Mitsubishi Electric FA Engineering Software (Update B)

Monitor5.5ICS-CERT ICSA-21-350-05Dec 16, 2021

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

Buffer over-read and integer underflow vulnerabilities in Mitsubishi Electric FA engineering software (EZSocket, GX Works2, MELSOFT Navigator) allow denial-of-service when parsing malformed project files. Vulnerabilities are triggered when project files are read from a PLC via the Batch Read function or opened in the affected software versions.

What this means

What could happen

An attacker with access to engineering workstation files could cause a denial-of-service condition on the PLC by crafting a malicious project file that crashes the software when opened or executed.

Who's at risk

Engineering staff at electric utilities, water authorities, and energy facilities who use Mitsubishi Electric FA software tools (MELSOFT Navigator, GX Works2, EZSocket) to configure and maintain programmable logic controllers (PLCs). Impact is primarily to engineering productivity rather than immediate operational disruption, but could prevent PLC updates or configuration changes during critical periods.

How it could be exploited

An attacker could create a malicious project file and either place it on an engineering workstation or trick an operator into opening it using the "Batch Read" function. When the project file is parsed by the vulnerable software, a buffer over-read or integer underflow in the file parser causes the application to crash, disrupting engineering activities.

Prerequisites

Local access to engineering workstation file system or ability to trick user into opening a malicious file
User must open the malicious project file in affected software versions
Project file read via MELSOFT Navigator or EZSocket Batch Read function

low complexity exploitationlocal access requireduser interaction requireddenial-of-service impact

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (3)

2 with fix1 EOL

ProductAffected VersionsFix Status

EZSocket:≤ 5.4No fix (EOL)

MELSOFT Navigator:≤ 2.84N2.86Q

GX Works2:≤ 1.606G1.610L

Remediation & Mitigation

0/4

Do now

0/1

HARDENINGEducate operators not to open project files from untrusted sources

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate MELSOFT Navigator to version 2.86Q or later

HOTFIXUpdate GX Works2 to version 1.610L or later and enable the security check option [Options] -> [Project] -> [Common Setting] -> [Enable the security check for the project]

Mitigations - no patch available

0/1

EZSocket: has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGRestrict file access and access controls on engineering workstations to prevent unauthorized placement of project files

CVEs (2)

CVE-2021-20606 CVE-2021-20607

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/68373479-c8d4-4b93-9c6c-6938cb4c5a3c