Login Sign Up

CVE-2022-24946

7.5 HIGH
Denial of Service

📋 TL;DR

This vulnerability allows remote unauthenticated attackers to cause denial of service (DoS) conditions in Mitsubishi Electric PLCs and industrial controllers by sending specially crafted packets. Affected systems require a physical reset to recover. The vulnerability impacts multiple MELSEC and MELIPC series products used in industrial automation.

💻 Affected Systems

Products:
  • Mitsubishi Electric MELSEC iQ-R Series R12CCPU-V
  • Mitsubishi Electric MELSEC-Q Series Q03UDECPU
  • Mitsubishi Electric MELSEC-Q Series Q04/06/10/13/20/26/50/100UDEHCPU
  • Mitsubishi Electric MELSEC-Q Series Q03/04/06/13/26UDVCPU
  • Mitsubishi Electric MELSEC-Q Series Q04/06/13/26UDPVCPU
  • Mitsubishi Electric MELSEC-Q Series Q12DCCPU-V
  • Mitsubishi Electric MELSEC-Q Series Q24DHCCPU-V(G)
  • Mitsubishi Electric MELSEC-Q Series Q24/26DHCCPU-LS
  • Mitsubishi Electric MELSEC-L series L02/06/26CPU(-P)
  • Mitsubishi Electric MELSEC-L series L26CPU-(P)BT
  • Mitsubishi Electric MELIPC Series MI5122-VW
Versions: See serial number and firmware version restrictions in CVE description
Operating Systems: Embedded firmware
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability affects specific serial number ranges and firmware versions. Check exact product models against vendor advisory.

📦 What is this software?

L02cpu Firmware by Mitsubishielectric

View all CVEs affecting L02cpu Firmware →

L02cpu P Firmware by Mitsubishielectric

View all CVEs affecting L02cpu P Firmware →

L02scpu Firmware by Mitsubishielectric

View all CVEs affecting L02scpu Firmware →

L02scpu P Firmware by Mitsubishielectric

View all CVEs affecting L02scpu P Firmware →

L06cpu Firmware by Mitsubishielectric

View all CVEs affecting L06cpu Firmware →

L06cpu P Firmware by Mitsubishielectric

View all CVEs affecting L06cpu P Firmware →

L26cpu \(p\)bt Firmware by Mitsubishielectric

View all CVEs affecting L26cpu \(p\)bt Firmware →

L26cpu Bt Cm Firmware by Mitsubishielectric

View all CVEs affecting L26cpu Bt Cm Firmware →

L26cpu Bt Firmware by Mitsubishielectric

View all CVEs affecting L26cpu Bt Firmware →

L26cpu Firmware by Mitsubishielectric

View all CVEs affecting L26cpu Firmware →

L26cpu P Firmware by Mitsubishielectric

View all CVEs affecting L26cpu P Firmware →

L26cpu Pbt Firmware by Mitsubishielectric

View all CVEs affecting L26cpu Pbt Firmware →

Q03udecpu Firmware by Mitsubishielectric

View all CVEs affecting Q03udecpu Firmware →

Q04udehcpu Firmware by Mitsubishielectric

View all CVEs affecting Q04udehcpu Firmware →

Q04udpvcpu Firmware by Mitsubishielectric

View all CVEs affecting Q04udpvcpu Firmware →

Q04udvcpu Firmware by Mitsubishielectric

View all CVEs affecting Q04udvcpu Firmware →

Q06ccpu V Firmware by Mitsubishielectric

View all CVEs affecting Q06ccpu V Firmware →

Q06phcpu Firmware by Mitsubishielectric

View all CVEs affecting Q06phcpu Firmware →

Q06udehcpu Firmware by Mitsubishielectric

View all CVEs affecting Q06udehcpu Firmware →

Q06udpvcpu Firmware by Mitsubishielectric

View all CVEs affecting Q06udpvcpu Firmware →

Q06udvcpu Firmware by Mitsubishielectric

View all CVEs affecting Q06udvcpu Firmware →

Q100udehcpu Firmware by Mitsubishielectric

View all CVEs affecting Q100udehcpu Firmware →

Q10udehcpu Firmware by Mitsubishielectric

View all CVEs affecting Q10udehcpu Firmware →

Q13udehcpu Firmware by Mitsubishielectric

View all CVEs affecting Q13udehcpu Firmware →

Q13udpvcpu Firmware by Mitsubishielectric

View all CVEs affecting Q13udpvcpu Firmware →

Q13udvcpu Firmware by Mitsubishielectric

View all CVEs affecting Q13udvcpu Firmware →

Q20udehcpu Firmware by Mitsubishielectric

View all CVEs affecting Q20udehcpu Firmware →

Q26dhccpu Ls Firmware by Mitsubishielectric

View all CVEs affecting Q26dhccpu Ls Firmware →

Q26udehcpu Firmware by Mitsubishielectric

View all CVEs affecting Q26udehcpu Firmware →

Q26udpvcpu Firmware by Mitsubishielectric

View all CVEs affecting Q26udpvcpu Firmware →

Q26udvcpu Firmware by Mitsubishielectric

View all CVEs affecting Q26udvcpu Firmware →

Q50udehcpu Firmware by Mitsubishielectric

View all CVEs affecting Q50udehcpu Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete disruption of industrial processes requiring physical system reset, potentially causing production downtime, safety incidents, or equipment damage.

🟠

Likely Case

Temporary disruption of Ethernet communications leading to process interruptions until manual reset is performed.

🟢

If Mitigated

Limited impact if systems are isolated in segmented networks with proper access controls.

🌐 Internet-Facing: HIGH - Remote unauthenticated exploitation possible from internet-facing systems.
🏢 Internal Only: MEDIUM - Requires network access but no authentication, so internal threats remain significant.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Crafting malicious packets requires understanding of the protocol but no authentication needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Contact Mitsubishi Electric for specific firmware updates

Vendor Advisory: https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-007_en.pdf

Restart Required: Yes

Instructions:

1. Contact Mitsubishi Electric support for firmware updates. 2. Schedule maintenance window. 3. Backup configuration. 4. Apply firmware update. 5. Test functionality. 6. Document changes.

🔧 Temporary Workarounds

Network segmentation

all

Isolate affected devices in separate VLANs with strict firewall rules

Access control lists

all

Implement network ACLs to restrict communication to trusted sources only

🧯 If You Can't Patch

  • Implement strict network segmentation and firewall rules to limit access
  • Monitor network traffic for anomalous patterns and implement intrusion detection

🔍 How to Verify

Check if Vulnerable:

Check product model, serial number, and firmware version against vendor advisory specifications

Check Version:

Use Mitsubishi Electric programming software or check device configuration

Verify Fix Applied:

Verify firmware version has been updated beyond vulnerable versions listed in advisory

📡 Detection & Monitoring

Log Indicators:

  • Unexpected device resets
  • Communication timeouts
  • Ethernet interface errors

Network Indicators:

  • Unusual packet patterns to PLC ports
  • Traffic from untrusted sources to industrial devices

SIEM Query:

Search for: (device_type:plc OR device_type:scada) AND (event_type:reset OR event_type:timeout) AND source_ip NOT IN trusted_networks

📊 Metadata

CVE ID: CVE-2022-24946
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-667
Published: June 15, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-24946, you might also want to check these:

CVE-2020-12658 9.8

CVE-2020-12658 is a critical vulnerability in gssproxy (GSS-API proxy daemon) where improper mutex h...

Same vulnerability type (CWE-667)
CVE-2020-11284 8.4

This vulnerability allows non-secure boot loaders to unlock and modify memory regions that should re...

Same vulnerability type (CWE-667)
CVE-2021-22530 8.2

CVE-2021-22530 is an authentication bypass vulnerability in NetIQ Advanced Authentication that allow...

Same vulnerability type (CWE-667)