Mitsubishi Electric MELSEC iQ-R Series

Plan Patch8.6ICS-CERT ICSA-22-335-01Dec 1, 2022

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

A vulnerability in Mitsubishi Electric MELSEC iQ-R Series controllers allows a remote unauthenticated attacker to send specially crafted packets that cause a denial-of-service condition by crashing the network interface. The affected products are: RJ71EN71 Ethernet module (firmware version 65 and earlier) and R04/08/16/32/120ENCPU processors (network part firmware version 65 and earlier). The vulnerability lacks input validation on incoming network packets (CWE-20).

What this means

What could happen

An attacker could send specially crafted network packets to crash or disable the controller's network interface, stopping communication between the PLC and remote monitoring systems or other connected devices and potentially halting production.

Who's at risk

Water authorities and electric utilities using Mitsubishi Electric MELSEC iQ-R series controllers (RJ71EN71 Ethernet modules or R04/08/16/32/120ENCPU processors) for remote I/O, communication, or any networked control applications should assess their exposure. Any facility where loss of controller network connectivity would disrupt operations is at risk.

How it could be exploited

An unauthenticated attacker on the network sends malformed packets to the controller's Ethernet port (port 502 for MELSEC). The controller lacks input validation, causing it to become unavailable. No credentials or special network position is required—the attacker only needs network reachability to the device.

Prerequisites

Network access to the MELSEC iQ-R controller on Ethernet
No authentication required
Controller firmware version 65 or earlier

remotely exploitableno authentication requiredlow complexitydenial of service impact on control operationshigh CVSS score (8.6)

Exploitability

Low exploit probability (EPSS 0.3%)

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

MELSEC iQ-R Series - RJ71EN71: Firmware≤ 6566 or later

MELSEC iQ-R Series - R04/08/16/32/120ENCPU: Network part firmware≤ 6566 or later

Remediation & Mitigation

0/6

Do now

0/2

WORKAROUNDEnable and configure IP filter function to restrict which IP addresses can reach the controller

WORKAROUNDDeploy firewall rules to block untrusted external access to the controller's Ethernet port

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate RJ71EN71 firmware to version 66 or later

HOTFIXUpdate R04/08/16/32/120ENCPU network part firmware to version 66 or later

Long-term hardening

0/2

HARDENINGIsolate the MELSEC iQ-R controller behind a firewall from the Internet and untrusted networks

HARDENINGUse a VPN for any required remote access to the controller

CVEs (1)

CVE-2022-40265

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/d0412d64-8dd3-44cd-b424-702b6e0380e0