Main Vulnerability Database SB2022062222

SB2022062222 - Denial of service in Mitsubishi Electric MELSEC Q and L Series

Published: June 22, 2022

Security Bulletin ID SB2022062222

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Origin validation error (CVE-ID: CVE-2022-24946)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper resource locking. A remote attacker can send a specially crafted packet and cause a denial of service condition on the target system.

Remediation

Install update from vendor's website.

References

Vulnerable Software

MELSEC-Q Q03UDECPU: All versions
MELSEC iQ-Q 04 UDEHCPU: All versions
MELSEC iQ-Q 06 UDEHCPU: All versions
MELSEC iQ-Q 10 UDEHCPU: All versions
MELSEC iQ-Q 13 UDEHCPU: All versions
MELSEC iQ-Q 20 UDEHCPU: All versions
MELSEC iQ-Q 26 UDEHCPU: All versions
MELSEC iQ-Q 50 UDEHCPU: All versions
MELSEC iQ-Q 100 UDEHCPU: All versions
MELSEC iQ-Q 03 UDVCPU: 24051 and previous versions
MELSEC iQ-Q 04 UDVCPU: 24051 and previous versions
MELSEC iQ-Q 06 UDVCPU: 24051 and previous versions
MELSEC iQ-Q 13 UDVCPU: 24051 and previous versions
MELSEC iQ-Q 26 UDVCPU: 24051 and previous versions
MELSEC iQ-Q 04 UDPVCPU: 24051 and previous versions
MELSEC iQ-Q 06 UDPVCPU: 24051 and previous versions
MELSEC iQ-Q 13 UDPVCPU: 24051 and previous versions
MELSEC iQ-Q 26 UDPVCPU: 24051 and previous versions
MELSEC L Series L26CPU-(P)BT: 24051 and previous versions
MELSEC L Series L26CPU(-P): 24051 and previous versions
MELSEC L Series L02CPU(-P): 24051 and previous versions
MELSEC L Series L06CPU(-P): 24051 and previous versions

SB2022062222 - Denial of service in Mitsubishi Electric MELSEC Q and L Series

Breakdown by Severity

Description

Remediation

References

Please verify you're human