mitsubishielectric q03udecpu_firmware 加锁机制不恰当

admin

0
文章

0
评论

2023-11-30 07:19:37 Ali_nvd 来源：ZONE.CI 全球网 0 阅读模式

mitsubishielectric q03udecpu_firmware 加锁机制不恰当

CVE编号

CVE-2022-24946

利用情况

暂无

补丁情况

N/A

披露时间

2022-06-16

漏洞描述

Improper Resource Locking vulnerability in Mitsubishi Electric MELSEC-Q Series Q03UDECPU all versions, Mitsubishi Electric MELSEC-Q Series Q04/06/10/13/20/26/50/100UDEHCPU all versions, Mitsubishi Electric MELSEC-Q Series Q03/04/06/13/26UDVCPU the first 5 digits of serial number "24051" and prior, Mitsubishi Electric MELSEC-Q Series Q04/06/13/26UDPVCPU the first 5 digits of serial number "24051" and prior, Mitsubishi Electric MELSEC-L series L02/06/26CPU(-P) the first 5 digits of serial number "24051" and prior and Mitsubishi Electric MELSEC-L series L26CPU-(P)BT the first 5 digits of serial number "24051" and prior allows a remote unauthenticated attacker to cause a denial of service (DoS) condition in Ethernet communications by sending specially crafted packets. A system reset of the products is required for recovery.

解决建议

建议您更新当前系统或软件至最新版，完成漏洞的修复。

参考链接
https://jvn.jp/vu/JVNVU90895626/index.html
https://www.cisa.gov/uscert/ics/advisories/icsa-22-172-01
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-007_en.pdf

受影响软件情况

1
#	类型	厂商	产品	版本	影响面
	运行在以下环境
	系统	mitsubishielectric	l02/06/26cpu-p_firmware	-	-
	运行在以下环境
	系统	mitsubishielectric	l26cpu-(p)bt_firmware	-	-
	运行在以下环境
	系统	mitsubishielectric	q03/04/06/13/26udvcpu_firmware	-	-
	运行在以下环境
	系统	mitsubishielectric	q03udecpu_firmware	-	-
	运行在以下环境
	系统	mitsubishielectric	q04/06/10/13/20/26/50/100udehcpu_firmware	-	-
	运行在以下环境
	系统	mitsubishielectric	q04/06/13/26udpvcpu_firmware	-	-
	运行在以下环境
	硬件	mitsubishielectric	l02/06/26cpu-p	-	-
	运行在以下环境
	硬件	mitsubishielectric	l26cpu-(p)bt	-	-
	运行在以下环境
	硬件	mitsubishielectric	q03/04/06/13/26udvcpu	-	-
	运行在以下环境
	硬件	mitsubishielectric	q03udecpu	-	-
	运行在以下环境
	硬件	mitsubishielectric	q04/06/10/13/20/26/50/100udehcpu	-	-
	运行在以下环境
	硬件	mitsubishielectric	q04/06/13/26udpvcpu	-	-