Mitsubishi Electric MELSEC iQ-F FX5-OPC

Monitor7.5ICS-CERT ICSA-24-275-02Oct 1, 2024

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

A null pointer dereference vulnerability exists in MELSEC iQ-F FX5-OPC (all versions) that allows a remote attacker to crash the OPC UA communications module by causing a legitimate user to import a specially crafted PKCS#12 format certificate. The denial-of-service condition disables OPC UA connectivity on the affected PLC until the module is restarted. No patch is available from Mitsubishi Electric.

What this means

What could happen

A remote attacker can crash the MELSEC iQ-F FX5-OPC module by sending a specially crafted certificate, causing the OPC UA communications module to become unavailable and stopping data exchange between the PLC and connected systems.

Who's at risk

Energy sector organizations operating Mitsubishi Electric MELSEC iQ-F series PLCs with OPC UA connectivity for SCADA data exchange, remote monitoring systems, or distributed control architectures should implement network controls immediately.

How it could be exploited

An attacker on the network sends or tricks a legitimate user into importing a malicious PKCS#12 certificate into the FX5-OPC module. When the certificate is imported, the module crashes, cutting off OPC UA connectivity to the PLC. This requires the attacker to either have network access to the device or trick a user into importing the certificate.

Prerequisites

Network access to the MELSEC iQ-F FX5-OPC module on TCP/IP
Ability to deliver a specially crafted PKCS#12 certificate file to a legitimate user with administrative access to import certificates

Remotely exploitableNo authentication required for denial-of-serviceNo patch availableAffects industrial communications moduleRequires user interaction for full exploitation

Exploitability

Low exploit probability (EPSS 0.2%)

Affected products (1)

ProductAffected VersionsFix Status

MELSEC iQ-F FX5-OPC: vers:all/*All versionsNo fix (EOL)

Remediation & Mitigation

0/6

Do now

0/3

WORKAROUNDDo not import certificates from untrusted sources or unknown senders

HARDENINGRestrict network access to the FX5-OPC module using firewall rules to block connections from untrusted networks and hosts

HARDENINGEnable and configure the IP filter function on the FX5-OPC module to only allow connections from trusted engineering workstations and HMI systems

Mitigations - no patch available

0/3

MELSEC iQ-F FX5-OPC: vers:all/* has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGIf internet access is required, use a VPN or firewall to create a segmented connection path to the OPC UA module

HARDENINGRestrict physical access to computers and network devices on the same network as the FX5-OPC module

HARDENINGEnsure the FX5-OPC module is not directly accessible from the internet

CVEs (1)

CVE-2024-0727

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/e0edf36f-a1e4-43f3-b14a-201863174b79