Mitsubishi Electric MELSEC-F Series

Plan Patch7.5ICS-CERT ICSA-22-013-07Jan 13, 2022

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

A flaw in the packet handling logic of Mitsubishi Electric MELSEC-F ethernet modules (FX3U-ENET, FX3U-ENET-L, FX3U-ENET-P502) allows an unauthenticated attacker on the network to send specially crafted packets that cause the module to become unresponsive, resulting in a denial-of-service condition. The vulnerability affects firmware versions 1.16 and earlier. The ethernet module will not respond to legitimate commands or communication until restarted.

What this means

What could happen

An attacker could send crafted network packets to the ethernet module, causing it to stop responding to legitimate network commands, which would interrupt communication between the PLC and your engineering workstations, SCADA systems, and field devices.

Who's at risk

Energy sector operators using Mitsubishi Electric MELSEC-F series PLCs with ethernet modules (FX3U-ENET, FX3U-ENET-L, FX3U-ENET-P502) for process control, especially in generation, distribution, or water treatment facilities where network outages could disrupt operations.

How it could be exploited

An attacker on the network sends malformed packets to the ethernet module's network port (likely port 502 for Modbus or the device's native communication port). The module fails to validate the packet structure properly, crashes or hangs, and stops responding to all network traffic until manually restarted.

Prerequisites

Network access to the ethernet module on its communication port
No credentials or authentication required

remotely exploitableno authentication requiredlow complexitycauses denial of serviceaffects industrial automation systems

Exploitability

Low exploit probability (EPSS 0.4%)

Affected products (3)

3 with fix

ProductAffected VersionsFix Status

FX3U-ENET: Firmware≤ 1.161.17 or later

FX3U-ENET-L: Firmware≤ 1.161.17 or later

FX3U-ENET-P502: Firmware≤ 1.161.17 or later

Remediation & Mitigation

0/3

Do now

0/1

WORKAROUNDBlock untrusted network access to the ethernet module using firewall rules or network segmentation; restrict to known engineering workstations and SCADA servers only

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade FX3U-ENET, FX3U-ENET-L, and FX3U-ENET-P502 firmware to version 1.17 or later

Long-term hardening

0/1

HARDENINGIf internet connectivity is required for the PLC, use a VPN or firewall to isolate it from direct exposure to public networks

CVEs (1)

CVE-2021-20613

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/47133c99-84fb-48a8-aef5-e4c610956e06