Mitsubishi Electric MELIPC Series MI5122-VW

Plan PatchCVSS 8.8ICS-CERT ICSA-24-191-02Jul 9, 2024

Mitsubishi ElectricEnergy

Attack path

Attack VectorLocal

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

The MI5122-VW industrial PC in firmware versions 05–07 contains an improper file permissions vulnerability (CWE-276) that allows a local user to read, modify, or delete sensitive system files and configuration data, or cause denial of service. Successful exploitation could disrupt control system operations, alter process parameters, or lead to data loss. Mitsubishi Electric has released a fix in firmware version 08 or later, but customers using affected versions are advised to implement compensating controls due to operational constraints or upgrade scheduling delays.

What this means

What could happen

An attacker with local access to the MI5122-VW device could modify, delete, or steal configuration and operational data, or force the device to stop responding to legitimate commands, disrupting energy grid operations.

Who's at risk

This affects energy sector operators who rely on Mitsubishi Electric MI5122-VW industrial PCs for process monitoring, control, and data logging. Any facility using firmware versions 05–07 is at risk of data tampering, loss, or operational disruption.

How it could be exploited

An attacker must first gain local access to the MI5122-VW industrial PC (via physical access or compromised local account). Once authenticated locally, the attacker can exploit improper file permission settings to read or modify sensitive files and system configurations, or cause denial of service by corrupting critical data structures.

Prerequisites

Local access to the MI5122-VW device (physical or via compromised local user account)
Affected firmware versions 05–07 installed
Low-level user privilege (CWE-276 indicates improper file permissions allow non-admin access)

Local access required but low complexity to exploit (improper file permissions)Affects energy/critical infrastructureNo patch currently available for affected firmware versions—upgrade path may require downtime or is blocked by operational constraints

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (1)

ProductAffected VersionsFix Status

MI5122-VW Firmware: >="05"|<="07"≥ "05"|≤ "07"08+

Remediation & Mitigation

0/5

Do now

0/3

HARDENINGImplement access controls and network segmentation: place the MI5122-VW on an isolated industrial network (DMZ or air-gapped) with restricted access from business networks and the internet

HARDENINGRestrict physical access to the MI5122-VW and limit local user accounts to only those operationally necessary; disable or remove unnecessary local accounts

WORKAROUNDReview and implement Mitsubishi Electric advisory 2024-003 workarounds and mitigations while firmware upgrade is being planned

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade MI5122-VW firmware to version 08 or later

Long-term hardening

0/1

HARDENINGMonitor the device for unauthorized file access or modification using host-based integrity checking if available

CVEs (1)

CVE-2024-3904

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/107fb8e9-6fdf-42aa-ad0c-abf8b9577147

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.