Mitsubishi Electric CC-Link IE TSN Industrial Managed Switch (Update A)
Monitor6.5ICS-CERT ICSA-23-278-03Oct 5, 2023
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionRequired
Summary
Mitsubishi Electric CC-Link IE TSN Industrial Managed Switch models NZ2MHG-TSNT8F2 and NZ2MHG-TSNT4 (firmware version 05 and earlier) contain vulnerabilities that allow disclosure of stored information via specially crafted packets (CWE-208, CWE-415) and denial-of-service via malicious certificate import. The information disclosure does not require authentication. The DoS attack requires a legitimate user to import a specially crafted certificate file. CVSS v3.0 score is 6.5 (medium severity).
What this means
What could happen
An attacker could leak sensitive information from the switch or force a legitimate user to import a malicious certificate, causing the device to stop responding to legitimate network traffic. This could interrupt real-time communication across your CC-Link IE TSN industrial network.
Who's at risk
Energy utilities and manufacturing plants using Mitsubishi Electric CC-Link IE TSN managed switches (models NZ2MHG-TSNT8F2 and NZ2MHG-TSNT4) for real-time industrial network communication should prioritize this update. These switches are critical infrastructure nodes for synchronizing devices across production or grid control networks.
How it could be exploited
An attacker on your network could send specially crafted packets to the switch to extract stored information, or trick an authorized user into importing a fake certificate through a phishing email or malicious file, triggering a denial-of-service condition that halts communication between connected industrial devices.
Prerequisites
- Network access to the switch (port 80 or 443 for web interface, or direct packet access)
- User interaction required for certificate import attack (legitimate user must import attacker-controlled certificate file)
- Physical access to network containing the switch for some attack vectors
Remotely exploitableNo authentication required for information disclosure attackLow attack complexityNo patch available for older firmware versionsAffects industrial network infrastructureRequires user interaction for DoS variant
Exploitability
Low exploit probability (EPSS 0.3%)
Affected products (2)
2 with fix
ProductAffected VersionsFix Status
CC-Link IE TSN Industrial Managed Switch NZ2MHG-TSNT8F2: <=firmware_05≤ firmware 05firmware version 06 or later
CC-Link IE TSN Industrial Managed Switch NZ2MHG-TSNT4: <=firmware_05≤ firmware 05firmware version 06 or later
Remediation & Mitigation
0/6
Do now
0/4HARDENINGChange default username and password on the switch web interface immediately after login, using Account Management in the function menu
HARDENINGSet proper access permissions and roles for all users to restrict who can perform administrative actions like importing certificates
WORKAROUNDBlock network access from untrusted sources and the internet to the switch using firewall rules; keep the device within your LAN only
WORKAROUNDIf internet access is required for remote management, use a VPN to encrypt and authenticate all connections to the switch
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HOTFIXUpdate CC-Link IE TSN Industrial Managed Switch NZ2MHG-TSNT8F2 and NZ2MHG-TSNT4 to firmware version 06 or later
Long-term hardening
0/1HARDENINGRestrict physical access to the network segment and equipment where the switch is installed
CVEs (2)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/7335a17d-c9c8-4471-8ca0-afd32d5165b1