Remote Code Execution and Denial of Service Vulnerability in Mitsubishi Electric MELSEC-Q, MELSEC-L, and MELSEC iQ-R Series

Remote Code Execution and Denial of Service Vulnerability in Mitsubishi Electric MELSEC-Q, MELSEC-L, and MELSEC iQ-R Series

CVE-2022-25163 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Improper Input Validation vulnerability in Mitsubishi Electric MELSEC-Q Series QJ71E71-100 first 5 digits of serial number "24061" or prior, Mitsubishi Electric MELSEC-L series LJ71E71-100 first 5 digits of serial number "24061" or prior and Mitsubishi Electric MELSEC iQ-R Series RD81MES96N firmware version "08" or prior allows a remote unauthenticated attacker to cause a denial of service (DoS) condition or execute malicious code on the target products by sending specially crafted packets.

Learn more about our Web Application Penetration Testing UK.