Lucene search
This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.TENABLE_OT_MITSUBISHI_CVE-2023-1424.NASLHistoryJun 19, 2023 - 12:00 a.m.
Mitsubishi Electric MELSEC Series CPU Module Buffer Copy Without Checking Size of Input (CVE-2023-1424)
2023-06-1900:00:00
This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
11
mitsubishi electric
melsec
cpu module
buffer overflow
vulnerability
denial of service
remote attacker
code execution
system reset
tenable.ot
tenable ot scanner
10 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
0.01 Low
EPSS
Percentile
83.4%
Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’) vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules allows a remote unauthenticated attacker to cause a denial of service (DoS) condition or execute malicious code on a target product by sending specially crafted packets. A system reset of the product is required for recovery from a denial of service (DoS) condition and malicious code execution.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(501190);
script_version("1.7");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/25");
script_cve_id("CVE-2023-1424");
script_name(english:"Mitsubishi Electric MELSEC Series CPU Module Buffer Copy Without Checking Size of Input (CVE-2023-1424)");
script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
script_set_attribute(attribute:"description", value:
"Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series
CPU modules allows a remote unauthenticated attacker to cause a denial
of service (DoS) condition or execute malicious code on a target
product by sending specially crafted packets. A system reset of the
product is required for recovery from a denial of service (DoS)
condition and malicious code execution.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
script_set_attribute(attribute:"see_also", value:"https://www.cisa.gov/news-events/ics-advisories/icsa-23-143-03");
# https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-003_en.pdf
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?d91d5eba");
script_set_attribute(attribute:"see_also", value:"https://jvn.jp/vu/JVNVU94650413");
# https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1727
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?814ed00f");
script_set_attribute(attribute:"solution", value:
'The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.
Mitsubishi Electric created the following firmware versions to address this issue and encourages users to update:
- MELSEC iQ-F Series: firmware version 1.290.
- MELSEC iQ-R Series R00/01/02CPU: firmware version 36 or later.
- MELSEC iQ-R Series R04/08/16/32/120(EN)CPU: firmware version 69 or later.
- MELSEC iQ-R Series R08/16/32/120SFCPU: firmware version 32 or later.
- MELSEC iQ-R Series R08/16/32/120PCPU: firmware version 38 or later.
In case of using the affected MELSEC iQ-R Series R08/16/32/120SFCPU, take mitigations and workarounds measures because
updating the product to the fixed version is not available.
Users should refer to the following manuals when updating:
- "9 FIRMWARE UPDATE FUNCTION" in the MELSEC iQ-F FX5 User\'s Manual (Application).
- MELSEC iQ-R Module Configuration Manual "Appendix 2: Firmware Update Function."
Mitsubishi Electric recommends that customers take the following mitigation measures to minimize the risk of exploiting
this vulnerability:
- Use a firewall or virtual private network (VPN), etc. to prevent unauthorized access when Internet access is required.
- Use within a LAN and block access from untrusted networks and hosts through firewalls.
- Restrict physical access to the LAN that is connected by affected products.
- Use IP filter function to block access from untrusted hosts. For details regarding the IP filter function, users can
refer to: - "13.1 IP Filter Function" in the MELSEC iQ-F FX5 User\'s Manual (Communication).
- "1.13 Security"-"IP filter" in the MELSEC iQ-R Ethernet User\'s Manual (Application).
For specific update instructions and additional details see the Mitsubishi Electric advisory.');
script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-1424");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_cwe_id(120);
script_set_attribute(attribute:"vuln_publication_date", value:"2023/05/24");
script_set_attribute(attribute:"patch_publication_date", value:"2023/05/24");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/06/19");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:melsec_iq-fx5u-32mr%2fds_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:melsec_iq-fx5u-32mr%2fdss_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:melsec_iq-fx5u-32mr%2fes_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:melsec_iq-fx5u-32mr%2fess_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:melsec_iq-fx5u-32mt%2fds_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:melsec_iq-fx5u-32mt%2fdss_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:melsec_iq-fx5u-32mt%2fes_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:melsec_iq-fx5u-32mt%2fess_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:melsec_iq-fx5u-64mr%2fds_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:melsec_iq-fx5u-64mr%2fdss_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:melsec_iq-fx5u-64mr%2fes_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:melsec_iq-fx5u-64mr%2fess_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:melsec_iq-fx5u-64mt%2fds_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:melsec_iq-fx5u-64mt%2fdss_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:melsec_iq-fx5u-64mt%2fes_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:melsec_iq-fx5u-64mt%2fess_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:melsec_iq-fx5u-80mr%2fds_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:melsec_iq-fx5u-80mr%2fdss_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:melsec_iq-fx5u-80mr%2fes_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:melsec_iq-fx5u-80mr%2fess_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:melsec_iq-fx5u-80mt%2fds_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:melsec_iq-fx5u-80mt%2fdss_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:melsec_iq-fx5u-80mt%2fes_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:melsec_iq-fx5u-80mt%2fess_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:melsec_iq-fx5uc-32mr%2fdds_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:melsec_iq-fx5uc-32mr%2fds-ts_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:melsec_iq-fx5uc-32mr%2fds_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:melsec_iq-fx5uc-32mt%2fdds_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:melsec_iq-fx5uc-32mt%2fds-ts_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:melsec_iq-fx5uc-32mt%2fds_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:melsec_iq-fx5uc-32mt%2fdss-ts_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:melsec_iq-fx5uc-64mr%2fdds_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:melsec_iq-fx5uc-64mr%2fds_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:melsec_iq-fx5uc-64mt%2fdds_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:melsec_iq-fx5uc-64mt%2fds_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:melsec_iq-fx5uc-96mr%2fdds_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:melsec_iq-fx5uc-96mr%2fds_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:melsec_iq-fx5uc-96mt%2fdds_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:melsec_iq-fx5uc-96mt%2fds_firmware:-");
script_set_attribute(attribute:"generated_plugin", value:"former");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Tenable.ot");
script_copyright(english:"This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("tenable_ot_api_integration.nasl");
script_require_keys("Tenable.ot/Mitsubishi");
exit(0);
}
include('tenable_ot_cve_funcs.inc');
get_kb_item_or_exit('Tenable.ot/Mitsubishi');
var asset = tenable_ot::assets::get(vendor:'Mitsubishi');
var vuln_cpes = {
"cpe:/o:mitsubishielectric:melsec_iq-fx5u-32mr%2fds_firmware:-" :
{"versionEndExcluding" : "1.290", "versionStartIncluding" : "1.220", "family" : "MELSECiQF"},
"cpe:/o:mitsubishielectric:melsec_iq-fx5u-32mr%2fdss_firmware:-" :
{"versionEndExcluding" : "1.290", "versionStartIncluding" : "1.220", "family" : "MELSECiQF"},
"cpe:/o:mitsubishielectric:melsec_iq-fx5u-32mr%2fes_firmware:-" :
{"versionEndExcluding" : "1.290", "versionStartIncluding" : "1.220", "family" : "MELSECiQF"},
"cpe:/o:mitsubishielectric:melsec_iq-fx5u-32mr%2fess_firmware:-" :
{"versionEndExcluding" : "1.290", "versionStartIncluding" : "1.220", "family" : "MELSECiQF"},
"cpe:/o:mitsubishielectric:melsec_iq-fx5u-32mt%2fds_firmware:-" :
{"versionEndExcluding" : "1.290", "versionStartIncluding" : "1.220", "family" : "MELSECiQF"},
"cpe:/o:mitsubishielectric:melsec_iq-fx5u-32mt%2fdss_firmware:-" :
{"versionEndExcluding" : "1.290", "versionStartIncluding" : "1.220", "family" : "MELSECiQF"},
"cpe:/o:mitsubishielectric:melsec_iq-fx5u-32mt%2fes_firmware:-" :
{"versionEndExcluding" : "1.290", "versionStartIncluding" : "1.220", "family" : "MELSECiQF"},
"cpe:/o:mitsubishielectric:melsec_iq-fx5u-32mt%2fess_firmware:-" :
{"versionEndExcluding" : "1.290", "versionStartIncluding" : "1.220", "family" : "MELSECiQF"},
"cpe:/o:mitsubishielectric:melsec_iq-fx5u-64mr%2fds_firmware:-" :
{"versionEndExcluding" : "1.290", "versionStartIncluding" : "1.220", "family" : "MELSECiQF"},
"cpe:/o:mitsubishielectric:melsec_iq-fx5u-64mr%2fdss_firmware:-" :
{"versionEndExcluding" : "1.290", "versionStartIncluding" : "1.220", "family" : "MELSECiQF"},
"cpe:/o:mitsubishielectric:melsec_iq-fx5u-64mr%2fes_firmware:-" :
{"versionEndExcluding" : "1.290", "versionStartIncluding" : "1.220", "family" : "MELSECiQF"},
"cpe:/o:mitsubishielectric:melsec_iq-fx5u-64mr%2fess_firmware:-" :
{"versionEndExcluding" : "1.290", "versionStartIncluding" : "1.220", "family" : "MELSECiQF"},
"cpe:/o:mitsubishielectric:melsec_iq-fx5u-64mt%2fds_firmware:-" :
{"versionEndExcluding" : "1.290", "versionStartIncluding" : "1.220", "family" : "MELSECiQF"},
"cpe:/o:mitsubishielectric:melsec_iq-fx5u-64mt%2fdss_firmware:-" :
{"versionEndExcluding" : "1.290", "versionStartIncluding" : "1.220", "family" : "MELSECiQF"},
"cpe:/o:mitsubishielectric:melsec_iq-fx5u-64mt%2fes_firmware:-" :
{"versionEndExcluding" : "1.290", "versionStartIncluding" : "1.220", "family" : "MELSECiQF"},
"cpe:/o:mitsubishielectric:melsec_iq-fx5u-64mt%2fess_firmware:-" :
{"versionEndExcluding" : "1.290", "versionStartIncluding" : "1.220", "family" : "MELSECiQF"},
"cpe:/o:mitsubishielectric:melsec_iq-fx5u-80mr%2fds_firmware:-" :
{"versionEndExcluding" : "1.290", "versionStartIncluding" : "1.220", "family" : "MELSECiQF"},
"cpe:/o:mitsubishielectric:melsec_iq-fx5u-80mr%2fdss_firmware:-" :
{"versionEndExcluding" : "1.290", "versionStartIncluding" : "1.220", "family" : "MELSECiQF"},
"cpe:/o:mitsubishielectric:melsec_iq-fx5u-80mr%2fes_firmware:-" :
{"versionEndExcluding" : "1.290", "versionStartIncluding" : "1.220", "family" : "MELSECiQF"},
"cpe:/o:mitsubishielectric:melsec_iq-fx5u-80mr%2fess_firmware:-" :
{"versionEndExcluding" : "1.290", "versionStartIncluding" : "1.220", "family" : "MELSECiQF"},
"cpe:/o:mitsubishielectric:melsec_iq-fx5u-80mt%2fds_firmware:-" :
{"versionEndExcluding" : "1.290", "versionStartIncluding" : "1.220", "family" : "MELSECiQF"},
"cpe:/o:mitsubishielectric:melsec_iq-fx5u-80mt%2fdss_firmware:-" :
{"versionEndExcluding" : "1.290", "versionStartIncluding" : "1.220", "family" : "MELSECiQF"},
"cpe:/o:mitsubishielectric:melsec_iq-fx5u-80mt%2fes_firmware:-" :
{"versionEndExcluding" : "1.290", "versionStartIncluding" : "1.220", "family" : "MELSECiQF"},
"cpe:/o:mitsubishielectric:melsec_iq-fx5u-80mt%2fess_firmware:-" :
{"versionEndExcluding" : "1.290", "versionStartIncluding" : "1.220", "family" : "MELSECiQF"},
"cpe:/o:mitsubishielectric:melsec_iq-fx5uc-32mr%2fdds_firmware:-" :
{"versionEndExcluding" : "1.290", "versionStartIncluding" : "1.220", "family" : "MELSECiQF"},
"cpe:/o:mitsubishielectric:melsec_iq-fx5uc-32mr%2fds_firmware:-" :
{"versionEndExcluding" : "1.290", "versionStartIncluding" : "1.220", "family" : "MELSECiQF"},
"cpe:/o:mitsubishielectric:melsec_iq-fx5uc-32mr%2fds-ts_firmware:-" :
{"versionEndExcluding" : "1.290", "versionStartIncluding" : "1.220", "family" : "MELSECiQF"},
"cpe:/o:mitsubishielectric:melsec_iq-fx5uc-32mt%2fdds_firmware:-" :
{"versionEndExcluding" : "1.290", "versionStartIncluding" : "1.220", "family" : "MELSECiQF"},
"cpe:/o:mitsubishielectric:melsec_iq-fx5uc-32mt%2fds_firmware:-" :
{"versionEndExcluding" : "1.290", "versionStartIncluding" : "1.220", "family" : "MELSECiQF"},
"cpe:/o:mitsubishielectric:melsec_iq-fx5uc-32mt%2fdss-ts_firmware:-" :
{"versionEndExcluding" : "1.290", "versionStartIncluding" : "1.220", "family" : "MELSECiQF"},
"cpe:/o:mitsubishielectric:melsec_iq-fx5uc-32mt%2fds-ts_firmware:-" :
{"versionEndExcluding" : "1.290", "versionStartIncluding" : "1.220", "family" : "MELSECiQF"},
"cpe:/o:mitsubishielectric:melsec_iq-fx5uc-64mr%2fdds_firmware:-" :
{"versionEndExcluding" : "1.290", "versionStartIncluding" : "1.220", "family" : "MELSECiQF"},
"cpe:/o:mitsubishielectric:melsec_iq-fx5uc-64mr%2fds_firmware:-" :
{"versionEndExcluding" : "1.290", "versionStartIncluding" : "1.220", "family" : "MELSECiQF"},
"cpe:/o:mitsubishielectric:melsec_iq-fx5uc-64mt%2fdds_firmware:-" :
{"versionEndExcluding" : "1.290", "versionStartIncluding" : "1.220", "family" : "MELSECiQF"},
"cpe:/o:mitsubishielectric:melsec_iq-fx5uc-64mt%2fds_firmware:-" :
{"versionEndExcluding" : "1.290", "versionStartIncluding" : "1.220", "family" : "MELSECiQF"},
"cpe:/o:mitsubishielectric:melsec_iq-fx5uc-96mr%2fdds_firmware:-" :
{"versionEndExcluding" : "1.290", "versionStartIncluding" : "1.220", "family" : "MELSECiQF"},
"cpe:/o:mitsubishielectric:melsec_iq-fx5uc-96mr%2fds_firmware:-" :
{"versionEndExcluding" : "1.290", "versionStartIncluding" : "1.220", "family" : "MELSECiQF"},
"cpe:/o:mitsubishielectric:melsec_iq-fx5uc-96mt%2fdds_firmware:-" :
{"versionEndExcluding" : "1.290", "versionStartIncluding" : "1.220", "family" : "MELSECiQF"},
"cpe:/o:mitsubishielectric:melsec_iq-fx5uc-96mt%2fds_firmware:-" :
{"versionEndExcluding" : "1.290", "versionStartIncluding" : "1.220", "family" : "MELSECiQF"}
};
tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_HOLE);
| Vendor | Product | Version | CPE |
|---|---|---|---|
| mitsubishielectric | melsec_iq-fx5u-32mr%2fds_firmware | - | cpe:/o:mitsubishielectric:melsec_iq-fx5u-32mr%2fds_firmware:- |
| mitsubishielectric | melsec_iq-fx5u-32mr%2fdss_firmware | - | cpe:/o:mitsubishielectric:melsec_iq-fx5u-32mr%2fdss_firmware:- |
| mitsubishielectric | melsec_iq-fx5u-32mr%2fes_firmware | - | cpe:/o:mitsubishielectric:melsec_iq-fx5u-32mr%2fes_firmware:- |
| mitsubishielectric | melsec_iq-fx5u-32mr%2fess_firmware | - | cpe:/o:mitsubishielectric:melsec_iq-fx5u-32mr%2fess_firmware:- |
| mitsubishielectric | melsec_iq-fx5u-32mt%2fds_firmware | - | cpe:/o:mitsubishielectric:melsec_iq-fx5u-32mt%2fds_firmware:- |
| mitsubishielectric | melsec_iq-fx5u-32mt%2fdss_firmware | - | cpe:/o:mitsubishielectric:melsec_iq-fx5u-32mt%2fdss_firmware:- |
| mitsubishielectric | melsec_iq-fx5u-32mt%2fes_firmware | - | cpe:/o:mitsubishielectric:melsec_iq-fx5u-32mt%2fes_firmware:- |
| mitsubishielectric | melsec_iq-fx5u-64mt%2fes_firmware | - | cpe:/o:mitsubishielectric:melsec_iq-fx5u-64mt%2fes_firmware:- |
| mitsubishielectric | melsec_iq-fx5u-64mt%2fess_firmware | - | cpe:/o:mitsubishielectric:melsec_iq-fx5u-64mt%2fess_firmware:- |
| mitsubishielectric | melsec_iq-fx5u-80mr%2fds_firmware | - | cpe:/o:mitsubishielectric:melsec_iq-fx5u-80mr%2fds_firmware:- |
Related
nvd
nvd
CVE-2023-1424
2023-05-24 05:15:08
talos
talos
cvelist
cvelist
cve
cve
CVE-2023-1424
2023-05-24 05:15:08
ics
ics
Mitsubishi Electric MELSEC Series CPU Module (Update D)
2024-04-25 12:00:00
prion
prion
Buffer overflow
2023-05-24 05:15:00
talosblog
talosblog
10 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
0.01 Low
EPSS
Percentile
83.4%
Related for TENABLE_OT_MITSUBISHI_CVE-2023-1424.NASL