CVE-2022-25161

Q: What is the severity of CVE-2022-25161?

CVE-2022-25161 has a CVSS score of 8.6 (HIGH). This vulnerability allows remote unauthenticated attackers to cause a denial-of-service condition in affected Mitsubishi Electric MELSEC iQ-F series PLCs by sending specially crafted packets. The attack disrupts program execution or communication, requiring a system reset for recovery. Organizations using these specific PLC models with vulnerable firmware versions are affected.

8.6 HIGH

Denial of Service

📋 TL;DR

This vulnerability allows remote unauthenticated attackers to cause a denial-of-service condition in affected Mitsubishi Electric MELSEC iQ-F series PLCs by sending specially crafted packets. The attack disrupts program execution or communication, requiring a system reset for recovery. Organizations using these specific PLC models with vulnerable firmware versions are affected.

💻 Affected Systems

Products:

Mitsubishi Electric MELSEC iQ-F series FX5U
Mitsubishi Electric MELSEC iQ-F series FX5UC
Mitsubishi Electric MELSEC iQ-F series FX5UJ
Mitsubishi Electric MELSEC iQ-F series FX5S

Versions: FX5U/FX5UC: versions prior to 1.270 (serial 17X****+) or prior to 1.073 (serial 179****); FX5UJ: versions prior to 1.030/1.031; FX5S: version 1.000

Operating Systems: PLC firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Specific model variants affected as detailed in CVE description. Serial number ranges also determine vulnerability.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Critical industrial processes are halted, requiring physical system reset and potentially causing production downtime, safety incidents, or equipment damage.

🟠

Likely Case

PLC stops executing control logic, halting industrial processes until manual reset is performed, causing operational disruption.

🟢

If Mitigated

With proper network segmentation and access controls, impact is limited to isolated control network segments.

🌐 Internet-Facing: HIGH - Remote unauthenticated exploitation possible if PLCs are directly internet-accessible.

🏢 Internal Only: MEDIUM - Requires network access but no authentication, so internal attackers or malware could exploit.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW - Remote unauthenticated attack with specially crafted packets.

No public exploit code identified, but vulnerability details are public and exploitation appears straightforward.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: FX5U/FX5UC: 1.270 or later (serial 17X****+) or 1.073 or later (serial 179****); FX5UJ: 1.030/1.031 or later; FX5S: no patch available (only version 1.000 exists)

Vendor Advisory: https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-004_en.pdf

Restart Required: Yes

Instructions:

1. Download firmware update from Mitsubishi Electric website. 2. Connect to PLC via programming software. 3. Backup current program. 4. Apply firmware update. 5. Restart PLC. 6. Restore program and verify operation.

🔧 Temporary Workarounds

Network segmentation

all

Isolate PLCs in dedicated control network segments with firewall rules restricting access.

Access control lists

all

Implement network ACLs to restrict which IP addresses can communicate with PLCs.

🧯 If You Can't Patch

Implement strict network segmentation to isolate PLCs from untrusted networks
Deploy intrusion detection systems monitoring for anomalous traffic to PLCs

🔍 How to Verify

Check if Vulnerable:

Check PLC model, serial number, and firmware version via Mitsubishi Electric programming software (GX Works3).

Check Version:

Use GX Works3 'Diagnostics' -> 'System Monitor' to view firmware version

Verify Fix Applied:

Confirm firmware version is patched via programming software and test communication resilience.

📡 Detection & Monitoring

Log Indicators:

PLC error logs showing communication faults
Unexpected PLC stop/reset events

Network Indicators:

Unusual traffic patterns to PLC ports
Malformed packets targeting PLC IP addresses

SIEM Query:

source_ip=* dest_ip=PLC_IP AND (packet_size_anomaly OR protocol_violation)

📊 Metadata

CVE ID: CVE-2022-25161

CVSS v3 Score: 8.6 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

CWE: CWE-20

Published: May 18, 2022

Last Updated: November 21, 2024

🔗 References

https://jvn.jp/vu/JVNVU95926817/index.html Third Party Advisory
https://www.cisa.gov/uscert/ics/advisories/icsa-22-139-01 Third Party Advisory,US Government Resource
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-004_en.pdf Vendor Advisory
https://jvn.jp/vu/JVNVU95926817/index.html Third Party Advisory
https://www.cisa.gov/uscert/ics/advisories/icsa-22-139-01 Third Party Advisory,US Government Resource
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-004_en.pdf Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Melsec Iq Fx5s 30mr\/es Firmware by Mitsubishielectric

Melsec Iq Fx5s 30mr\/ess Firmware by Mitsubishielectric

Melsec Iq Fx5s 30mt\/es Firmware by Mitsubishielectric

Melsec Iq Fx5s 30mt\/ess Firmware by Mitsubishielectric

Melsec Iq Fx5s 40mr\/es Firmware by Mitsubishielectric

Melsec Iq Fx5s 40mr\/ess Firmware by Mitsubishielectric

Melsec Iq Fx5s 40mt\/es Firmware by Mitsubishielectric

Melsec Iq Fx5s 40mt\/ess Firmware by Mitsubishielectric

Melsec Iq Fx5s 60mr\/es Firmware by Mitsubishielectric

Melsec Iq Fx5s 60mr\/ess Firmware by Mitsubishielectric

Melsec Iq Fx5s 60mt\/es Firmware by Mitsubishielectric

Melsec Iq Fx5s 60mt\/ess Firmware by Mitsubishielectric

Melsec Iq Fx5s 80mr\/es Firmware by Mitsubishielectric

Melsec Iq Fx5s 80mr\/ess Firmware by Mitsubishielectric

Melsec Iq Fx5s 80mt\/es Firmware by Mitsubishielectric

Melsec Iq Fx5s 80mt\/ess Firmware by Mitsubishielectric

Melsec Iq Fx5u 32mr\/ds Firmware by Mitsubishielectric

Melsec Iq Fx5u 32mr\/ds Firmware by Mitsubhishielectric

Melsec Iq Fx5u 32mr\/dss Firmware by Mitsubishielectric

Melsec Iq Fx5u 32mr\/dss Firmware by Mitsubhishielectric

Melsec Iq Fx5u 32mr\/es Firmware by Mitsubishielectric

Melsec Iq Fx5u 32mr\/es Firmware by Mitsubhishielectric

Melsec Iq Fx5u 32mr\/ess Firmware by Mitsubishielectric

Melsec Iq Fx5u 32mr\/ess Firmware by Mitsubhishielectric

Melsec Iq Fx5u 32mt\/ds Firmware by Mitsubishielectric

Melsec Iq Fx5u 32mt\/ds Firmware by Mitsubhishielectric

Melsec Iq Fx5u 32mt\/dss Firmware by Mitsubishielectric

Melsec Iq Fx5u 32mt\/dss Firmware by Mitsubhishielectric

Melsec Iq Fx5u 32mt\/es Firmware by Mitsubishielectric

Melsec Iq Fx5u 32mt\/es Firmware by Mitsubhishielectric

Melsec Iq Fx5u 32mt\/ess Firmware by Mitsubishielectric

Melsec Iq Fx5u 32mt\/ess Firmware by Mitsubhishielectric

Melsec Iq Fx5u 64mr\/ds Firmware by Mitsubishielectric

Melsec Iq Fx5u 64mr\/ds Firmware by Mitsubhishielectric

Melsec Iq Fx5u 64mr\/dss Firmware by Mitsubishielectric

Melsec Iq Fx5u 64mr\/dss Firmware by Mitsubhishielectric

Melsec Iq Fx5u 64mr\/es Firmware by Mitsubishielectric

Melsec Iq Fx5u 64mr\/es Firmware by Mitsubhishielectric

Melsec Iq Fx5u 64mr\/ess Firmware by Mitsubishielectric

Melsec Iq Fx5u 64mr\/ess Firmware by Mitsubhishielectric

Melsec Iq Fx5u 64mt\/ds Firmware by Mitsubishielectric

Melsec Iq Fx5u 64mt\/ds Firmware by Mitsubhishielectric

Melsec Iq Fx5u 64mt\/dss Firmware by Mitsubishielectric

Melsec Iq Fx5u 64mt\/dss Firmware by Mitsubhishielectric

Melsec Iq Fx5u 64mt\/es Firmware by Mitsubishielectric

Melsec Iq Fx5u 64mt\/es Firmware by Mitsubhishielectric

Melsec Iq Fx5u 64mt\/ess Firmware by Mitsubishielectric

Melsec Iq Fx5u 64mt\/ess Firmware by Mitsubhishielectric

Melsec Iq Fx5u 80mr\/ds Firmware by Mitsubishielectric

Melsec Iq Fx5u 80mr\/ds Firmware by Mitsubhishielectric

Melsec Iq Fx5u 80mr\/dss Firmware by Mitsubishielectric

Melsec Iq Fx5u 80mr\/dss Firmware by Mitsubhishielectric

Melsec Iq Fx5u 80mr\/es Firmware by Mitsubishielectric

Melsec Iq Fx5u 80mr\/es Firmware by Mitsubhishielectric

Melsec Iq Fx5u 80mr\/ess Firmware by Mitsubishielectric

Melsec Iq Fx5u 80mr\/ess Firmware by Mitsubhishielectric

Melsec Iq Fx5u 80mt\/ds Firmware by Mitsubishielectric

Melsec Iq Fx5u 80mt\/ds Firmware by Mitsubhishielectric

Melsec Iq Fx5u 80mt\/dss Firmware by Mitsubishielectric

Melsec Iq Fx5u 80mt\/dss Firmware by Mitsubhishielectric

Melsec Iq Fx5u 80mt\/es Firmware by Mitsubishielectric

Melsec Iq Fx5u 80mt\/es Firmware by Mitsubhishielectric

Melsec Iq Fx5u 80mt\/ess Firmware by Mitsubishielectric

Melsec Iq Fx5u 80mt\/ess Firmware by Mitsubhishielectric

Melsec Iq Fx5uc 32mr\/dds Firmware by Mitsubishielectric

Melsec Iq Fx5uc 32mr\/dds Firmware by Mitsubishielectric

Melsec Iq Fx5uc 32mr\/ds Firmware by Mitsubishielectric

Melsec Iq Fx5uc 32mr\/ds Firmware by Mitsubishielectric

Melsec Iq Fx5uc 32mr\/ds Ts Firmware by Mitsubishielectric

Melsec Iq Fx5uc 32mt\/dds Firmware by Mitsubishielectric

Melsec Iq Fx5uc 32mt\/dds Firmware by Mitsubishielectric

Melsec Iq Fx5uc 32mt\/ds Firmware by Mitsubishielectric

Melsec Iq Fx5uc 32mt\/ds Firmware by Mitsubishielectric

Melsec Iq Fx5uc 32mt\/ds Ts Firmware by Mitsubishielectric

Melsec Iq Fx5uc 32mt\/dss Ts Firmware by Mitsubishielectric

Melsec Iq Fx5uc 64mr\/dds Firmware by Mitsubishielectric

Melsec Iq Fx5uc 64mr\/dds Firmware by Mitsubishielectric