitsubishielectric	Melsec Iq-Fx5u-64mr\/Ess Firmware	< 1.270
Mitsubishielectric	Melsec Iq-Fx5u-64mr\/Dss Firmware	< 1.270
Mitsubishielectric	Melsec Iq-Fx5u-80mt\/Es Firmware	< 1.270
Mitsubishielectric	Melsec Iq-Fx5u-80mt\/Ds Firmware	< 1.270
Mitsubishielectric	Melsec Iq-Fx5u-80mt\/Ess Firmware	< 1.270
Mitsubishielectric	Melsec Iq-Fx5u-80mt\/Dss Firmware	< 1.270
Mitsubishielectric	Melsec Iq-Fx5u-80mr\/Es Firmware	< 1.270
Mitsubishielectric	Melsec Iq-Fx5u-80mr\/Ds Firmware	< 1.270
Mitsubishielectric	Melsec Iq-Fx5u-80mr\/Ess Firmware	< 1.270
Mitsubishielectric	Melsec Iq-Fx5u-80mr\/Dss Firmware	< 1.270
Mitsubhishielectric	Melsec Iq-Fx5u-32mt\/Es Firmware	< 1.073
Mitsubhishielectric	Melsec Iq-Fx5u-32mt\/Ds Firmware	< 1.073
Mitsubhishielectric	Melsec Iq-Fx5u-32mt\/Ess Firmware	< 1.073
Mitsubhishielectric	Melsec Iq-Fx5u-32mt\/Dss Firmware	< 1.073
Mitsubhishielectric	Melsec Iq-Fx5u-32mr\/Es Firmware	< 1.073
Mitsubhishielectric	Melsec Iq-Fx5u-32mr\/Ds Firmware	< 1.073
Mitsubhishielectric	Melsec Iq-Fx5u-32mr\/Ess Firmware	< 1.073
Mitsubhishielectric	Melsec Iq-Fx5u-32mr\/Dss Firmware	< 1.073
Mitsubhishielectric	Melsec Iq-Fx5u-64mt\/Es Firmware	< 1.073
Mitsubhishielectric	Melsec Iq-Fx5u-64mt\/Ds Firmware	< 1.073
Mitsubhishielectric	Melsec Iq-Fx5u-64mt\/Ess Firmware	< 1.073
Mitsubhishielectric	Melsec Iq-Fx5u-64mt\/Dss Firmware	< 1.073
Mitsubhishielectric	Melsec Iq-Fx5u-64mr\/Es Firmware	< 1.073
Mitsubhishielectric	Melsec Iq-Fx5u-64mr\/Ds Firmware	< 1.073
Mitsubhishielectric	Melsec Iq-Fx5u-64mr\/Ess Firmware	< 1.073
Mitsubhishielectric	Melsec Iq-Fx5u-64mr\/Dss Firmware	< 1.073
Mitsubhishielectric	Melsec Iq-Fx5u-80mt\/Es Firmware	< 1.073
Mitsubhishielectric	Melsec Iq-Fx5u-80mt\/Ds Firmware	< 1.073
Mitsubhishielectric	Melsec Iq-Fx5u-80mt\/Ess Firmware	< 1.073
Mitsubhishielectric	Melsec Iq-Fx5u-80mt\/Dss Firmware	< 1.073
Mitsubhishielectric	Melsec Iq-Fx5u-80mr\/Es Firmware	< 1.073
Mitsubhishielectric	Melsec Iq-Fx5u-80mr\/Ds Firmware	< 1.073
Mitsubhishielectric	Melsec Iq-Fx5u-80mr\/Ess Firmware	< 1.073
Mitsubhishielectric	Melsec Iq-Fx5u-80mr\/Dss Firmware	< 1.073
Mitsubishielectric	Melsec Iq-Fx5uc-32mt\/Dds Firmware	< 1.270
Mitsubishielectric	Melsec Iq-Fx5uc-32mt\/Ds Firmware	< 1.270

Showing 50 of 109 affected configurations. See NVD for the full list.

References

https://jvn.jp/vu/JVNVU95926817/index.htmlThird Party Advisory
https://www.cisa.gov/uscert/ics/advisories/icsa-22-139-01Third Party Advisory, US Government Resource
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-004_en.pdfVendor Advisory
https://jvn.jp/vu/JVNVU95926817/index.htmlThird Party Advisory
https://www.cisa.gov/uscert/ics/advisories/icsa-22-139-01Third Party Advisory, US Government Resource
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-004_en.pdfVendor Advisory

Timeline

Published: May 18, 2022
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2022-25161?

How severe is CVE-2022-25161?

CVE-2022-25161 has a CVSS score of 8.6/10 (HIGH severity). The EPSS model estimates a 3.68% probability of exploitation in the next 30 days.

How do I fix CVE-2022-25161?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2022-25161?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST