ICONICS GENESIS64 and Mitsubishi Electric MC Works64 OPC UA

Plan PatchCVSS 7.5ICS-CERT ICSA-21-294-03Oct 21, 2021

Mitsubishi ElectricICONICSEnergyManufacturing

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Successful exploitation of a stack overflow vulnerability in the OPC UA interface of ICONICS GENESIS64, MobileHMI, AnalytiX, Hyper Historian and Mitsubishi Electric MC Works64 could trigger application crashes. An attacker with network access to the OPC UA port (default 4840) of an affected device can send a crafted message to cause a denial of service. GENESIS64 versions 10.97.1 and later are not vulnerable. Other affected products have no fix available and rely on network isolation and firewall protections.

What this means

What could happen

A stack overflow in the OPC UA interface of ICONICS and Mitsubishi Electric HMI/SCADA products could allow an unauthenticated attacker on the network to crash the application and interrupt visibility and control of plant operations.

Who's at risk

Organizations running ICONICS HMI/SCADA software (GENESIS64, MobileHMI, AnalytiX, Hyper Historian) or Mitsubishi Electric MC Works64 engineering and monitoring tools in energy and manufacturing sectors. Affected devices act as the user interface and gateway for operators to monitor and control pumps, motors, valves, and other critical plant equipment.

How it could be exploited

An attacker with network access to the OPC UA port (typically 4840) of an affected HMI or gateway device can send a specially crafted OPC UA message that triggers a stack overflow. This crashes the application, denying operators access to monitoring and control functions.

Prerequisites

Network access to the OPC UA port (default 4840) of an affected ICONICS or Mitsubishi Electric device
No authentication required

remotely exploitableno authentication requiredlow complexityaffects availability of plant operationsno patch available for most products

Exploitability

Unlikely to be exploited — EPSS score 0.2%

Affected products (5)

1 with fix4 EOL

ProductAffected VersionsFix Status

MC Works64:≤ 4.04ENo fix (EOL)

MobileHMI:≤ 10.97No fix (EOL)

AnalytiX:≤ 10.97No fix (EOL)

Hyper Historian:≤ 10.97No fix (EOL)

GENESIS64:≤ 10.9710.97.1+

Remediation & Mitigation

0/6

Do now

0/1

WORKAROUNDRestrict network access to OPC UA ports (default 4840) using firewall rules; only allow connections from trusted engineering workstations and systems

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate GENESIS64 to version 10.97.1 or later, or apply the vendor Critical Fixes Rollup package when available from ICONICS

HOTFIXApply Mitsubishi Electric Critical Fixes Rollup package when available for MC Works64

Mitigations - no patch available

0/3

The following products have reached End of Life with no planned fix: MC Works64:, MobileHMI:, AnalytiX:, Hyper Historian:. Apply the following compensating controls:

HARDENINGPlace control system networks and devices behind firewalls to isolate them from the business network

HARDENINGLeverage OPC UA security features and digital certificates to ensure products only connect to trusted OPC UA servers and clients

HARDENINGUse VPN for any remote access to control system devices, and keep VPN software updated to the latest version

CVEs (1)

CVE-2021-27432

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/9efe46a9-e8da-4593-8133-b26ea4d847d8

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.