A null pointer dereference vulnerability exists in all versions of the Mitsubishi Electric MELSEC iQ-F FX5-OPC module. When a user imports a specially crafted PKCS#12 format certificate, the module crashes, causing the OPC UA server to become unavailable. This breaks communication between the FX5-OPC module and any SCADA systems, HMIs, or engineering tools that depend on it for real-time data or control operations. Mitsubishi Electric has no plans to patch this product and recommends defensive network measures instead.
What this means
What could happen
A remote attacker could crash the MELSEC iQ-F FX5-OPC module by tricking a user into importing a malicious certificate, causing the OPC UA server to stop responding and interrupting communication with PLCs and HMIs that rely on it for data collection and control.
Who's at risk
This vulnerability affects organizations operating Mitsubishi Electric MELSEC iQ-F FX5-OPC modules in factory automation and process control environments. Water utilities and electric utilities using Mitsubishi PLCs with OPC UA connectivity should be concerned, as should any facility relying on OPC UA for real-time data collection from programmable logic controllers or distributed control systems.
How it could be exploited
An attacker sends a specially crafted PKCS#12 certificate file to a legitimate user with access to the FX5-OPC module. When the user imports the certificate through the module's configuration interface, the defective certificate parsing causes a crash (null pointer dereference). The OPC UA server becomes unavailable, breaking any active connections from SCADA systems or engineering workstations that depend on it.
Prerequisites
User with legitimate access to FX5-OPC module to import certificates
Ability to deliver a malicious certificate file to the authorized user (email, file share, social engineering)
OPC UA server must be running on the FX5-OPC module
remotely exploitableno authentication required for exploitation (user must perform action)low complexity attackaffects availability of control system communicationsno patch available (end-of-life product)
HARDENINGRestrict network access to the FX5-OPC module using a firewall; allow only traffic from trusted engineering networks and SCADA systems
WORKAROUNDEnable and configure the IP filter function in the FX5-OPC module to block connections from untrusted hosts and networks
Schedule — requires maintenance window
0/2
Patching may require device reboot — plan for process interruption
HARDENINGEstablish a certificate import policy: only authorized administrators may import certificates, and only after verifying the source and format
HARDENINGUse a VPN or dedicated secure network for any remote access to the FX5-OPC module or engineering workstations that manage it
Mitigations - no patch available
0/1
MELSEC iQ-F FX5-OPC: vers:all/* has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGRestrict physical access to computers and network devices on the same LAN as the FX5-OPC module to prevent unauthorized certificate installation