PT-2021-15: Denial of Service when Processing File with Incorrect Header Content in FX5U(C) CPU and FX5UJ CPU modules

MEDIUM
(5.3) CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Vulnerable software

FX5U(C) CPU and FX5UJ CPU modules

Severity level

Severity level: Medium
Impact: Denial of Service when Processing File with Incorrect Header Content in FX5U(C) CPU and FX5UJ CPU modules
Access Vector: Remote

CVSS v3.0
Base Score: 5,3
Vector: (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVE-2022-25162

Vulnerability description:

The vulnerability of the FX5U(C) CPU and FX5UJ CPU modules of Mitsubishi Electric FA products is associated with processing file with incorrect header content. Exploitation of the vulnerability allows an attacker to implement a Denial of Service when creating a file with a nonstandard structure and writing an incorrect header to it.

Advisory status

15.12.2021 - Vendor gets vulnerability details
17.05.2022 - Security advisory publication date (https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-004_en.pdf)

Credits

The vulnerability was detected by Anton Dorfman (Positive Technologies)

Identifier:
CVE-2022-25162
Vendor:
Mitsubishi Electric
Vulnerable product:
FX5U(C) CPU and FX5UJ CPU modules

Get in touch

Fill in the form and our specialists
will contact you shortly