VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 23, 2022· Updated Sep 5, 2024

Denial-of-Service Vulnerability in Ethernet port of MELSEC iQ-R, iQ-L Series and MELIPC Series

CVE-2022-33324

Description

Improper resource shutdown in Mitsubishi Electric MELSEC iQ-R/L and MELIPC series allows remote unauthenticated attackers to cause Ethernet DoS via specially crafted packets.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Improper resource shutdown in Mitsubishi Electric MELSEC iQ-R/L and MELIPC series allows remote unauthenticated attackers to cause Ethernet DoS via specially crafted packets.

Vulnerability

An improper resource shutdown or release vulnerability (CWE-404) exists in the Ethernet communication port of multiple Mitsubishi Electric CPU modules. Affected products include MELSEC iQ-R Series R00/01/02CPU firmware versions "32" and prior, R04/08/16/32/120(EN)CPU firmware versions "65" and prior, R08/16/32/120SFCPU firmware versions "29" and prior, R08/16/32/120PSFCPU firmware versions "08" and prior, R12CCPU-V firmware versions "17" and prior; MELSEC iQ-L Series L04/08/16/32HCPU firmware versions "05" and prior; and MELIPC Series MI5122-VW firmware versions "07" and prior [1][2]. The vulnerability is triggered when the module receives specially crafted packets over Ethernet.

Exploitation

An attacker can exploit this vulnerability remotely without authentication or user interaction. The attacker sends specially crafted packets to the Ethernet port of an affected module. No special network position is required beyond network access to the device. The attack complexity is low [2].

Impact

Successful exploitation causes a denial-of-service (DoS) condition in the module's Ethernet communication. The module becomes unresponsive to network traffic, requiring a system reset (power cycle or hardware reset) to restore normal operation [1][2]. No other impact (e.g., data corruption or code execution) has been reported.

Mitigation

Mitsubishi Electric has released firmware updates to address this vulnerability. Users should update to the latest firmware versions as specified in the vendor advisories [1][2]. For MELSEC iQ-R series, firmware versions after the affected ones are available; for MELSEC iQ-L and MELIPC series, similar updates exist. No workarounds are documented. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities (KEV) catalog as of the publication date.

References
  1. JVNVU#96883262: 三菱電機製MELSEC iQ-RおよびiQ-Lシリーズ、MELIPCシリーズのEthernetポートにおけるリソースの不適切なシャットダウンおよびリリースの脆弱性
  2. Mitsubishi Electric MELSEC iQ-R, iQ-L Series and MELIPC Series (Update E) | CISA

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

30
  • Mitsubishielectric/MELIPC Series MI5122-VWllm-create2 versions
    <=07+ 1 more
    • (no CPE)range: <=07
    • (no CPE)range: Firmware versions "07" and prior
  • Mitsubishielectric/MELSEC iQ-R Series R04/08/16/32/120ENCPU Network Partllm-fuzzy
    Range: <=65
  • Mitsubishielectric/MELSEC iQ-R Seriesllm-fuzzy27 versions
    <=32+ 26 more
    • (no CPE)range: <=32
    • (no CPE)range: Firmware versions "05" and prior
    • (no CPE)range: Firmware versions "05" and prior
    • (no CPE)range: Firmware versions "05" and prior
    • (no CPE)range: Firmware versions "05" and prior
    • (no CPE)range: Firmware versions "32" and prior
    • (no CPE)range: Firmware versions "32" and prior
    • (no CPE)range: Firmware versions "32" and prior
    • (no CPE)range: Firmware versions "65" and prior
    • (no CPE)range: Firmware versions "65" and prior
    • (no CPE)range: Firmware versions "65" and prior
    • (no CPE)range: Firmware versions "65" and prior
    • (no CPE)range: Firmware versions "08" and prior
    • (no CPE)range: Firmware versions "29" and prior
    • (no CPE)range: Firmware versions "65" and prior
    • (no CPE)range: Firmware versions "65" and prior
    • (no CPE)range: Firmware versions "08" and prior
    • (no CPE)range: Firmware versions "29" and prior
    • (no CPE)range: Firmware versions "17" and prior
    • (no CPE)range: Firmware versions "65" and prior
    • (no CPE)range: Firmware versions "65" and prior
    • (no CPE)range: Firmware versions "08" and prior
    • (no CPE)range: Firmware versions "29" and prior
    • (no CPE)range: Firmware versions "65" and prior
    • (no CPE)range: Firmware versions "65" and prior
    • (no CPE)range: Firmware versions "08" and prior
    • (no CPE)range: Firmware versions "29" and prior

Patches

0

No patches discovered yet.

Vulnerability mechanics

No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.

References

3

News mentions

0

No linked articles in our index yet.