OTPulse
FeedAboutContact

Mitsubishi Electric MELSEC-Q Series Ethernet Module

Plan Patch7.5ICS-CERT ICSA-19-141-02May 21, 2019
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

The Mitsubishi Electric MELSEC-Q Series QJ71E71-100 Ethernet module contains a vulnerability that can render the device unresponsive, requiring physical reset of the PLC. The vulnerability affects serial numbers 20121 and prior.

What this means
What could happen
An attacker could send specially crafted network traffic to make the Ethernet module unresponsive, forcing a physical restart of the PLC and causing interruption to industrial processes until the device recovers.
Who's at risk
This affects energy companies and manufacturing facilities that use Mitsubishi Electric MELSEC-Q Series PLCs with QJ71E71-100 Ethernet modules for process control, communications, and automation. Any plant relying on these modules for continuous operation should prioritize this issue.
How it could be exploited
An attacker with network access to the Ethernet module can send malformed packets that trigger a denial-of-service condition. The module becomes unresponsive and must be physically reset, requiring on-site intervention to restore communication with the PLC.
Prerequisites
  • Network access to the Ethernet module on the plant network or exposed to the Internet
  • No authentication required to trigger the denial-of-service condition
remotely exploitableno authentication requiredlow complexityaffects critical process communicationrequires physical access to recover
Exploitability
Moderate exploit probability (EPSS 3.8%)
Affected products (1)
ProductAffected VersionsFix Status
QJ71E71-100: serial number 20121 and prior≤ 20121Version 20122 or later
Remediation & Mitigation
0/4
Do now
0/1
WORKAROUNDImplement firewall rules to restrict network access to the Ethernet module; allow only connections from engineering workstations and known control systems
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade QJ71E71-100 Ethernet module firmware to Version 20122 or later
Long-term hardening
0/2
HARDENINGSegment the PLC network from the business network to prevent external exposure; isolate MELSEC-Q devices behind a firewall boundary
HARDENINGIf remote access to the PLC is required, use VPN with current security patches and strong authentication
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/1872bdb5-df91-4ee7-9e70-62d44618a33d