Lucene search

K
talosblogMatt WisemanTALOSBLOG:3249D6F8158282DB0A9B6A5BC8C09EC5
HistoryMay 26, 2023 - 7:00 p.m.

Memory corruption vulnerability in Mitsubishi PLC could lead to DoS, code execution

2023-05-2619:00:21
Matt Wiseman
blog.talosintelligence.com
8
mitsubishi melsec iq-f fx5u
buffer overflow
rtos task
cisco talos
vulnerability disclosure
mitsubishi electric corp.

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.01 Low

EPSS

Percentile

83.4%

Memory corruption vulnerability in Mitsubishi PLC could lead to DoS, code execution

Cisco Talos recently discovered a memory corruption vulnerability in the Mitsubishi MELSEC iQ-F FX5U programmable logic controller that is caused by a buffer overflow condition.

The iQ-F FX5U is one offering in Mitsubishi's MELSEC PLC line of hardware that comes with a built-in processor, power supply, Ethernet and 16 I/O points. Users can configure this PLC to host multiple network services, such as an HTTP Server, FTP Server, FTP Client, MODBUS/TCP interface and other Mitsubishi-specific protocols.

A vulnerability, TALOS-2023-1727 (CVE-2023-1424), exists in the device's MELSOFT Direct functionality that is triggered if an adversary sends the targeted device a specially crafted network packet.

This buffer overflow condition could lead to a denial-of-service condition within the RTOS task responsible for parsing the MELSOFT Direct protocol, and potentially give the adversary the ability to execute remote code on the targeted device.

Cisco Talos worked with Mitsubishi to ensure this vulnerability is resolved and an update is available for affected customers, all in adherence to Cisco's vulnerability disclosure policy.

Users are encouraged to update these affected products as soon as possible: Mitsubishi Electric Corp. MELSEC iQ-F FX5U, versions 1.240 and 1.260. Talos tested and confirmed these versions of the controller could be exploited by this vulnerability, however, Mitsubishi also stated in its advisory that versions 1.220 and later are affected.

The following Snort rules will detect exploitation attempts against these vulnerabilities: 61432 and 61433. Additional rules may be released in the future and current rules are subject to change, pending additional vulnerability information. For the most current rule information, please refer to your Cisco Secure Firewall Management Center or Snort.org.

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.01 Low

EPSS

Percentile

83.4%

Related for TALOSBLOG:3249D6F8158282DB0A9B6A5BC8C09EC5