Mitsubishi Electric Factory Automation Products

Plan Patch8.8ICS-CERT ICSA-23-122-01May 2, 2023

Attack VectorLocal

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

Multiple Intel processor side-channel vulnerabilities (CVE-2020-8670, CVE-2020-24489, CVE-2020-24512, CVE-2021-0127, CVE-2021-0146, CVE-2021-0086, CVE-2021-0089, CVE-2021-33150, CVE-2022-0002) are present in Mitsubishi Electric factory automation products that use Intel CPUs. These vulnerabilities allow privilege escalation, unauthorized parameter disclosure, and denial-of-service conditions. Affected products include MELIPC edge controllers (all versions) and MELSEC Q-series and iQ-R series programmable logic controllers (all versions). No vendor patches are available. Exploitation requires local physical access to the device and valid local user credentials. The vulnerabilities are not remotely exploitable.

What this means

What could happen

An attacker with local physical access to a Mitsubishi PLC or edge controller could escalate privileges to run arbitrary commands, view protected configuration data, or halt production operations. These are foundational systems that control manufacturing lines and industrial processes.

Who's at risk

Energy sector facilities running Mitsubishi factory automation controllers—specifically MELIPC edge/IPC series (MI5122-VM, MI1002-W, MI2012-W, MI3321G-W, MI3315G-W) and MELSEC programmable logic controller series (iQ-R R102WCPU-W, Q24DHCCPU variants, Q26DHCCPU-LS)—that rely on these devices to manage plant operations, safety interlocks, or critical process control.

How it could be exploited

An attacker would need to gain physical access to the device and log in with a valid local user account. Once authenticated locally, they could exploit Intel processor side-channel vulnerabilities present in the device's CPU to escalate to higher privilege levels and execute system commands or extract sensitive parameter information.

Prerequisites

Physical access to the device
Valid local user account credentials
Local login capability (console, serial port, or direct system access)

No patch availableRequires local physical accessValid user credentials requiredAffects industrial control systems used in energy sectorHigh CVSS score (8.8)

Exploitability

Low exploit probability (EPSS 0.5%)

Affected products (10)

10 EOL

ProductAffected VersionsFix Status

MELIPC MI5122-VM: *All versionsNo fix (EOL)

MELIPC MI1002-W: *All versionsNo fix (EOL)

MELIPC MI2012-W: *All versionsNo fix (EOL)

MELIPC MI3321G-W: *All versionsNo fix (EOL)

MELIPC MI3315G-W: *All versionsNo fix (EOL)

MELSEC iQ-R R102WCPU-W: *All versionsNo fix (EOL)

MELSEC Q Q24DHCCPU-V: *All versionsNo fix (EOL)

MELSEC Q Q24DHCCPU-VG: *All versionsNo fix (EOL)

Remediation & Mitigation

0/4

Do now

0/1

HARDENINGRestrict physical access to affected Mitsubishi controllers and terminals to authorized personnel only; implement physical security controls such as locked cabinets, restricted-access control rooms, or perimeter fencing around machinery.

Schedule — requires maintenance window

0/3

Patching may require device reboot — plan for process interruption

HARDENINGReview and audit local user accounts on affected devices; remove or disable unused accounts and enforce strong, unique passwords for all local system accounts.

HARDENINGIsolate affected devices on a physically or logically separate network segment; limit console and local login access to trusted engineering workstations only via jump servers or bastion hosts if remote access is required.

HARDENINGMonitor access logs and authentication attempts on affected devices for unauthorized login attempts or privilege escalation attempts; configure alerts for failed local login events.

CVEs (9)

CVE-2022-0002 CVE-2021-33150 CVE-2021-0127 CVE-2021-0086 CVE-2021-0089 CVE-2021-0146 CVE-2020-24512 CVE-2020-8670 CVE-2020-24489

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/4027b626-15ad-4ccc-958f-0d76d85e183a