Unpatched Security Flaws Expose Mitsubishi Safety PLCs to Remote Attacks

2021-08-05T09:33:00

Description

[![](https://thehackernews.com/images/-vuPuK8VdORY/YQuv_5NgAfI/AAAAAAAADdA/KULuF_9h6J8tzbBWS2u63202N1n0WWv5QCLcBGAsYHQ/s0/plc.jpg)](<https://thehackernews.com/images/-vuPuK8VdORY/YQuv_5NgAfI/AAAAAAAADdA/KULuF_9h6J8tzbBWS2u63202N1n0WWv5QCLcBGAsYHQ/s0/plc.jpg>) Multiple unpatched security vulnerabilities have been disclosed in Mitsubishi safety programmable logic controllers (PLCs) that could be exploited by an adversary to acquire legitimate user names registered in the module via a brute-force attack, unauthorizedly login to the CPU module, and even cause a denial-of-service (DoS) condition. The security weaknesses, disclosed by [Nozomi Networks](<https://www.nozominetworks.com/blog/new-research-uncovers-5-vulnerabilities-in-mitsubishi-safety-plcs/>), concern the implementation of an authentication mechanism in the [MELSEC communication protocol](<https://dl.mitsubishielectric.com/dl/fa/document/manual/plc/sh081257eng/sh081257engt.pdf>) that's used to communicate and exchange data with the target devices by reading and writing data to the CPU module. A quick summary of the flaws is listed below - * **Username Brute-force (CVE-2021-20594, CVSS score: 5.9) **\- Usernames used during authentication are effectively brute-forceable * **Anti-password Brute-force Functionality Leads to Overly Restrictive Account Lockout Mechanism (CVE-2021-20598, CVSS score: 3.7)** \- The implementation to thwart brute-force attacks not only blocks a potential attacker from using a single IP address, but it also prohibits any user from any IP address from logging in for a certain timeframe, effectively locking legitimate users out * **Leaks of Password Equivalent Secrets (CVE-2021-20597, CVSS score: 7.4)** \- A secret derived from the cleartext password can be abused to authenticate with the PLC successfully * **Session Token Management **\- Cleartext transmission of session tokens, which are not bound to an IP address, thus enabling an adversary to reuse the same token from a different IP after it has been generated Troublingly, some of these flaws can be strung together as part of an exploit chain, permitting an attacker to authenticate themselves with the PLC and tamper with the safety logic, lock users out of the PLC, and worse, change the passwords of registered users, necessitating a physical shutdown of the controller to prevent any further risk. The researchers refrained from sharing technical specifics of the vulnerabilities or the proof-of-concept (PoC) code that was developed to demonstrate the attacks due to the possibility that doing so could lead to further abuse. While Mitsubishi Electric is expected to release a fixed version of the firmware in the "near future," it has published a [series of mitigations](<https://www.mitsubishielectric.com/en/psirt/vulnerability/index.html>) that are aimed at protecting the operational environments and stave off a possible attack. Stating that it's currently [investigating](<https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-011_en.pdf>) the authentication bypass vulnerability concerning how sessions are managed, the company is recommending a combination of mitigation measures to minimize the risk of potential exploitation, including using a firewall to prevent unsanctioned access over the internet, an IP filter to restrict accessible IP addresses, and changing the passwords via USB. "It's likely that the types of issues we uncovered affect the authentication of OT protocols from more than a single vendor, and we want to help protect as many systems as possible," the researchers noted. "Our general concern is that asset owners might be overly reliant on the security of the authentication schemes bolted onto OT protocols, without knowing the technical details and the failure models of these implementations." Found this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter __](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.

{"id": "THN:EADBED997B4242B36B4272B4752F6FB6", "vendorId": null, "type": "thn", "bulletinFamily": "info", "title": "Unpatched Security Flaws Expose Mitsubishi Safety PLCs to Remote Attacks", "description": "[![](https://thehackernews.com/images/-vuPuK8VdORY/YQuv_5NgAfI/AAAAAAAADdA/KULuF_9h6J8tzbBWS2u63202N1n0WWv5QCLcBGAsYHQ/s0/plc.jpg)](<https://thehackernews.com/images/-vuPuK8VdORY/YQuv_5NgAfI/AAAAAAAADdA/KULuF_9h6J8tzbBWS2u63202N1n0WWv5QCLcBGAsYHQ/s0/plc.jpg>)\n\nMultiple unpatched security vulnerabilities have been disclosed in Mitsubishi safety programmable logic controllers (PLCs) that could be exploited by an adversary to acquire legitimate user names registered in the module via a brute-force attack, unauthorizedly login to the CPU module, and even cause a denial-of-service (DoS) condition.\n\nThe security weaknesses, disclosed by [Nozomi Networks](<https://www.nozominetworks.com/blog/new-research-uncovers-5-vulnerabilities-in-mitsubishi-safety-plcs/>), concern the implementation of an authentication mechanism in the [MELSEC communication protocol](<https://dl.mitsubishielectric.com/dl/fa/document/manual/plc/sh081257eng/sh081257engt.pdf>) that's used to communicate and exchange data with the target devices by reading and writing data to the CPU module.\n\nA quick summary of the flaws is listed below -\n\n * **Username Brute-force (CVE-2021-20594, CVSS score: 5.9) **\\- Usernames used during authentication are effectively brute-forceable\n * **Anti-password Brute-force Functionality Leads to Overly Restrictive Account Lockout Mechanism (CVE-2021-20598, CVSS score: 3.7)** \\- The implementation to thwart brute-force attacks not only blocks a potential attacker from using a single IP address, but it also prohibits any user from any IP address from logging in for a certain timeframe, effectively locking legitimate users out\n * **Leaks of Password Equivalent Secrets (CVE-2021-20597, CVSS score: 7.4)** \\- A secret derived from the cleartext password can be abused to authenticate with the PLC successfully\n * **Session Token Management **\\- Cleartext transmission of session tokens, which are not bound to an IP address, thus enabling an adversary to reuse the same token from a different IP after it has been generated\n\nTroublingly, some of these flaws can be strung together as part of an exploit chain, permitting an attacker to authenticate themselves with the PLC and tamper with the safety logic, lock users out of the PLC, and worse, change the passwords of registered users, necessitating a physical shutdown of the controller to prevent any further risk.\n\nThe researchers refrained from sharing technical specifics of the vulnerabilities or the proof-of-concept (PoC) code that was developed to demonstrate the attacks due to the possibility that doing so could lead to further abuse. While Mitsubishi Electric is expected to release a fixed version of the firmware in the \"near future,\" it has published a [series of mitigations](<https://www.mitsubishielectric.com/en/psirt/vulnerability/index.html>) that are aimed at protecting the operational environments and stave off a possible attack.\n\nStating that it's currently [investigating](<https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-011_en.pdf>) the authentication bypass vulnerability concerning how sessions are managed, the company is recommending a combination of mitigation measures to minimize the risk of potential exploitation, including using a firewall to prevent unsanctioned access over the internet, an IP filter to restrict accessible IP addresses, and changing the passwords via USB.\n\n\"It's likely that the types of issues we uncovered affect the authentication of OT protocols from more than a single vendor, and we want to help protect as many systems as possible,\" the researchers noted. \"Our general concern is that asset owners might be overly reliant on the security of the authentication schemes bolted onto OT protocols, without knowing the technical details and the failure models of these implementations.\"\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "published": "2021-08-05T09:33:00", "modified": "2021-08-06T10:25:41", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "NONE", "baseScore": 6.4}, "severity": "MEDIUM", "exploitabilityScore": 10.0, "impactScore": 4.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL"}, "exploitabilityScore": 3.9, "impactScore": 5.2}, "href": "https://thehackernews.com/2021/08/unpatched-security-flaws-expose.html", "reporter": "The Hacker News", "references": [], "cvelist": ["CVE-2021-20594", "CVE-2021-20597", "CVE-2021-20598"], "immutableFields": [], "lastseen": "2022-05-09T12:39:16", "viewCount": 59, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-20594", "CVE-2021-20597", "CVE-2021-20598"]}, {"type": "ics", "idList": ["ICSA-21-250-01"]}, {"type": "nessus", "idList": ["TENABLE_OT_MITSUBISHI_CVE-2021-20594.NASL", "TENABLE_OT_MITSUBISHI_CVE-2021-20597.NASL", "TENABLE_OT_MITSUBISHI_CVE-2021-20598.NASL"]}], "rev": 4}, "score": {"value": 0.2, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2021-20594", "CVE-2021-20597", "CVE-2021-20598"]}, {"type": "nessus", "idList": ["TENABLE_OT_MITSUBISHI_CVE-2021-20594.NASL", "TENABLE_OT_MITSUBISHI_CVE-2021-20597.NASL"]}]}, "exploitation": null, "vulnersScore": 0.2}, "_state": {"dependencies": 1659909890, "score": 1659846169}, "_internal": {"score_hash": "ee60670b3c3d18875ea53b6e6cb55ce9"}}

{"ics": [{"lastseen": "2022-04-26T21:41:37", "description": "## 1\\. EXECUTIVE SUMMARY\n\n * **CVSS v3 7.4**\n * **ATTENTION:** Exploitable remotely\n * **Vendor: **Mitsubishi Electric Corporation\n * **Equipment:** MELSEC iQ-R Series CPU Module\n * **Vulnerabilities:** Exposure of Sensitive Information to an Unauthorized Actor, Insufficiently Protected Credentials, Overly Restrictive Account Lockout Mechanism\n\n## 2\\. RISK EVALUATION\n\nSuccessful exploitation of these vulnerabilities could allow a remote attacker unauthorized access to legitimate usernames, CPU module access, or the ability to deny access to legitimate users.\n\n## 3\\. TECHNICAL DETAILS\n\n### 3.1 AFFECTED PRODUCTS\n\nMitsubishi Electric reports these vulnerabilities affect the following MELSEC products:\n\n * R08/16/32/120SFCPU: All versions\n * R08/16/32/120PSFCPU: All versions\n\n### 3.2 VULNERABILITY OVERVIEW\n\n#### 3.2.1 [EXPOSURE OF SENSITIVE INFORMATION TO AN UNAUTHORIZED ACTOR CWE-200](<https://cwe.mitre.org/data/definitions/200.html>)\n\nA remote attacker can leverage a brute-force attack to acquire legitimate usernames registered in the module.\n\n[CVE-2021-20594](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20594>) has been assigned to this vulnerability. A CVSS v3 base score of 5.9 has been calculated; the CVSS vector string is ([AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N>)).\n\n#### 3.2.2 [INSUFFICIENTLY PROTECTED CREDENTIALS CWE-522](<https://cwe.mitre.org/data/definitions/522.html>)\n\nA remote attacker could obtain unprotected credentials by sniffing network traffic.\n\n[CVE-2021-20597](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20597>) has been assigned to this vulnerability. A CVSS v3 base score of 7.4 has been calculated; the CVSS vector string is ([AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N>)).\n\n#### 3.2.3 [OVERLY RESTRICTIVE ACCOUNT LOCKOUT MECHANISM CWE-645](<https://cwe.mitre.org/data/definitions/645.html>)\n\nA remote attacker could lock out a legitimate user by continually attempting to login with a known username and incorrect passwords.\n\n[CVE-2021-20598](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20598>) has been assigned to this vulnerability. A CVSS v3 base score of 3.7 has been calculated; the CVSS vector string is ([AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L>)).\n\n### 3.3 BACKGROUND\n\n * **CRITICAL INFRASTRUCTURE SECTORS:** Critical Manufacturing\n * **COUNTRIES/AREAS DEPLOYED: **Worldwide\n * **COMPANY HEADQUARTERS LOCATION: **Japan\n\n### 3.4 RESEARCHER\n\nIvan Speziale of Nozomi Networks Labs reported these vulnerabilities to CISA.\n\n## 4\\. MITIGATIONS\n\nMitsubishi Electric plans to release fixed versions of the firmware for [CVE-2021-20594](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20594>) and [CVE-2021-20597](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20597>) in the future.\n\nMitsubishi Electric recommends users take the following mitigation measures to minimize the risk of exploiting these vulnerabilities:\n\n * Use a firewall or virtual private network (VPN), etc. to prevent unauthorized access when Internet access is required.\n * Use within a LAN and block access from untrusted networks and hosts through firewalls.\n * Use the IP filter function* to restrict the accessible IP addresses.\n * Register user information or change the password via USB. If you have already registered user information or changed the user\u2019s password via the network, change the password once via USB. This mitigation is applicable to [CVE-2021-20597](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20597>)\n\n*[MELSEC iQ-R Ethernet User\u2019s Manual ](<https://www.mitsubishifa.co.th/files/dl/plc/sh081257eng/sh081257engs.pdf>)(Application) 1.13 Security \u201cIP filter\u201d\n\nAdditional information about these vulnerabilities or Mitsubishi Electric's compensating control is available by contacting a [Mitsubishi Electric representative](<https://www.mitsubishielectric.com/fa/support/index.html>).\n\nCISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:\n\n * Minimize network exposure for all control system devices and/or systems, and ensure that they are [not accessible from the Internet](<https://us-cert.cisa.gov/ics/alerts/ICS-ALERT-10-301-01>).\n * Locate control system networks and remote devices behind firewalls, and isolate them from the business network.\n\nCISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. \n \nCISA also provides a section for [control systems security recommended practices](<https://us-cert.cisa.gov/ics/recommended-practices>) on the ICS webpage on [us-cert.cisa.gov](<https://us-cert.cisa.gov/ics>). Several recommended practices are available for reading and download, including [Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies](<https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf>).\n\nAdditional mitigation guidance and recommended practices are publicly available on the [ICS webpage on us-cert.cisa.gov](<https://us-cert.cisa.gov/ics>) in the Technical Information Paper, [ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies](<https://us-cert.cisa.gov/ics/tips/ICS-TIP-12-146-01B>). \n \nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.\n\nCISA also recommends users take the following measures to protect themselves from social engineering attacks:\n\n * Do not click web links or open unsolicited attachments in email messages.\n * Refer to [Recognizing and Avoiding Email Scams](<https://us-cert.cisa.gov/sites/default/files/publications/emailscams_0905.pdf>) for more information on avoiding email scams.\n * Refer to [Avoiding Social Engineering and Phishing Attacks](<https://us-cert.cisa.gov/ncas/tips/ST04-014>) for more information on social engineering attacks.\n\nNo known public exploits specifically target these vulnerabilities. These vulnerabilities have a high attack complexity.\n\n## \nContact Information\n\nFor any questions related to this report, please contact the CISA at: \n \nEmail: [CISAservicedesk@cisa.dhs.gov](<mailto:cisaservicedesk@cisa.dhs.gov>) \nToll Free: 1-888-282-0870\n\nFor industrial control systems cybersecurity information: https://us-cert.cisa.gov/ics \nor incident reporting: https://us-cert.cisa.gov/report\n\nCISA continuously strives to improve its products and services. You can help by choosing one of the links below to provide feedback about this product.\n\nThis product is provided subject to this Notification and this [Privacy & Use](<https://www.dhs.gov/privacy-policy>) policy.\n\n**Please share your thoughts.**\n\nWe recently updated our anonymous [product survey](<https://www.surveymonkey.com/r/CISA-cyber-survey?product=https://us-cert.cisa.gov/ics/advisories/icsa-21-250-01>); we'd welcome your feedback.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2021-09-07T00:00:00", "type": "ics", "title": "Mitsubishi Electric MELSEC iQ-R Series", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-20594", "CVE-2021-20597", "CVE-2021-20598"], "modified": "2021-09-07T00:00:00", "id": "ICSA-21-250-01", "href": "https://www.us-cert.gov/ics/advisories/icsa-21-250-01", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}], "cve": [{"lastseen": "2022-03-23T13:17:52", "description": "Insufficiently Protected Credentials vulnerability in Mitsubishi Electric MELSEC iQ-R series CPU modules (R08/16/32/120SFCPU all versions, R08/16/32/120PSFCPU all versions) allows a remote unauthenticated attacker to login to the target unauthorizedly by sniffing network traffic and obtaining credentials when registering user information in the target or changing a password.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2021-08-06T17:15:00", "type": "cve", "title": "CVE-2021-20597", "cwe": ["CWE-522"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-20597"], "modified": "2021-08-27T13:10:00", "cpe": ["cpe:/o:mitsubishielectric:r32sfcpu_firmware:*", "cpe:/o:mitsubishielectric:r16sfcpu_firmware:*", "cpe:/o:mitsubishielectric:r120psfcpu_firmware:*", "cpe:/o:mitsubishielectric:r16psfcpu_firmware:*", "cpe:/o:mitsubishielectric:r08sfcpu_firmware:*", "cpe:/o:mitsubishielectric:r08psfcpu_firmware:*", "cpe:/o:mitsubishielectric:r32psfcpu_firmware:*", "cpe:/o:mitsubishielectric:r120sfcpu_firmware:*"], "id": "CVE-2021-20597", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20597", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}, "cpe23": ["cpe:2.3:o:mitsubishielectric:r16sfcpu_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:mitsubishielectric:r32psfcpu_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:mitsubishielectric:r08psfcpu_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:mitsubishielectric:r32sfcpu_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:mitsubishielectric:r16psfcpu_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:mitsubishielectric:r120psfcpu_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:mitsubishielectric:r120sfcpu_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:mitsubishielectric:r08sfcpu_firmware:*:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T13:17:54", "description": "Overly Restrictive Account Lockout Mechanism vulnerability in Mitsubishi Electric MELSEC iQ-R series CPU modules (R08/16/32/120SFCPU all versions, R08/16/32/120PSFCPU all versions) allows a remote unauthenticated attacker to lockout a legitimate user by continuously trying login with incorrect password.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2021-08-06T17:15:00", "type": "cve", "title": "CVE-2021-20598", "cwe": ["CWE-287"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-20598"], "modified": "2021-08-27T13:10:00", "cpe": ["cpe:/o:mitsubishielectric:r32sfcpu_firmware:*", "cpe:/o:mitsubishielectric:r16sfcpu_firmware:*", "cpe:/o:mitsubishielectric:r120psfcpu_firmware:*", "cpe:/o:mitsubishielectric:r16psfcpu_firmware:*", "cpe:/o:mitsubishielectric:r08sfcpu_firmware:*", "cpe:/o:mitsubishielectric:r08psfcpu_firmware:*", "cpe:/o:mitsubishielectric:r32psfcpu_firmware:*", "cpe:/o:mitsubishielectric:r120sfcpu_firmware:*"], "id": "CVE-2021-20598", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20598", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:mitsubishielectric:r16sfcpu_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:mitsubishielectric:r32psfcpu_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:mitsubishielectric:r08psfcpu_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:mitsubishielectric:r32sfcpu_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:mitsubishielectric:r16psfcpu_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:mitsubishielectric:r120psfcpu_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:mitsubishielectric:r120sfcpu_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:mitsubishielectric:r08sfcpu_firmware:*:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T13:17:47", "description": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Mitsubishi Electric MELSEC iQ-R series CPU modules (R08/16/32/120SFCPU all versions, R08/16/32/120PSFCPU all versions) allows a remote unauthenticated attacker to acquire legitimate user names registered in the module via brute-force attack on user names.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-08-06T17:15:00", "type": "cve", "title": "CVE-2021-20594", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-20594"], "modified": "2021-08-27T13:13:00", "cpe": ["cpe:/o:mitsubishielectric:r32sfcpu_firmware:*", "cpe:/o:mitsubishielectric:r16sfcpu_firmware:*", "cpe:/o:mitsubishielectric:r120psfcpu_firmware:*", "cpe:/o:mitsubishielectric:r16psfcpu_firmware:*", "cpe:/o:mitsubishielectric:r08sfcpu_firmware:*", "cpe:/o:mitsubishielectric:r08psfcpu_firmware:*", "cpe:/o:mitsubishielectric:r32psfcpu_firmware:*", "cpe:/o:mitsubishielectric:r120sfcpu_firmware:*"], "id": "CVE-2021-20594", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20594", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:mitsubishielectric:r16sfcpu_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:mitsubishielectric:r32psfcpu_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:mitsubishielectric:r08psfcpu_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:mitsubishielectric:r32sfcpu_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:mitsubishielectric:r16psfcpu_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:mitsubishielectric:r120psfcpu_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:mitsubishielectric:r120sfcpu_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:mitsubishielectric:r08sfcpu_firmware:*:*:*:*:*:*:*:*"]}], "nessus": [{"lastseen": "2022-02-10T00:00:00", "description": "Insufficiently Protected Credentials vulnerability in Mitsubishi Electric MELSEC iQ-R series CPU modules (R08/16/32/120SFCPU all versions, R08/16/32/120PSFCPU all versions) allows a remote unauthenticated attacker to login to the target unauthorizedly by sniffing network traffic and obtaining credentials when registering user information in the target or changing a password. \n\nThis plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information.", "cvss3": {"score": 9.1, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"}, "published": "2022-02-07T00:00:00", "type": "nessus", "title": "Mitsubishi (CVE-2021-20597)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-20597"], "modified": "2022-02-07T00:00:00", "cpe": ["cpe:/o:mitsubishielectric:r08sfcpu_firmware", "cpe:/o:mitsubishielectric:r16sfcpu_firmware", "cpe:/o:mitsubishielectric:r32sfcpu_firmware", "cpe:/o:mitsubishielectric:r120sfcpu_firmware", "cpe:/o:mitsubishielectric:r08psfcpu_firmware", "cpe:/o:mitsubishielectric:r16psfcpu_firmware", "cpe:/o:mitsubishielectric:r32psfcpu_firmware", "cpe:/o:mitsubishielectric:r120psfcpu_firmware"], "id": "TENABLE_OT_MITSUBISHI_CVE-2021-20597.NASL", "href": "https://www.tenable.com/plugins/ot/500550", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(500550);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/02/07\");\n\n script_cve_id(\"CVE-2021-20597\");\n\n script_name(english:\"Mitsubishi (CVE-2021-20597)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote OT asset is affected by a vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"Insufficiently Protected Credentials vulnerability in Mitsubishi Electric MELSEC iQ-R series CPU modules\n(R08/16/32/120SFCPU all versions, R08/16/32/120PSFCPU all versions) allows a remote unauthenticated attacker to login to\nthe target unauthorizedly by sniffing network traffic and obtaining credentials when registering user information in the\ntarget or changing a password. \n\nThis plugin only works with Tenable.ot. Please visit\nhttps://www.tenable.com/products/tenable-ot for more information.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://jvn.jp/vu/JVNVU98578731/index.html\");\n # https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-009_en.pdf\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?793f9b44\");\n script_set_attribute(attribute:\"solution\", value:\n\"Refer to the vendor advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-20597\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_cwe_id(522);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/08/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/08/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mitsubishielectric:r08sfcpu_firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mitsubishielectric:r16sfcpu_firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mitsubishielectric:r32sfcpu_firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mitsubishielectric:r120sfcpu_firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mitsubishielectric:r08psfcpu_firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mitsubishielectric:r16psfcpu_firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mitsubishielectric:r32psfcpu_firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mitsubishielectric:r120psfcpu_firmware\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Tenable.ot\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"tenable_ot_api_integration.nasl\");\n script_require_keys(\"Tenable.ot/Mitsubishi\");\n\n exit(0);\n}\n\n\ninclude('tenable_ot_cve_funcs.inc');\n\nget_kb_item_or_exit('Tenable.ot/Mitsubishi');\n\nvar asset = tenable_ot::assets::get(vendor:'Mitsubishi');\n\nvar vuln_cpes = {\n \"cpe:/o:mitsubishielectric:r08sfcpu_firmware\" : {},\n \"cpe:/o:mitsubishielectric:r16sfcpu_firmware\" : {},\n \"cpe:/o:mitsubishielectric:r32sfcpu_firmware\" : {},\n \"cpe:/o:mitsubishielectric:r120sfcpu_firmware\" : {},\n \"cpe:/o:mitsubishielectric:r08psfcpu_firmware\" : {},\n \"cpe:/o:mitsubishielectric:r16psfcpu_firmware\" : {},\n \"cpe:/o:mitsubishielectric:r32psfcpu_firmware\" : {},\n \"cpe:/o:mitsubishielectric:r120psfcpu_firmware\" : {}\n};\n\ntenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_WARNING);\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-06-15T16:53:40", "description": "Overly Restrictive Account Lockout Mechanism vulnerability in Mitsubishi Electric MELSEC iQ-R series CPU modules (R08/16/32/120SFCPU all versions, R08/16/32/120PSFCPU all versions) allows a remote unauthenticated attacker to lockout a legitimate user by continuously trying login with incorrect password. \n\nThis plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information.", "cvss3": {"score": 5.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "published": "2022-02-07T00:00:00", "type": "nessus", "title": "Mitsubishi (CVE-2021-20598)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-20598"], "modified": "2022-02-07T00:00:00", "cpe": ["cpe:/o:mitsubishielectric:r08sfcpu_firmware", "cpe:/o:mitsubishielectric:r16sfcpu_firmware", "cpe:/o:mitsubishielectric:r32sfcpu_firmware", "cpe:/o:mitsubishielectric:r120sfcpu_firmware", "cpe:/o:mitsubishielectric:r08psfcpu_firmware", "cpe:/o:mitsubishielectric:r16psfcpu_firmware", "cpe:/o:mitsubishielectric:r32psfcpu_firmware", "cpe:/o:mitsubishielectric:r120psfcpu_firmware"], "id": "TENABLE_OT_MITSUBISHI_CVE-2021-20598.NASL", "href": "https://www.tenable.com/plugins/ot/500494", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(500494);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/02/07\");\n\n script_cve_id(\"CVE-2021-20598\");\n\n script_name(english:\"Mitsubishi (CVE-2021-20598)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote OT asset is affected by a vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"Overly Restrictive Account Lockout Mechanism vulnerability in Mitsubishi Electric MELSEC iQ-R series CPU modules\n(R08/16/32/120SFCPU all versions, R08/16/32/120PSFCPU all versions) allows a remote unauthenticated attacker to lockout\na legitimate user by continuously trying login with incorrect password. \n\nThis plugin only works with Tenable.ot. Please\nvisit https://www.tenable.com/products/tenable-ot for more information.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://jvn.jp/vu/JVNVU98578731/index.html\");\n # https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-010_en.pdf\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0ae413cb\");\n script_set_attribute(attribute:\"solution\", value:\n\"Refer to the vendor advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-20598\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_cwe_id(287);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/08/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/08/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mitsubishielectric:r08sfcpu_firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mitsubishielectric:r16sfcpu_firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mitsubishielectric:r32sfcpu_firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mitsubishielectric:r120sfcpu_firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mitsubishielectric:r08psfcpu_firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mitsubishielectric:r16psfcpu_firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mitsubishielectric:r32psfcpu_firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mitsubishielectric:r120psfcpu_firmware\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Tenable.ot\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"tenable_ot_api_integration.nasl\");\n script_require_keys(\"Tenable.ot/Mitsubishi\");\n\n exit(0);\n}\n\n\ninclude('tenable_ot_cve_funcs.inc');\n\nget_kb_item_or_exit('Tenable.ot/Mitsubishi');\n\nvar asset = tenable_ot::assets::get(vendor:'Mitsubishi');\n\nvar vuln_cpes = {\n \"cpe:/o:mitsubishielectric:r08sfcpu_firmware\" : {},\n \"cpe:/o:mitsubishielectric:r16sfcpu_firmware\" : {},\n \"cpe:/o:mitsubishielectric:r32sfcpu_firmware\" : {},\n \"cpe:/o:mitsubishielectric:r120sfcpu_firmware\" : {},\n \"cpe:/o:mitsubishielectric:r08psfcpu_firmware\" : {},\n \"cpe:/o:mitsubishielectric:r16psfcpu_firmware\" : {},\n \"cpe:/o:mitsubishielectric:r32psfcpu_firmware\" : {},\n \"cpe:/o:mitsubishielectric:r120psfcpu_firmware\" : {}\n};\n\ntenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_WARNING);\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-02-28T11:51:41", "description": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Mitsubishi Electric MELSEC iQ-R series CPU modules (R08/16/32/120SFCPU all versions, R08/16/32/120PSFCPU all versions) allows a remote unauthenticated attacker to acquire legitimate user names registered in the module via brute-force attack on user names. \n\nThis plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2022-02-07T00:00:00", "type": "nessus", "title": "Mitsubishi (CVE-2021-20594)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-20594"], "modified": "2022-02-07T00:00:00", "cpe": ["cpe:/o:mitsubishielectric:r08sfcpu_firmware", "cpe:/o:mitsubishielectric:r16sfcpu_firmware", "cpe:/o:mitsubishielectric:r32sfcpu_firmware", "cpe:/o:mitsubishielectric:r120sfcpu_firmware", "cpe:/o:mitsubishielectric:r08psfcpu_firmware", "cpe:/o:mitsubishielectric:r16psfcpu_firmware", "cpe:/o:mitsubishielectric:r32psfcpu_firmware", "cpe:/o:mitsubishielectric:r120psfcpu_firmware"], "id": "TENABLE_OT_MITSUBISHI_CVE-2021-20594.NASL", "href": "https://www.tenable.com/plugins/ot/500576", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(500576);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/02/07\");\n\n script_cve_id(\"CVE-2021-20594\");\n\n script_name(english:\"Mitsubishi (CVE-2021-20594)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote OT asset is affected by a vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Mitsubishi Electric MELSEC iQ-R series CPU\nmodules (R08/16/32/120SFCPU all versions, R08/16/32/120PSFCPU all versions) allows a remote unauthenticated attacker to\nacquire legitimate user names registered in the module via brute-force attack on user names. \n\nThis plugin only works\nwith Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://jvn.jp/vu/JVNVU98578731/index.html\");\n # https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-008_en.pdf\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0e175364\");\n script_set_attribute(attribute:\"solution\", value:\n\"Refer to the vendor advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-20594\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_cwe_id(200);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/08/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/08/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mitsubishielectric:r08sfcpu_firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mitsubishielectric:r16sfcpu_firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mitsubishielectric:r32sfcpu_firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mitsubishielectric:r120sfcpu_firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mitsubishielectric:r08psfcpu_firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mitsubishielectric:r16psfcpu_firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mitsubishielectric:r32psfcpu_firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mitsubishielectric:r120psfcpu_firmware\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Tenable.ot\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"tenable_ot_api_integration.nasl\");\n script_require_keys(\"Tenable.ot/Mitsubishi\");\n\n exit(0);\n}\n\n\ninclude('tenable_ot_cve_funcs.inc');\n\nget_kb_item_or_exit('Tenable.ot/Mitsubishi');\n\nvar asset = tenable_ot::assets::get(vendor:'Mitsubishi');\n\nvar vuln_cpes = {\n \"cpe:/o:mitsubishielectric:r08sfcpu_firmware\" : {},\n \"cpe:/o:mitsubishielectric:r16sfcpu_firmware\" : {},\n \"cpe:/o:mitsubishielectric:r32sfcpu_firmware\" : {},\n \"cpe:/o:mitsubishielectric:r120sfcpu_firmware\" : {},\n \"cpe:/o:mitsubishielectric:r08psfcpu_firmware\" : {},\n \"cpe:/o:mitsubishielectric:r16psfcpu_firmware\" : {},\n \"cpe:/o:mitsubishielectric:r32psfcpu_firmware\" : {},\n \"cpe:/o:mitsubishielectric:r120psfcpu_firmware\" : {}\n};\n\ntenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_WARNING);\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}]}

Unpatched Security Flaws Expose Mitsubishi Safety PLCs to Remote Attacks

Description

Related