Lucene search
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.TENABLE_OT_MITSUBISHI_CVE-2023-4625.NASLHistoryJan 18, 2024 - 12:00 a.m.
Mitsubishi Electric MELSEC iQ-F/iQ-R Series CPU Module Improper Restriction of Excessive Authentication Attempts (CVE-2023-4625)
2024-01-1800:00:00
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
6
mitsubishi electric corporation
melsec iq-f series
cpu modules
excessive authentication attempts
remote attacker
web server function
unauthorized login
tenable.ot
CVSS3
5.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
EPSS
0.001
Percentile
41.5%
Improper Restriction of Excessive Authentication Attempts vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules Web server function allows a remote unauthenticated attacker to prevent legitimate users from logging into the Web server function for a certain period after the attacker has attempted to log in illegally by continuously attempting unauthorized login to the Web server function. The impact of this vulnerability will persist while the attacker continues to attempt unauthorized login.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(501931);
script_version("1.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/09/04");
script_cve_id("CVE-2023-4625");
script_xref(name:"ICSA", value:"23-306-02");
script_name(english:"Mitsubishi Electric MELSEC iQ-F/iQ-R Series CPU Module Improper Restriction of Excessive Authentication Attempts (CVE-2023-4625)");
script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
script_set_attribute(attribute:"description", value:
"Improper Restriction of Excessive Authentication Attempts
vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series
CPU modules Web server function allows a remote unauthenticated
attacker to prevent legitimate users from logging into the Web server
function for a certain period after the attacker has attempted to log
in illegally by continuously attempting unauthorized login to the Web
server function. The impact of this vulnerability will persist while
the attacker continues to attempt unauthorized login.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
script_set_attribute(attribute:"see_also", value:"https://jvn.jp/vu/JVNVU94620134");
# https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-014_en.pdf
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?00b4acf2");
script_set_attribute(attribute:"see_also", value:"https://www.cisa.gov/news-events/ics-advisories/icsa-23-306-02");
script_set_attribute(attribute:"solution", value:
'The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.
Mitsubishi Electric recommends that users take the following mitigation measures to minimize the risk:
- Use a firewall or virtual private network (VPN), etc. to prevent unauthorized access when Internet access is required.
- Use within a LAN and block access from untrusted networks and hosts through firewalls.
- Use IP filter function to block access from untrusted hosts. For details on the IP filter function, following manual
for each product; "12.1 IP Filter Function" in the MELSEC iQ-F FX5 User\'s Manual (Ethernet Communication), "1.13
Security" Γ’ΒΒ "IP Filter" in the MELSEC iQ-R Ethernet User\'s Manual (Application).
- Restrict physical access to the affected products and the LAN that is connected by them.
For additional information refer to Mitsubishi Electric\'s security bulletin 2023-014_en.');
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-4625");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(307);
script_set_attribute(attribute:"vuln_publication_date", value:"2023/11/06");
script_set_attribute(attribute:"patch_publication_date", value:"2023/11/06");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/01/18");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:fx5s-30mr%2fes_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:fx5s-30mt%2fes_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:fx5s-30mt%2fess_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:fx5s-40mr%2fes_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:fx5s-40mt%2fes_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:fx5s-40mt%2fess_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:fx5s-60mr%2fes_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:fx5s-60mt%2fes_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:fx5s-60mt%2fess_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:fx5s-80mr%2fes_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:fx5s-80mt%2fes_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:fx5s-80mt%2fess_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:fx5u-32mr%2fds_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:fx5u-32mr%2fes_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:fx5u-32mt%2fds_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:fx5u-32mt%2fdss_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:fx5u-32mt%2fes_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:fx5u-32mt%2fess_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:fx5u-64mr%2fds_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:fx5u-64mr%2fes_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:fx5u-64mt%2fds_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:fx5u-64mt%2fdss_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:fx5u-64mt%2fes_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:fx5u-64mt%2fess_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:fx5u-80mr%2fds_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:fx5u-80mr%2fes_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:fx5u-80mt%2fds_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:fx5u-80mt%2fdss_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:fx5u-80mt%2fes_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:fx5u-80mt%2fess_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:fx5uc-32mr%2fds-ts_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:fx5uc-32mt%2fd_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:fx5uc-32mt%2fds-ts_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:fx5uc-32mt%2fdss-ts_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:fx5uc-32mt%2fdss_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:fx5uc-64mt%2fd_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:fx5uc-64mt%2fdss_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:fx5uc-96mt%2fd_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:fx5uc-96mt%2fdss_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:fx5uj-24mr%2fds_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:fx5uj-24mr%2fes-a_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:fx5uj-24mr%2fes_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:fx5uj-24mt%2fds_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:fx5uj-24mt%2fdss_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:fx5uj-24mt%2fes-a_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:fx5uj-24mt%2fes_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:fx5uj-24mt%2fess_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:fx5uj-40mr%2fds_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:fx5uj-40mr%2fes-a_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:fx5uj-40mr%2fes_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:fx5uj-40mt%2fds_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:fx5uj-40mt%2fdss_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:fx5uj-40mt%2fes-a_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:fx5uj-40mt%2fes_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:fx5uj-40mt%2fess_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:fx5uj-60mr%2fds_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:fx5uj-60mr%2fes-a_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:fx5uj-60mr%2fes_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:fx5uj-60mt%2fds_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:fx5uj-60mt%2fdss_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:fx5uj-60mt%2fes-a_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:fx5uj-60mt%2fes_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:fx5uj-60mt%2fess_firmware:-");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Tenable.ot");
script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("tenable_ot_api_integration.nasl");
script_require_keys("Tenable.ot/Mitsubishi");
exit(0);
}
include('tenable_ot_cve_funcs.inc');
get_kb_item_or_exit('Tenable.ot/Mitsubishi');
var asset = tenable_ot::assets::get(vendor:'Mitsubishi');
var vuln_cpes = {
"cpe:/o:mitsubishielectric:fx5u-32mt%2fes_firmware:-" :
{"family" : "MELSECiQF"},
"cpe:/o:mitsubishielectric:fx5u-64mt%2fes_firmware:-" :
{"family" : "MELSECiQF"},
"cpe:/o:mitsubishielectric:fx5u-80mt%2fes_firmware:-" :
{"family" : "MELSECiQF"},
"cpe:/o:mitsubishielectric:fx5u-32mr%2fes_firmware:-" :
{"family" : "MELSECiQF"},
"cpe:/o:mitsubishielectric:fx5u-64mr%2fes_firmware:-" :
{"family" : "MELSECiQF"},
"cpe:/o:mitsubishielectric:fx5u-80mr%2fes_firmware:-" :
{"family" : "MELSECiQF"},
"cpe:/o:mitsubishielectric:fx5u-32mt%2fds_firmware:-" :
{"family" : "MELSECiQF"},
"cpe:/o:mitsubishielectric:fx5u-64mt%2fds_firmware:-" :
{"family" : "MELSECiQF"},
"cpe:/o:mitsubishielectric:fx5u-80mt%2fds_firmware:-" :
{"family" : "MELSECiQF"},
"cpe:/o:mitsubishielectric:fx5u-32mr%2fds_firmware:-" :
{"family" : "MELSECiQF"},
"cpe:/o:mitsubishielectric:fx5u-64mr%2fds_firmware:-" :
{"family" : "MELSECiQF"},
"cpe:/o:mitsubishielectric:fx5u-80mr%2fds_firmware:-" :
{"family" : "MELSECiQF"},
"cpe:/o:mitsubishielectric:fx5u-32mt%2fess_firmware:-" :
{"family" : "MELSECiQF"},
"cpe:/o:mitsubishielectric:fx5u-64mt%2fess_firmware:-" :
{"family" : "MELSECiQF"},
"cpe:/o:mitsubishielectric:fx5u-80mt%2fess_firmware:-" :
{"family" : "MELSECiQF"},
"cpe:/o:mitsubishielectric:fx5u-32mt%2fdss_firmware:-" :
{"family" : "MELSECiQF"},
"cpe:/o:mitsubishielectric:fx5u-64mt%2fdss_firmware:-" :
{"family" : "MELSECiQF"},
"cpe:/o:mitsubishielectric:fx5u-80mt%2fdss_firmware:-" :
{"family" : "MELSECiQF"},
"cpe:/o:mitsubishielectric:fx5uc-32mt%2fd_firmware:-" :
{"family" : "MELSECiQF"},
"cpe:/o:mitsubishielectric:fx5uc-64mt%2fd_firmware:-" :
{"family" : "MELSECiQF"},
"cpe:/o:mitsubishielectric:fx5uc-96mt%2fd_firmware:-" :
{"family" : "MELSECiQF"},
"cpe:/o:mitsubishielectric:fx5uc-32mt%2fdss_firmware:-" :
{"family" : "MELSECiQF"},
"cpe:/o:mitsubishielectric:fx5uc-64mt%2fdss_firmware:-" :
{"family" : "MELSECiQF"},
"cpe:/o:mitsubishielectric:fx5uc-96mt%2fdss_firmware:-" :
{"family" : "MELSECiQF"},
"cpe:/o:mitsubishielectric:fx5uc-32mt%2fds-ts_firmware:-" :
{"family" : "MELSECiQF"},
"cpe:/o:mitsubishielectric:fx5uc-32mt%2fdss-ts_firmware:-" :
{"family" : "MELSECiQF"},
"cpe:/o:mitsubishielectric:fx5uc-32mr%2fds-ts_firmware:-" :
{"family" : "MELSECiQF"},
"cpe:/o:mitsubishielectric:fx5uj-24mt%2fes_firmware:-" :
{"family" : "MELSECiQF"},
"cpe:/o:mitsubishielectric:fx5uj-40mt%2fes_firmware:-" :
{"family" : "MELSECiQF"},
"cpe:/o:mitsubishielectric:fx5uj-60mt%2fes_firmware:-" :
{"family" : "MELSECiQF"},
"cpe:/o:mitsubishielectric:fx5uj-24mr%2fes_firmware:-" :
{"family" : "MELSECiQF"},
"cpe:/o:mitsubishielectric:fx5uj-40mr%2fes_firmware:-" :
{"family" : "MELSECiQF"},
"cpe:/o:mitsubishielectric:fx5uj-60mr%2fes_firmware:-" :
{"family" : "MELSECiQF"},
"cpe:/o:mitsubishielectric:fx5uj-24mt%2fess_firmware:-" :
{"family" : "MELSECiQF"},
"cpe:/o:mitsubishielectric:fx5uj-40mt%2fess_firmware:-" :
{"family" : "MELSECiQF"},
"cpe:/o:mitsubishielectric:fx5uj-60mt%2fess_firmware:-" :
{"family" : "MELSECiQF"},
"cpe:/o:mitsubishielectric:fx5uj-24mt%2fds_firmware:-" :
{"family" : "MELSECiQF"},
"cpe:/o:mitsubishielectric:fx5uj-40mt%2fds_firmware:-" :
{"family" : "MELSECiQF"},
"cpe:/o:mitsubishielectric:fx5uj-60mt%2fds_firmware:-" :
{"family" : "MELSECiQF"},
"cpe:/o:mitsubishielectric:fx5uj-24mr%2fds_firmware:-" :
{"family" : "MELSECiQF"},
"cpe:/o:mitsubishielectric:fx5uj-40mr%2fds_firmware:-" :
{"family" : "MELSECiQF"},
"cpe:/o:mitsubishielectric:fx5uj-60mr%2fds_firmware:-" :
{"family" : "MELSECiQF"},
"cpe:/o:mitsubishielectric:fx5uj-24mt%2fdss_firmware:-" :
{"family" : "MELSECiQF"},
"cpe:/o:mitsubishielectric:fx5uj-40mt%2fdss_firmware:-" :
{"family" : "MELSECiQF"},
"cpe:/o:mitsubishielectric:fx5uj-60mt%2fdss_firmware:-" :
{"family" : "MELSECiQF"},
"cpe:/o:mitsubishielectric:fx5uj-24mt%2fes-a_firmware:-" :
{"family" : "MELSECiQF"},
"cpe:/o:mitsubishielectric:fx5uj-40mt%2fes-a_firmware:-" :
{"family" : "MELSECiQF"},
"cpe:/o:mitsubishielectric:fx5uj-60mt%2fes-a_firmware:-" :
{"family" : "MELSECiQF"},
"cpe:/o:mitsubishielectric:fx5uj-24mr%2fes-a_firmware:-" :
{"family" : "MELSECiQF"},
"cpe:/o:mitsubishielectric:fx5uj-40mr%2fes-a_firmware:-" :
{"family" : "MELSECiQF"},
"cpe:/o:mitsubishielectric:fx5uj-60mr%2fes-a_firmware:-" :
{"family" : "MELSECiQF"},
"cpe:/o:mitsubishielectric:fx5s-30mt%2fes_firmware:-" :
{"family" : "MELSECiQF"},
"cpe:/o:mitsubishielectric:fx5s-40mt%2fes_firmware:-" :
{"family" : "MELSECiQF"},
"cpe:/o:mitsubishielectric:fx5s-60mt%2fes_firmware:-" :
{"family" : "MELSECiQF"},
"cpe:/o:mitsubishielectric:fx5s-80mt%2fes_firmware:-" :
{"family" : "MELSECiQF"},
"cpe:/o:mitsubishielectric:fx5s-30mr%2fes_firmware:-" :
{"family" : "MELSECiQF"},
"cpe:/o:mitsubishielectric:fx5s-40mr%2fes_firmware:-" :
{"family" : "MELSECiQF"},
"cpe:/o:mitsubishielectric:fx5s-60mr%2fes_firmware:-" :
{"family" : "MELSECiQF"},
"cpe:/o:mitsubishielectric:fx5s-80mr%2fes_firmware:-" :
{"family" : "MELSECiQF"},
"cpe:/o:mitsubishielectric:fx5s-30mt%2fess_firmware:-" :
{"family" : "MELSECiQF"},
"cpe:/o:mitsubishielectric:fx5s-40mt%2fess_firmware:-" :
{"family" : "MELSECiQF"},
"cpe:/o:mitsubishielectric:fx5s-60mt%2fess_firmware:-" :
{"family" : "MELSECiQF"},
"cpe:/o:mitsubishielectric:fx5s-80mt%2fess_firmware:-" :
{"family" : "MELSECiQF"}
};
tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_WARNING);
Related
prion
prion
Authentication flaw
2023-11-06 05:15:00
ics
ics
Mitsubishi Electric MELSEC iQ-F/iQ-R Series CPU Module (Update A)
2024-02-15 12:00:00
cvelist
cvelist
nvd
nvd
CVE-2023-4625
2023-11-06 05:15:15
cve
cve
CVE-2023-4625
2023-11-06 05:15:15
CVSS3
5.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
EPSS
0.001
Percentile
41.5%
Related for TENABLE_OT_MITSUBISHI_CVE-2023-4625.NASL