CVE-2022-40265 HIGH

CVE-2022-40265: Denial of Service (DoS) Vulnerability in MELSEC iQ-R Series Ethernet Interface Module

Vendor Mitsubishi Electric Corporation

Product MELSEC iQ-R Series RJ71EN71

Weakness CWE-20 · Input validation

Published November 30, 2022

Last update April 24, 2025

View on NVD All CVEs

CVSS base score

8.6/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality None

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

What the vulnerability does

01Description

Improper Input Validation vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series RJ71EN71 Firmware version "65" and prior and Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120ENCPU Network Part Firmware version "65" and prior allows a remote unauthenticated attacker to cause a Denial of Service condition by sending specially crafted packets. A system reset is required for recovery.

Key dates

02Disclosure timeline

November 30, 2022 CVE published

April 24, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-40265 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/20.html

Related vulnerabilities

Identifiers

CVE CVE-2022-40265

CWE CWE-20

CVSS 8.6 / HIGH

Affected versions

Vendor Mitsubishi Electric Corporation

Product MELSEC iQ-R Series RJ71EN71

Affected Firmware version "65" and prior

Vendor Mitsubishi Electric Corporation

Product MELSEC iQ-R Series R04/08/16/32/120ENCPU

Affected Network Part Firmware version "65" and prior

CVE-2022-40265: Denial of Service (DoS) Vulnerability in MELSEC iQ-R Series Ethernet Interface Module

01Description

02Disclosure timeline

03References

04Related CVE