Cyber Resilience

CVE-2022-25162

Medium

Published: 18 May 2022

Published
18 May 2022
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
EPSS Score 0.0024 46.7th percentile
Risk Priority 11 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-25162 is a medium-severity Improper Input Validation (CWE-20) vulnerability in Mitsubishielectric Melsec Iq-Fx5Uc-32Mt\/Dds Firmware. Its CVSS base score is 5.3 (Medium).

Operationally, ranked at the 46.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

Improper Input Validation vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U-xMy/z(x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) with serial number 17X**** or later and versions prior to 1.270, Mitsubishi Electric Mitsubishi Electric MELSEC iQ-F series FX5U-xMy/z(x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) with serial number 179**** and prior…

more

and versions prior to 1.073, MELSEC iQ-F series FX5UC-xMy/z(x=32,64,96, y=T,R, z=D,DSS) with serial number 17X**** or later and versions prior to 1.270, Mitsubishi Electric MELSEC iQ-F series FX5UC-xMy/z(x=32,64,96, y=T,R, z=D,DSS) with serial number 179**** and prior and versions prior to 1.073, Mitsubishi Electric MELSEC iQ-F series FX5UC-32MT/DS-TS versions prior to 1.270, Mitsubishi Electric MELSEC iQ-F series FX5UC-32MT/DSS-TS versions prior to 1.270, Mitsubishi Electric MELSEC iQ-F series FX5UC-32MR/DS-TS versions prior to 1.270, Mitsubishi Electric MELSEC iQ-F series FX5UJ-xMy/z(x=24,40,60, y=T,R, z=ES,ESS) versions prior to 1.030, Mitsubishi Electric MELSEC iQ-F series FX5UJ-xMy/ES-A(x=24,40,60, y=T,R) versions prior to 1.031 and Mitsubishi Electric MELSEC iQ-F series FX5S-xMy/z(x=30,40,60,80, y=T,R, z=ES,ESS) version 1.000 allows a remote unauthenticated attacker to cause a temporary DoS condition for the product's communication by sending specially crafted packets.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

mitsubishielectric
melsec iq-fx5u-32mt\/es firmware
≤ 1.270
mitsubishielectric
melsec iq-fx5u-32mt\/ds firmware
≤ 1.270
mitsubishielectric
melsec iq-fx5u-32mt\/ess firmware
≤ 1.270
mitsubishielectric
melsec iq-fx5u-32mt\/dss firmware
≤ 1.270
mitsubishielectric
melsec iq-fx5u-32mr\/es firmware
≤ 1.270
mitsubishielectric
melsec iq-fx5u-32mr\/ds firmware
≤ 1.270
mitsubishielectric
melsec iq-fx5u-32mr\/ess firmware
≤ 1.270
mitsubishielectric
melsec iq-fx5u-32mr\/dss firmware
≤ 1.270
mitsubishielectric
melsec iq-fx5u-64mt\/es firmware
≤ 1.270
mitsubishielectric
melsec iq-fx5u-64mt\/ds firmware
≤ 1.270
+87 more product configuration(s) — see NVD for full list

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-20

Security testing and developer training directly verify and enforce proper input validation, reducing exploitability of injection and malformed-data weaknesses.

addresses: CWE-20

Security testing and evaluation at multiple SDLC stages directly detects missing or flawed input validation, with the required remediation process ensuring fixes are applied.

addresses: CWE-20

Directly implements checks on information inputs to reject invalid data before processing.

addresses: CWE-20

Spam protection mechanisms perform filtering and detection on inbound/outbound messages, directly compensating for missing or weak input validation of unsolicited content.

References