Detections
Analytics

Mitsubishi Electric MELSEC Series CPU Module Buffer Copy Without Checking Size of Input (CVE-2023-1424)

high Tenable OT Security Plugin ID 501190

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules allows a remote unauthenticated attacker to cause a denial of service (DoS) condition or execute malicious code on a target product by sending specially crafted packets. A system reset of the product is required for recovery from a denial of service (DoS) condition and malicious code execution.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Mitsubishi Electric created the following firmware versions to address this issue and encourages users to update:

- MELSEC iQ-F Series: firmware version 1.290.
- MELSEC iQ-R Series R00/01/02CPU: firmware version 36 or later.
- MELSEC iQ-R Series R04/08/16/32/120(EN)CPU: firmware version 69 or later.
- MELSEC iQ-R Series R08/16/32/120SFCPU: firmware version 32 or later.
- MELSEC iQ-R Series R08/16/32/120PCPU: firmware version 38 or later.

In case of using the affected MELSEC iQ-R Series R08/16/32/120SFCPU, take mitigations and workarounds measures because updating the product to the fixed version is not available.

Users should refer to the following manuals when updating:

- "9 FIRMWARE UPDATE FUNCTION" in the MELSEC iQ-F FX5 User's Manual (Application).
- MELSEC iQ-R Module Configuration Manual "Appendix 2: Firmware Update Function."

Mitsubishi Electric recommends that customers take the following mitigation measures to minimize the risk of exploiting this vulnerability:

- Use a firewall or virtual private network (VPN), etc. to prevent unauthorized access when Internet access is required.
- Use within a LAN and block access from untrusted networks and hosts through firewalls.
- Restrict physical access to the LAN that is connected by affected products.
- Use IP filter function to block access from untrusted hosts. For details regarding the IP filter function, users can refer to: - "13.1 IP Filter Function" in the MELSEC iQ-F FX5 User's Manual (Communication).
 - "1.13 Security"-"IP filter" in the MELSEC iQ-R Ethernet User's Manual (Application).

For specific update instructions and additional details see the Mitsubishi Electric advisory.

See Also

https://www.cisa.gov/news-events/ics-advisories/icsa-23-143-03

https://jvn.jp/vu/JVNVU94650413

http://www.nessus.org/u?d91d5eba

http://www.nessus.org/u?814ed00f

Plugin Details

Severity: High

ID: 501190

Version: 1.7

Type: remote

Family: Tenable.ot

Published: 6/19/2023

Updated: 4/25/2024

Supported Sensors: Tenable OT Security

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.6

Temporal Score: 6

Vector: CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2023-1424

CVSS v3

Risk Factor: High

Base Score: 8.1

Temporal Score: 7.3

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:mitsubishielectric:melsec_iq-fx5u-32mr%2fds_firmware:-, cpe:/o:mitsubishielectric:melsec_iq-fx5u-32mr%2fdss_firmware:-, cpe:/o:mitsubishielectric:melsec_iq-fx5u-32mr%2fes_firmware:-, cpe:/o:mitsubishielectric:melsec_iq-fx5u-32mr%2fess_firmware:-, cpe:/o:mitsubishielectric:melsec_iq-fx5u-32mt%2fds_firmware:-, cpe:/o:mitsubishielectric:melsec_iq-fx5u-32mt%2fdss_firmware:-, cpe:/o:mitsubishielectric:melsec_iq-fx5u-32mt%2fes_firmware:-, cpe:/o:mitsubishielectric:melsec_iq-fx5u-32mt%2fess_firmware:-, cpe:/o:mitsubishielectric:melsec_iq-fx5u-64mr%2fds_firmware:-, cpe:/o:mitsubishielectric:melsec_iq-fx5u-64mr%2fdss_firmware:-, cpe:/o:mitsubishielectric:melsec_iq-fx5u-64mr%2fes_firmware:-, cpe:/o:mitsubishielectric:melsec_iq-fx5u-64mr%2fess_firmware:-, cpe:/o:mitsubishielectric:melsec_iq-fx5u-64mt%2fds_firmware:-, cpe:/o:mitsubishielectric:melsec_iq-fx5u-64mt%2fdss_firmware:-, cpe:/o:mitsubishielectric:melsec_iq-fx5u-64mt%2fes_firmware:-, cpe:/o:mitsubishielectric:melsec_iq-fx5u-64mt%2fess_firmware:-, cpe:/o:mitsubishielectric:melsec_iq-fx5u-80mr%2fds_firmware:-, cpe:/o:mitsubishielectric:melsec_iq-fx5u-80mr%2fdss_firmware:-, cpe:/o:mitsubishielectric:melsec_iq-fx5u-80mr%2fes_firmware:-, cpe:/o:mitsubishielectric:melsec_iq-fx5u-80mr%2fess_firmware:-, cpe:/o:mitsubishielectric:melsec_iq-fx5u-80mt%2fds_firmware:-, cpe:/o:mitsubishielectric:melsec_iq-fx5u-80mt%2fdss_firmware:-, cpe:/o:mitsubishielectric:melsec_iq-fx5u-80mt%2fes_firmware:-, cpe:/o:mitsubishielectric:melsec_iq-fx5u-80mt%2fess_firmware:-, cpe:/o:mitsubishielectric:melsec_iq-fx5uc-32mr%2fdds_firmware:-, cpe:/o:mitsubishielectric:melsec_iq-fx5uc-32mr%2fds-ts_firmware:-, cpe:/o:mitsubishielectric:melsec_iq-fx5uc-32mr%2fds_firmware:-, cpe:/o:mitsubishielectric:melsec_iq-fx5uc-32mt%2fdds_firmware:-, cpe:/o:mitsubishielectric:melsec_iq-fx5uc-32mt%2fds-ts_firmware:-, cpe:/o:mitsubishielectric:melsec_iq-fx5uc-32mt%2fds_firmware:-, cpe:/o:mitsubishielectric:melsec_iq-fx5uc-32mt%2fdss-ts_firmware:-, cpe:/o:mitsubishielectric:melsec_iq-fx5uc-64mr%2fdds_firmware:-, cpe:/o:mitsubishielectric:melsec_iq-fx5uc-64mr%2fds_firmware:-, cpe:/o:mitsubishielectric:melsec_iq-fx5uc-64mt%2fdds_firmware:-, cpe:/o:mitsubishielectric:melsec_iq-fx5uc-64mt%2fds_firmware:-, cpe:/o:mitsubishielectric:melsec_iq-fx5uc-96mr%2fdds_firmware:-, cpe:/o:mitsubishielectric:melsec_iq-fx5uc-96mr%2fds_firmware:-, cpe:/o:mitsubishielectric:melsec_iq-fx5uc-96mt%2fdds_firmware:-, cpe:/o:mitsubishielectric:melsec_iq-fx5uc-96mt%2fds_firmware:-

Required KB Items: Tenable.ot/Mitsubishi

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/24/2023

Vulnerability Publication Date: 5/24/2023

Reference Information

CVE: CVE-2023-1424

CWE: 120