CVE-2022-24946

high

Published 2022-06-15 · Modified 2026-06-02

💬 Discuss on Community ✚ Propose mitigation

CVSS v3

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v4 NEW

—

not yet in upstream

VIR risk

7.5

Description

Improper Resource Locking vulnerability in Mitsubishi Electric MELSEC iQ-R Series R12CCPU-V firmware versions "16" and prior, Mitsubishi Electric MELSEC-Q Series Q03UDECPU the first 5 digits of serial No. "24061" and prior, Mitsubishi Electric MELSEC-Q Series Q04/06/10/13/20/26/50/100UDEHCPU the first 5 digits of serial No. "24061" and prior, Mitsubishi Electric MELSEC-Q Series Q03/04/06/13/26UDVCPU the first 5 digits of serial number "24051" and prior, Mitsubishi Electric MELSEC-Q Series Q04/06/13/26UDPVCPU the first 5 digits of serial number "24051" and prior, Mitsubishi Electric MELSEC-Q Series Q12DCCPU-V all versions, Mitsubishi Electric MELSEC-Q Series Q24DHCCPU-V(G) all versions, Mitsubishi Electric MELSEC-Q Series Q24/26DHCCPU-LS all versions, Mitsubishi Electric MELSEC-L series L02/06/26CPU(-P) the first 5 digits of serial number "24051" and prior, Mitsubishi Electric MELSEC-L series L26CPU-(P)BT the first 5 digits of serial number "24051" and prior and Mitsubishi Electric MELIPC Series MI5122-VW firmware versions "05" and prior allows a remote unauthenticated attacker to cause a denial of service (DoS) condition in Ethernet communications by sending specially crafted packets. A system reset of the products is required for recovery.

Predictions

Exploit likelihood

83%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No mitigations published for this CVE yet.

The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or — if you've already worked around this in production — publish your fix to the community-verified tier.

✚ Propose a mitigation on Community → Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here with source_tier=community-verified.

Application impact

Vendor	Product	Versions
mitsubishielectric	q03udecpu	`-`
mitsubishielectric	q04udehcpu	`-`
mitsubishielectric	q04udpvcpu	`-`
mitsubishielectric	q04udvcpu	`-`
mitsubishielectric	q100udehcpu	`-`
mitsubishielectric	q50udehcpu	`-`
mitsubishielectric	q26dhccpu-ls	`-`
mitsubishielectric	q26udehcpu	`-`
mitsubishielectric	q26udpvcpu	`-`
mitsubishielectric	q26udvcpu	`-`
mitsubishielectric	q20udehcpu	`-`
mitsubishielectric	q13udehcpu	`-`
mitsubishielectric	q13udpvcpu	`-`
mitsubishielectric	q13udvcpu	`-`
mitsubishielectric	q10udehcpu	`-`
mitsubishielectric	q06ccpu-v	`-`
mitsubishielectric	q06phcpu	`-`
mitsubishielectric	q06udehcpu	`-`
mitsubishielectric	q06udpvcpu	`-`
mitsubishielectric	q06udvcpu	`-`
mitsubishielectric	l02cpu	`-`
mitsubishielectric	l02cpu-p	`-`
mitsubishielectric	l02scpu	`-`
mitsubishielectric	l02scpu-p	`-`
mitsubishielectric	l06cpu	`-`
mitsubishielectric	l06cpu-p	`-`
mitsubishielectric	l26cpu	`-`
mitsubishielectric	l26cpu-\(p\)bt	`-`
mitsubishielectric	l26cpu-bt	`-`
mitsubishielectric	l26cpu-bt-cm	`-`
mitsubishielectric	l26cpu-p	`-`
mitsubishielectric	l26cpu-pbt	`-`

References

CWEs

CWE-667 CWE-413

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.