Detections
Analytics

Mitsubishi Electric MELSEC Series Missing Authentication For Critical Function (CVE-2023-4699)

critical Tenable OT Security Plugin ID 501932

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Insufficient Verification of Data Authenticity vulnerability in Mitsubishi Electric Corporation MELSEC-F Series main modules and MELSEC iQ-F Series CPU modules allows a remote unauthenticated attacker to reset the memory of the products to factory default state and cause denial-of-service (DoS) condition on the products by sending specific packets.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Mitsubishi Electric recommends that customers take the following mitigation measures to minimize the risk of exploiting this vulnerability:

- Use a firewall or virtual private network (VPN), etc. to prevent unauthorized access when Internet access is required.
- Use within a LAN and block access from untrusted networks and hosts through firewalls.
- For MELSEC iQ-F, iQ-R, iQ-L series, and Mitsubishi Electric numerical controller M800V/M80V series and M800/M80/E80 series, use IP filter function to block access from untrusted hosts.For details on the IP filter function, please refer to the following manual for each product."12.1 IP Filter Function" in the MELSEC iQ-F FX5 User's Manual (Ethernet Communication)"3.5 Security/IP filter" in the MELSEC iQ-F FX5 Motion Module User's Manual (CC-Link IE TSN)"1.13 IP Filter" in the MELSEC iQ-R Ethernet User's Manual (Application)"6.2 Security Function/IP filter" in the MELSEC iQ-R Motion Controller Programming Manual (Common)"1.4 Security/IP filter" in the MELSEC iQ-R Motion Module User's Manual (Network)MELSEC iQ-L 运动模块用户手册(网络篇) 1.4 安全 IP滤波器"16. Appendix 3 IP Address Filter Setting Function " M800V/M80V Series Instruction Manual"15. Appendix 2 IP Address Filter Setting Function " M800/M80/E80 Series Instruction Manual
- Restrict physical access to the affected products and the LAN that is connected by them.
- For Mitsubishi Electric numerical controller M800V/M80V series and M800/M80/E80 series, set the parameter "#11094 GX Restriction" to 1 and limit the operation level of the maintenance screen. For details, please refer to the following manual for each product."15 Machine Parameters" M800V/M80V Series Alarm/Parameter Manual"15 Machine Parameters" M800/M80/E80 Series Alarm/Parameter Manual"2.8 Changing the Operation Level (Protect Setting Screen) " M800V/M80V Series Instruction Manual"2.11 Changing the Operation Level (Protect Setting Screen) " M800/M80/E80 Series Instruction Manual

For specific update instructions and additional details see the Mitsubishi Electric advisory.

See Also

http://www.nessus.org/u?55e132f4

https://jvn.jp/vu/JVNVU94620134/

https://www.cisa.gov/news-events/ics-advisories/icsa-23-306-03

Plugin Details

Severity: Critical

ID: 501932

File Name: tenable_ot_mitsubishi_CVE-2023-4699.nasl

Version: 1.4

Type: remote

Family: Tenable.ot

Published: 1/19/2024

Updated: 2/14/2026

Supported Sensors: Tenable OT Security

Risk Information

VPR

Risk Factor: Medium

Score: 6.0

CVSS v2

Risk Factor: High

Base Score: 9.4

Temporal Score: 7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:C/A:C

CVSS Score Source: CVE-2023-4699

CVSS v3

Risk Factor: Critical

Base Score: 9.1

Temporal Score: 7.9

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:mitsubishielectric:fx3u-48mt%2fess_firmware:-, cpe:/o:mitsubishielectric:fx3u-64mt%2fes-a_firmware:-, cpe:/o:mitsubishielectric:fx5s-30mr%2fes_firmware:-, cpe:/o:mitsubishielectric:fx3u-32mt%2fes_firmware:-, cpe:/o:mitsubishielectric:fx3u-128mt%2fess_firmware:-, cpe:/o:mitsubishielectric:fx5s-40mr%2fes_firmware:-, cpe:/o:mitsubishielectric:fx5u-64mt%2fds_firmware:-, cpe:/o:mitsubishielectric:fx3ge-40mr%2fds_firmware:-, cpe:/o:mitsubishielectric:fx5uc-64mt%2fdss_firmware:-, cpe:/o:mitsubishielectric:fx3u-128mr%2fes-a_firmware:-, cpe:/o:mitsubishielectric:fx5uc-96mt%2fdss_firmware:-, cpe:/o:mitsubishielectric:fx5uc-64mt%2fd_firmware:-, cpe:/o:mitsubishielectric:fx3ge-40mt%2fds_firmware:-, cpe:/o:mitsubishielectric:fx5u-32mr%2fes_firmware:-, cpe:/o:mitsubishielectric:fx3uc-96mt%2fd_firmware:-, cpe:/o:mitsubishielectric:fx3u-48mr%2fds_firmware:-, cpe:/o:mitsubishielectric:fx5s-40mt%2fes_firmware:-, cpe:/o:mitsubishielectric:fx3g-24mt%2fes-a_firmware:-, cpe:/o:mitsubishielectric:fx3u-16mt%2fdss_firmware:-, cpe:/o:mitsubishielectric:fx3u-32mr%2fes_firmware:-, cpe:/o:mitsubishielectric:fx3u-48mt%2fdss_firmware:-, cpe:/o:mitsubishielectric:fx3g-40mt%2fes_firmware:-, cpe:/o:mitsubishielectric:fx5uj-24mt%2fdss_firmware:-, cpe:/o:mitsubishielectric:fx3s-20mt%2fdss_firmware:-, cpe:/o:mitsubishielectric:fx3s-30mt%2fess_firmware:-, cpe:/o:mitsubishielectric:fx3u-64mt%2fds_firmware:-, cpe:/o:mitsubishielectric:fx3uc-16mt%2fd-p4_firmware:-, cpe:/o:mitsubishielectric:fx3uc-16mr%2fd-t_firmware:-, cpe:/o:mitsubishielectric:fx3u-32ms%2fes_firmware:-, cpe:/o:mitsubishielectric:fx5uj-60mt%2fds_firmware:-, cpe:/o:mitsubishielectric:fx3s-20mt%2fds_firmware:-, cpe:/o:mitsubishielectric:fx5s-60mr%2fes_firmware:-, cpe:/o:mitsubishielectric:fx5uj-24mr%2fds_firmware:-, cpe:/o:mitsubishielectric:fx3u-32mt%2fdss_firmware:-, cpe:/o:mitsubishielectric:fx3u-64mt%2fdss_firmware:-, cpe:/o:mitsubishielectric:fx5u-64mr%2fds_firmware:-, cpe:/o:mitsubishielectric:fx3u-32mt%2fes-a_firmware:-, cpe:/o:mitsubishielectric:fx3s-14mt%2fes_firmware:-, cpe:/o:mitsubishielectric:fx5u-80mt%2fdss_firmware:-, cpe:/o:mitsubishielectric:fx3s-10mr%2fds_firmware:-, cpe:/o:mitsubishielectric:fx3s-10mt%2fdss_firmware:-, cpe:/o:mitsubishielectric:fx3s-20mr%2fds_firmware:-, cpe:/o:mitsubishielectric:fx3u-64mt%2fess_firmware:-, cpe:/o:mitsubishielectric:fx3g-40mt%2fess_firmware:-, cpe:/o:mitsubishielectric:fx3s-30mr%2fds_firmware:-, cpe:/o:mitsubishielectric:fx3u-128mr%2fds_firmware:-, cpe:/o:mitsubishielectric:fx3s-20mt%2fess_firmware:-, cpe:/o:mitsubishielectric:fx3g-14mt%2fds_firmware:-, cpe:/o:mitsubishielectric:fx5uc-32mt%2fds-ts_firmware:-, cpe:/o:mitsubishielectric:fx3g-24mr%2fds_firmware:-, cpe:/o:mitsubishielectric:fx3sa-20mr-cm_firmware:-, cpe:/o:mitsubishielectric:fx3g-24mt%2fds_firmware:-, cpe:/o:mitsubishielectric:fx3uc-32mt-lt_firmware:-, cpe:/o:mitsubishielectric:fx3g-60mr%2fds_firmware:-, cpe:/o:mitsubishielectric:fx5u-64mt%2fess_firmware:-, cpe:/o:mitsubishielectric:fx3u-48mr%2fes_firmware:-, cpe:/o:mitsubishielectric:fx3u-64mr%2fua1_firmware:-, cpe:/o:mitsubishielectric:fx3s-30mt%2fes-2ad_firmware:-, cpe:/o:mitsubishielectric:fx5uc-32mr%2fds-ts_firmware:-, cpe:/o:mitsubishielectric:fx5uj-24mt%2fes_firmware:-, cpe:/o:mitsubishielectric:fx3g-40mr%2fes-a_firmware:-, cpe:/o:mitsubishielectric:fx3sa-14mt-cm_firmware:-, cpe:/o:mitsubishielectric:fx3g-14mr%2fes_firmware:-, cpe:/o:mitsubishielectric:fx3uc-32mt%2fd_firmware:-, cpe:/o:mitsubishielectric:fx5uj-40mt%2fdss_firmware:-, cpe:/o:mitsubishielectric:fx5uj-60mt%2fes-a_firmware:-, cpe:/o:mitsubishielectric:fx5s-80mt%2fess_firmware:-, cpe:/o:mitsubishielectric:fx5uj-40mr%2fes_firmware:-, cpe:/o:mitsubishielectric:fx3sa-14mr-cm_firmware:-, cpe:/o:mitsubishielectric:fx3s-20mt%2fes_firmware:-, cpe:/o:mitsubishielectric:fx5uj-60mt%2fes_firmware:-, cpe:/o:mitsubishielectric:fx3g-60mr%2fes-a_firmware:-, cpe:/o:mitsubishielectric:fx5u-32mr%2fds_firmware:-, cpe:/o:mitsubishielectric:fx3uc-16mt%2fdss-p4_firmware:-, cpe:/o:mitsubishielectric:fx5uj-40mr%2fes-a_firmware:-, cpe:/o:mitsubishielectric:fx3g-24mt%2fdss_firmware:-, cpe:/o:mitsubishielectric:fx3u-128mt%2fds_firmware:-, cpe:/o:mitsubishielectric:fx3sa-10mr-cm_firmware:-, cpe:/o:mitsubishielectric:fx3u-16mt%2fds_firmware:-, cpe:/o:mitsubishielectric:fx5uj-60mr%2fes_firmware:-, cpe:/o:mitsubishielectric:fx3s-30mt%2fds_firmware:-, cpe:/o:mitsubishielectric:fx3s-14mr%2fes_firmware:-, cpe:/o:mitsubishielectric:fx5s-80mt%2fes_firmware:-, cpe:/o:mitsubishielectric:fx3s-30mt%2fdss_firmware:-, cpe:/o:mitsubishielectric:fx3ge-24mt%2fds_firmware:-, cpe:/o:mitsubishielectric:fx3sa-30mt-cm_firmware:-, cpe:/o:mitsubishielectric:fx5uj-24mt%2fess_firmware:-, cpe:/o:mitsubishielectric:fx3g-40mr%2fes_firmware:-, cpe:/o:mitsubishielectric:fx3s-14mt%2fds_firmware:-, cpe:/o:mitsubishielectric:fx3ge-40mt%2fdss_firmware:-, cpe:/o:mitsubishielectric:fx5uj-60mr%2fds_firmware:-, cpe:/o:mitsubishielectric:fx3g-14mr%2fds_firmware:-, cpe:/o:mitsubishielectric:fx5u-32mt%2fdss_firmware:-, cpe:/o:mitsubishielectric:fx3g-24mt%2fes_firmware:-, cpe:/o:mitsubishielectric:fx3s-14mr%2fds_firmware:-, cpe:/o:mitsubishielectric:fx3u-16mr%2fes-a_firmware:-, cpe:/o:mitsubishielectric:fx3u-48mt%2fds_firmware:-, cpe:/o:mitsubishielectric:fx3g-40mt%2fes-a_firmware:-, cpe:/o:mitsubishielectric:fx3u-80mt%2fes_firmware:-, cpe:/o:mitsubishielectric:fx5s-40mt%2fess_firmware:-, cpe:/o:mitsubishielectric:fx5uj-40mt%2fes-a_firmware:-, cpe:/o:mitsubishielectric:fx3s-10mr%2fes_firmware:-, cpe:/o:mitsubishielectric:fx3g-40mt%2fdss_firmware:-, cpe:/o:mitsubishielectric:fx3u-48mt%2fes_firmware:-, cpe:/o:mitsubishielectric:fx3u-64mr%2fes_firmware:-, cpe:/o:mitsubishielectric:fx3u-80mr%2fes-a_firmware:-, cpe:/o:mitsubishielectric:fx3u-32mt%2fess_firmware:-, cpe:/o:mitsubishielectric:fx3ge-40mt%2fess_firmware:-, cpe:/o:mitsubishielectric:fx3u-128mr%2fes_firmware:-, cpe:/o:mitsubishielectric:fx5uj-40mt%2fds_firmware:-, cpe:/o:mitsubishielectric:fx5uj-40mt%2fess_firmware:-, cpe:/o:mitsubishielectric:fx3uc-16mr%2fds-t_firmware:-, cpe:/o:mitsubishielectric:fx3ga-40mt-cm_firmware:-, cpe:/o:mitsubishielectric:fx5uc-32mt%2fd_firmware:-, cpe:/o:mitsubishielectric:fx5uj-24mt%2fes-a_firmware:-, cpe:/o:mitsubishielectric:fx5uj-60mt%2fdss_firmware:-, cpe:/o:mitsubishielectric:fx3ge-24mr%2fes_firmware:-, cpe:/o:mitsubishielectric:fx3u-80mr%2fds_firmware:-, cpe:/o:mitsubishielectric:fx3u-64mt%2fes_firmware:-, cpe:/o:mitsubishielectric:fx3s-10mt%2fes_firmware:-, cpe:/o:mitsubishielectric:fx3u-80mt%2fdss_firmware:-, cpe:/o:mitsubishielectric:fx3u-16mr%2fds_firmware:-, cpe:/o:mitsubishielectric:fx5uj-24mr%2fes_firmware:-, cpe:/o:mitsubishielectric:fx5u-80mt%2fes_firmware:-, cpe:/o:mitsubishielectric:fx3ge-24mt%2fess_firmware:-, cpe:/o:mitsubishielectric:fx3ge-40mt%2fes_firmware:-, cpe:/o:mitsubishielectric:fx3s-30mt%2fes_firmware:-, cpe:/o:mitsubishielectric:fx3g-60mt%2fds_firmware:-, cpe:/o:mitsubishielectric:fx5u-80mr%2fds_firmware:-, cpe:/o:mitsubishielectric:fx3u-128mt%2fes-a_firmware:-, cpe:/o:mitsubishielectric:fx3uc-64mt%2fd_firmware:-, cpe:/o:mitsubishielectric:fx3g-60mt%2fdss_firmware:-, cpe:/o:mitsubishielectric:fx3uc-16mt%2fdss_firmware:-, cpe:/o:mitsubishielectric:fx3u-16mr%2fes_firmware:-, cpe:/o:mitsubishielectric:fx5uj-40mr%2fds_firmware:-, cpe:/o:mitsubishielectric:fx3uc-32mt%2fdss_firmware:-, cpe:/o:mitsubishielectric:fx3uc-64mt%2fdss_firmware:-, cpe:/o:mitsubishielectric:fx3ga-40mr-cm_firmware:-, cpe:/o:mitsubishielectric:fx5u-64mt%2fdss_firmware:-, cpe:/o:mitsubishielectric:fx3gc-32mt%2fd_firmware:-, cpe:/o:mitsubishielectric:fx3s-30mr%2fes_firmware:-, cpe:/o:mitsubishielectric:fx3u-32mr%2fes-a_firmware:-, cpe:/o:mitsubishielectric:fx3u-48mr%2fes-a_firmware:-, cpe:/o:mitsubishielectric:fx3uc-16mt%2fd_firmware:-, cpe:/o:mitsubishielectric:fx5uj-60mt%2fess_firmware:-, cpe:/o:mitsubishielectric:fx5u-32mt%2fess_firmware:-, cpe:/o:mitsubishielectric:fx5s-30mt%2fes_firmware:-, cpe:/o:mitsubishielectric:fx3g-40mr%2fds_firmware:-, cpe:/o:mitsubishielectric:fx5u-80mt%2fds_firmware:-, cpe:/o:mitsubishielectric:fx3g-14mt%2fdss_firmware:-, cpe:/o:mitsubishielectric:fx3u-64mr%2fds_firmware:-, cpe:/o:mitsubishielectric:fx3uc-96mt%2fdss_firmware:-, cpe:/o:mitsubishielectric:fx5u-80mr%2fes_firmware:-, cpe:/o:mitsubishielectric:fx3ge-24mt%2fes_firmware:-, cpe:/o:mitsubishielectric:fx3u-128mt%2fdss_firmware:-, cpe:/o:mitsubishielectric:fx3g-60mt%2fes-a_firmware:-, cpe:/o:mitsubishielectric:fx3s-14mt%2fess_firmware:-, cpe:/o:mitsubishielectric:fx5uc-32mt%2fdss_firmware:-, cpe:/o:mitsubishielectric:fx3u-64mr%2fes-a_firmware:-, cpe:/o:mitsubishielectric:fx5s-60mt%2fess_firmware:-, cpe:/o:mitsubishielectric:fx3ga-60mr-cm_firmware:-, cpe:/o:mitsubishielectric:fx3u-80mt%2fess_firmware:-, cpe:/o:mitsubishielectric:fx3u-16mt%2fes_firmware:-, cpe:/o:mitsubishielectric:fx3u-32mr%2fds_firmware:-, cpe:/o:mitsubishielectric:fx5uj-40mt%2fes_firmware:-, cpe:/o:mitsubishielectric:fx3g-60mt%2fess_firmware:-, cpe:/o:mitsubishielectric:fx3uc-32mt-lt-2_firmware:-, cpe:/o:mitsubishielectric:fx3g-14mt%2fes-a_firmware:-, cpe:/o:mitsubishielectric:fx3gc-32mt%2fdss_firmware:-, cpe:/o:mitsubishielectric:fx3sa-10mt-cm_firmware:-, cpe:/o:mitsubishielectric:fx5uj-24mr%2fes-a_firmware:-, cpe:/o:mitsubishielectric:fx3g-24mr%2fes_firmware:-, cpe:/o:mitsubishielectric:fx5s-60mt%2fes_firmware:-, cpe:/o:mitsubishielectric:fx5u-64mt%2fes_firmware:-, cpe:/o:mitsubishielectric:fx3g-14mt%2fes_firmware:-, cpe:/o:mitsubishielectric:fx5uc-96mt%2fd_firmware:-, cpe:/o:mitsubishielectric:fx5uc-32mt%2fdss-ts_firmware:-, cpe:/o:mitsubishielectric:fx3ga-24mr-cm_firmware:-, cpe:/o:mitsubishielectric:fx3ga-24mt-cm_firmware:-, cpe:/o:mitsubishielectric:fx3s-30mt%2fess-2ad_firmware:-, cpe:/o:mitsubishielectric:fx3sa-20mt-cm_firmware:-, cpe:/o:mitsubishielectric:fx3g-40mt%2fds_firmware:-, cpe:/o:mitsubishielectric:fx3g-14mr%2fes-a_firmware:-, cpe:/o:mitsubishielectric:fx3u-32mr%2fua1_firmware:-, cpe:/o:mitsubishielectric:fx5s-80mr%2fes_firmware:-, cpe:/o:mitsubishielectric:fx3s-10mt%2fds_firmware:-, cpe:/o:mitsubishielectric:fx3g-60mr%2fes_firmware:-, cpe:/o:mitsubishielectric:fx3u-16mt%2fes-a_firmware:-, cpe:/o:mitsubishielectric:fx3u-80mr%2fes_firmware:-, cpe:/o:mitsubishielectric:fx3s-10mt%2fess_firmware:-, cpe:/o:mitsubishielectric:fx5s-30mt%2fess_firmware:-, cpe:/o:mitsubishielectric:fx3s-20mr%2fes_firmware:-, cpe:/o:mitsubishielectric:fx5u-80mt%2fess_firmware:-, cpe:/o:mitsubishielectric:fx3u-64ms%2fes_firmware:-, cpe:/o:mitsubishielectric:fx3s-30mr%2fes-2ad_firmware:-, cpe:/o:mitsubishielectric:fx5uj-24mt%2fds_firmware:-, cpe:/o:mitsubishielectric:fx3u-32mt%2fds_firmware:-, cpe:/o:mitsubishielectric:fx5u-64mr%2fes_firmware:-, cpe:/o:mitsubishielectric:fx3ga-60mt-cm_firmware:-, cpe:/o:mitsubishielectric:fx3sa-30mr-cm_firmware:-, cpe:/o:mitsubishielectric:fx3u-128mt%2fe_firmware:-, cpe:/o:mitsubishielectric:fx3ge-40mr%2fes_firmware:-, cpe:/o:mitsubishielectric:fx5uj-60mr%2fes-a_firmware:-, cpe:/o:mitsubishielectric:fx5u-32mt%2fes_firmware:-, cpe:/o:mitsubishielectric:fx3s-14mt%2fdss_firmware:-, cpe:/o:mitsubishielectric:fx3g-14mt%2fess_firmware:-, cpe:/o:mitsubishielectric:fx3g-60mt%2fes_firmware:-, cpe:/o:mitsubishielectric:fx3ge-24mt%2fdss_firmware:-, cpe:/o:mitsubishielectric:fx3u-48mt%2fes-a_firmware:-, cpe:/o:mitsubishielectric:fx3ge-24mr%2fds_firmware:-, cpe:/o:mitsubishielectric:fx3u-80mt%2fds_firmware:-, cpe:/o:mitsubishielectric:fx3u-80mt%2fes-a_firmware:-, cpe:/o:mitsubishielectric:fx3g-24mr%2fes-a_firmware:-, cpe:/o:mitsubishielectric:fx3g-24mt%2fess_firmware:-, cpe:/o:mitsubishielectric:fx5u-32mt%2fds_firmware:-, cpe:/o:mitsubishielectric:fx3u-16mt%2fess_firmware:-

Required KB Items: Tenable.ot/Mitsubishi

Exploit Ease: No known exploits are available

Patch Publication Date: 11/6/2023

Vulnerability Publication Date: 11/6/2023

Reference Information

CVE: CVE-2023-4699

CWE: 345

ICSA: 23-306-03