OTPulse
FeedAboutContact

Mitsubishi Electric MELSEC

Monitor5.3ICS-CERT ICSA-20-091-02Mar 31, 2020
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

A denial-of-service vulnerability in Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L, and F series PLCs allows an attacker to send malicious network traffic that causes the device to become unresponsive. The vulnerability has a CVSS score of 5.3 (medium) and a CWE-400 classification indicating improper resource consumption. Mitsubishi Electric has not released a patch and recommends using firewall and IP filtering controls instead.

What this means
What could happen
An attacker could send specially crafted network traffic to render a MELSEC PLC unresponsive, causing loss of control over critical process operations until the device is manually restarted.
Who's at risk
Operators of Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L, and F series PLCs in energy and water utilities should be aware of this vulnerability. Any organization using these controllers for critical process automation is affected.
How it could be exploited
An attacker on the network sends malformed traffic to the MELSEC device on its network interface. The device fails to handle the malicious input correctly, consuming resources and becoming unresponsive to legitimate commands from engineering workstations or SCADA systems.
Prerequisites
  • Network access to the MELSEC device (typically Ethernet port 502 or 9201)
  • Device must be reachable from attacker's network location
  • No credentials required
remotely exploitableno authentication requiredlow complexityno patch availableaffects process availability
Exploitability
Low exploit probability (EPSS 0.5%)
Affected products (1)
ProductAffected VersionsFix Status
MELSEC iQ-R iQ-F Q L and F series: all versionsAll versionsNo fix (EOL)
Remediation & Mitigation
0/4
Do now
0/3
HARDENINGInstall a firewall between the PLC network and any untrusted networks to block unsolicited inbound traffic
WORKAROUNDEnable the IP filter function on the MELSEC device to restrict which IP addresses can connect to it
HARDENINGMinimize internet exposure for all MELSEC devices; ensure they are not directly reachable from the internet
Mitigations - no patch available
0/1
MELSEC iQ-R iQ-F Q L and F series: all versions has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGSegment the PLC network from the business network; place control system devices behind an industrial firewall
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/02f6d747-dabe-427d-b9e1-221368d1bac8