Mitsubishi Electric MELSOFT MaiLab and MELSOFT VIXIO (Update A)
Monitor5.9ICS-CERT ICSA-24-200-01Jul 18, 2024
Attack VectorNetwork
Auth RequiredNone
ComplexityHigh
User InteractionNone needed
Summary
MELSOFT MaiLab and VIXIO are engineering software tools used to develop and configure Mitsubishi Electric industrial control systems. The vulnerability is a denial-of-service flaw (CWE-347: Improper Verification of Cryptographic Signature) in affected versions. A remote attacker with network access to an engineering workstation can send a specially crafted request that causes the software to crash or become unresponsive. The flaw has high attack complexity, requiring specific conditions to exploit, and no public exploitation has been reported. This vulnerability does not affect running control systems or field devices, only the engineering software used to configure them.
What this means
What could happen
An attacker could cause MELSOFT MaiLab or VIXIO engineering software to become unresponsive or crash, interrupting development, testing, or configuration work on Mitsubishi Electric industrial systems.
Who's at risk
Mitsubishi Electric customers in the energy sector and other industries who use MELSOFT MaiLab or VIXIO software for engineering and configuration of industrial control systems. The impact is highest for organizations that depend on continuous engineering workstation availability for operations or safety-critical system changes.
How it could be exploited
An attacker on the network sends a specially crafted request to the affected MELSOFT application. The high attack complexity suggests the request must meet specific conditions (such as particular system state or network timing), but once successful, causes a denial-of-service condition that crashes the engineering workstation.
Prerequisites
- Network access to the engineering workstation running MELSOFT MaiLab or VIXIO
- The affected software version must be installed (MaiLab 1.00A–1.05F or VIXIO 1.00A–1.03D)
- No authentication required to trigger the denial-of-service condition
remotely exploitableno authentication requiredhigh attack complexityaffects engineering workstations that manage critical systems
Exploitability
Low exploit probability (EPSS 0.7%)
Affected products (4)
4 with fix
ProductAffected VersionsFix Status
MELSOFT MaiLab SW1DND-MAILABPR-M: >=1.00A|<1.05F≥ 1.00A|<1.05F1.06G or later
MELSOFT MaiLab SW1DND-MAILAB-M: >=1.00A|<1.05F≥ 1.00A|<1.05F1.06G or later
MELSOFT VIXIO SW1DND-AIVILE-M: >=1.00A|<1.03D≥ 1.00A|<1.03D1.04E or later
MELSOFT VIXIO SW1DND-AIVIIN-M: >=1.00A|<1.03D≥ 1.00A|<1.03D1.04E or later
Remediation & Mitigation
0/6
Do now
0/2WORKAROUNDRestrict network access to engineering workstations running MELSOFT with a firewall; block connections from untrusted networks and only allow access from trusted engineering stations
WORKAROUNDUse a VPN when Internet access to engineering workstations is required
Schedule — requires maintenance window
0/2Patching may require device reboot — plan for process interruption
HOTFIXUpdate MELSOFT MaiLab to version 1.06G or later
HOTFIXUpdate MELSOFT VIXIO to version 1.04E or later
Long-term hardening
0/2HARDENINGRestrict physical access to PCs running MELSOFT and the networks they connect to
HARDENINGTrain users to avoid clicking links or opening attachments from untrusted emails or messages
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/197ed6b7-6534-4c11-9cdc-1c955db3a5b8