Mitsubishi Electric FA Engineering Software Products
Monitor5.3ICS-CERT ICSA-23-341-01Dec 7, 2023
Attack VectorLocal
Auth RequiredHigh
ComplexityHigh
User InteractionNone needed
Summary
Information disclosure vulnerabilities affecting Mitsubishi Electric MELIPC edge controllers and MELSEC industrial control CPUs. Successful exploitation allows an attacker to disclose information from the affected products. Vulnerabilities involve information exposure mechanisms (CWE-1037, CWE-203) and have high attack complexity, requiring high privileges and local access.
What this means
What could happen
An attacker with local access and elevated privileges could extract sensitive information from these industrial controllers, potentially including system configuration, process parameters, or other operational data stored on the device.
Who's at risk
Organizations operating industrial automation systems, particularly in the energy sector, using Mitsubishi Electric MELIPC edge controllers (MI series) or MELSEC iQ-R and MELSEC Q series CPUs for process control, data logging, or safety-critical applications.
How it could be exploited
An attacker must gain physical access to the device or obtain high-level administrative credentials through social engineering or prior system compromise. The attacker would then exploit the information disclosure vulnerability to read sensitive data from the controller's memory or storage, potentially revealing process logic, security configurations, or operational parameters.
Prerequisites
- Physical access to the device, or remote administrative credentials obtained through other means
- High privilege level on the system (user must have administrative or engineering access)
- Local or directly connected network access (not remotely exploitable over the internet)
no patch availablehigh attack complexityrequires administrative privilegesrequires local or physical accessaffects control system PLCs
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (10)
10 EOL
ProductAffected VersionsFix Status
MELIPC MI5122-VW: vers:all/*All versionsNo fix (EOL)
MELIPC MI2012-W: vers:all/*All versionsNo fix (EOL)
MELIPC MI1002-W: vers:all/*All versionsNo fix (EOL)
MELIPC MI3321G-W: vers:all/*All versionsNo fix (EOL)
MELIPC MI3315G-W: vers:all/*All versionsNo fix (EOL)
MELSEC iQ-R R102WCPU-W: vers:all/*All versionsNo fix (EOL)
MELSEC Q Q24DHCCPU-V: vers:all/*All versionsNo fix (EOL)
MELSEC Q Q24DHCCPU-LS: vers:all/*All versionsNo fix (EOL)
Remediation & Mitigation
0/4
Do now
0/2HARDENINGRestrict physical access to MELIPC and MELSEC controllers to authorized personnel only. Implement badge access, locked enclosures, or secured equipment rooms.
HARDENINGIsolate control system networks from business networks using firewalls and network segmentation. Ensure these devices are not reachable from the Internet or untrusted networks.
Schedule — requires maintenance window
0/2Patching may require device reboot — plan for process interruption
HARDENINGImplement strong authentication for administrative access to engineering workstations and controllers. Restrict who can obtain engineering-level credentials.
HARDENINGIf remote access to these devices is required, use VPN with current security patches, and limit VPN access to specific trusted accounts with multi-factor authentication.
CVEs (2)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/3e911d71-f50a-4c9f-9b51-c654fab43ffe