CVE-2022-40265 - Vulnerability Details

Improper Input Validation vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series RJ71EN71 Firmware version "65" and prior and Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120ENCPU Network Part Firmware version "65" and prior allows a remote unauthenticated attacker to cause a Denial of Service condition by sending specially crafted packets. A system reset is required for recovery.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Mitsubishielectric	R04encpu R04encpu Firmware R08encpu R08encpu Firmware R120encpu R120encpu Firmware R16encpu R16encpu Firmware R32encpu R32encpu Firmware Rj71en71 Rj71en71 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:mitsubishielectric:rj71en71_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:rj71en71:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:mitsubishielectric:r04encpu_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:r04encpu:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:mitsubishielectric:r08encpu_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:r08encpu:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:mitsubishielectric:r16encpu_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:r16encpu:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:mitsubishielectric:r32encpu_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:r32encpu:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:mitsubishielectric:r120encpu_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:r120encpu:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://jvn.jp/vu/JVNVU94702422
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-017_en.pdf

History

Thu, 24 Apr 2025 19:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: Mitsubishi

Published: 2022-11-30T00:04:43.069Z

Updated: 2025-04-24T18:45:03.895Z

Reserved: 2022-09-08T19:40:16.931Z

Link: CVE-2022-40265

Vulnrichment

Updated: 2024-08-03T12:14:40.016Z

NVD

Status : Modified

Published: 2022-11-30T01:15:09.873

Modified: 2024-11-21T07:21:09.477

Link: CVE-2022-40265

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable yes

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object