Vulnerabilities > CVE-2022-24946 - Improper Locking vulnerability in Mitsubishielectric products

CVSS 7.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

COMPLETE

network

low complexity

mitsubishielectric

CWE-667

NVD

Published: 2022-06-15

Updated: 2022-08-19

Summary

Improper Resource Locking vulnerability in Mitsubishi Electric MELSEC iQ-R Series R12CCPU-V firmware versions "16" and prior, Mitsubishi Electric MELSEC-Q Series Q03UDECPU the first 5 digits of serial No. "24061" and prior, Mitsubishi Electric MELSEC-Q Series Q04/06/10/13/20/26/50/100UDEHCPU the first 5 digits of serial No. "24061" and prior, Mitsubishi Electric MELSEC-Q Series Q03/04/06/13/26UDVCPU the first 5 digits of serial number "24051" and prior, Mitsubishi Electric MELSEC-Q Series Q04/06/13/26UDPVCPU the first 5 digits of serial number "24051" and prior, Mitsubishi Electric MELSEC-Q Series Q12DCCPU-V all versions, Mitsubishi Electric MELSEC-Q Series Q24DHCCPU-V(G) all versions, Mitsubishi Electric MELSEC-Q Series Q24/26DHCCPU-LS all versions, Mitsubishi Electric MELSEC-L series L02/06/26CPU(-P) the first 5 digits of serial number "24051" and prior, Mitsubishi Electric MELSEC-L series L26CPU-(P)BT the first 5 digits of serial number "24051" and prior and Mitsubishi Electric MELIPC Series MI5122-VW firmware versions "05" and prior allows a remote unauthenticated attacker to cause a denial of service (DoS) condition in Ethernet communications by sending specially crafted packets. A system reset of the products is required for recovery.

Vulnerable Configurations

Part	Description	Count
OS	Mitsubishielectric Mitsubishielectric Q03Udecpu Firmware - Mitsubishielectric Q04Udehcpu Firmware - Mitsubishielectric Q04Udpvcpu Firmware - Mitsubishielectric Q04Udvcpu Firmware - Mitsubishielectric Q100Udehcpu Firmware - Mitsubishielectric Q50Udehcpu Firmware - Mitsubishielectric Q26Dhccpu LS Firmware - Mitsubishielectric Q26Udehcpu Firmware - Mitsubishielectric Q26Udpvcpu Firmware - Mitsubishielectric Q26Udvcpu Firmware - Mitsubishielectric Q20Udehcpu Firmware - Mitsubishielectric Q13Udehcpu Firmware - Mitsubishielectric Q13Udpvcpu Firmware - Mitsubishielectric Q13Udvcpu Firmware - Mitsubishielectric Q10Udehcpu Firmware - Mitsubishielectric Q06Ccpu V Firmware - Mitsubishielectric Q06Phcpu Firmware - Mitsubishielectric Q06Udehcpu Firmware - Mitsubishielectric Q06Udpvcpu Firmware - Mitsubishielectric Q06Udvcpu Firmware - Mitsubishielectric L02Cpu Firmware - Mitsubishielectric L02Cpu P Firmware - Mitsubishielectric L02Scpu Firmware - Mitsubishielectric L02Scpu P Firmware - Mitsubishielectric L06Cpu Firmware - Mitsubishielectric L06Cpu P Firmware - Mitsubishielectric L26Cpu Firmware - Mitsubishielectric L26Cpu (P)Bt Firmware - Mitsubishielectric L26Cpu BT Firmware - Mitsubishielectric L26Cpu BT CM Firmware - Mitsubishielectric L26Cpu P Firmware - Mitsubishielectric L26Cpu PBT Firmware -	32
Hardware	Mitsubishielectric Mitsubishielectric Q03Udecpu - Mitsubishielectric Q04Udehcpu - Mitsubishielectric Q04Udpvcpu - Mitsubishielectric Q04Udvcpu - Mitsubishielectric Q100Udehcpu - Mitsubishielectric Q50Udehcpu - Mitsubishielectric Q26Dhccpu LS - Mitsubishielectric Q26Udehcpu - Mitsubishielectric Q26Udpvcpu - Mitsubishielectric Q26Udvcpu - Mitsubishielectric Q20Udehcpu - Mitsubishielectric Q13Udehcpu - Mitsubishielectric Q13Udpvcpu - Mitsubishielectric Q13Udvcpu - Mitsubishielectric Q10Udehcpu - Mitsubishielectric Q06Ccpu V - Mitsubishielectric Q06Phcpu - Mitsubishielectric Q06Udehcpu - Mitsubishielectric Q06Udpvcpu - Mitsubishielectric Q06Udvcpu - Mitsubishielectric L02Cpu - Mitsubishielectric L02Cpu P - Mitsubishielectric L02Scpu - Mitsubishielectric L02Scpu P - Mitsubishielectric L06Cpu - Mitsubishielectric L06Cpu P - Mitsubishielectric L26Cpu - Mitsubishielectric L26Cpu (P)Bt - Mitsubishielectric L26Cpu BT - Mitsubishielectric L26Cpu BT CM - Mitsubishielectric L26Cpu P - Mitsubishielectric L26Cpu PBT -	32

Common Weakness Enumeration (CWE)

CWE-667 - Improper Locking

Common Attack Pattern Enumeration and Classification (CAPEC)

Leveraging Race Conditions
This attack targets a race condition occurring when multiple processes access and manipulate the same resource concurrently and the outcome of the execution depends on the particular order in which the access takes place. The attacker can leverage a race condition by "running the race", modifying the resource and modifying the normal execution flow. For instance a race condition can occur while accessing a file, the attacker can trick the system by replacing the original file with his version and cause the system to read the malicious file.
Leveraging Race Conditions via Symbolic Links
This attack leverages the use of symbolic links (Symlinks) in order to write to sensitive files. An attacker can create a Symlink link to a target file not otherwise accessible to her. When the privileged program tries to create a temporary file with the same name as the Symlink link, it will actually write to the target file pointed to by the attackers' Symlink link. If the attacker can insert malicious content in the temporary file she will be writing to the sensitive file by using the Symlink. The race occurs because the system checks if the temporary file exists, then creates the file. The attacker would typically create the Symlink during the interval between the check and the creation of the temporary file.

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

References