Mitsubishi Electric MELSEC iQ-F Series

MonitorCVSS 7.5ICS-CERT ICSA-24-324-01Nov 19, 2024

Mitsubishi ElectricEnergy

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

A vulnerability in the Ethernet communication module of Mitsubishi Electric MELSEC iQ-F Series PLCs (FX5-ENET and FX5-ENET/IP) allows a remote attacker to cause a denial-of-service condition by sending a specially crafted network packet. When exploited, Ethernet communication on the module fails and requires a system reset to recover. FX5-ENET/IP versions 1.100 through 1.105 are affected. The FX5-ENET module (versions 1.100 and later) has no fix planned.

What this means

What could happen

An attacker could send a specially crafted network packet to an FX5-ENET or FX5-ENET/IP module, causing Ethernet communication to stop. The module would require a manual reset to recover, disrupting whatever process the PLC controls.

Who's at risk

Energy sector operators running Mitsubishi Electric MELSEC iQ-F Series FX5 PLCs with Ethernet modules (FX5-ENET and FX5-ENET/IP) should be concerned. Any facility using these modules for real-time control of generators, substations, SCADA systems, or other critical processes is at risk of denial-of-service attacks that require manual recovery.

How it could be exploited

An attacker with network access to the Ethernet port of the FX5-ENET/IP module (versions before 1.106) or FX5-ENET module could send a malicious packet that crashes the Ethernet interface, forcing an out-of-band system reset for recovery.

Prerequisites

Network access to the Ethernet port of the affected module
No authentication required

remotely exploitableno authentication requiredlow complexityno patch available for FX5-ENETaffects critical infrastructure

Exploitability

Unlikely to be exploited — EPSS score 0.8%

Affected products (2)

2 EOL

ProductAffected VersionsFix Status

MELSEC iQ-F Series FX5-ENET: >=1.100≥ 1.100No fix (EOL)

MELSEC iQ-F Series FX5-ENET/IP: >=1.100|<1.104≥ 1.100|<1.104No fix (EOL)

Remediation & Mitigation

0/5

Do now

0/2

WORKAROUNDBlock network access to the FX5-ENET and FX5-ENET/IP modules from untrusted networks using firewall rules

WORKAROUNDConfigure IP filter rules on the affected modules to deny connections from unauthorized hosts

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate MELSEC iQ-F Series FX5-ENET/IP firmware to version 1.106 or later using the firmware update file from Mitsubishi Electric's download page

Mitigations - no patch available

0/2

The following products have reached End of Life with no planned fix: MELSEC iQ-F Series FX5-ENET: >=1.100, MELSEC iQ-F Series FX5-ENET/IP: >=1.100|<1.104. Apply the following compensating controls:

HARDENINGRestrict physical access to the modules and to any computers or network switches on the same LAN segment

HARDENINGIsolate the PLC network from the corporate IT network with a firewall or air gap

CVEs (1)

CVE-2024-8403

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/d651e215-e15e-4445-8235-c00015bc7fa2

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.