← Back to home
ICSA-23-017-02  ·  Published 2023-01-27  ·  View on CISA ICS-CERT ↗

Mitsubishi Electric MELSEC iQ-F, iQ-R Series

CVSS 5.9 MEDIUM

Risk Summary

Successful exploitation of this vulnerability could allow an attacker to access the WEB server function by guessing the random numbers used for authentication.

CVEs (1)

Remediations

  • MELSEC iQ-F Series with serial number 17X**** or later: FX5U-xMy/z x=32,64,80, y=T,R, z=ES,DS,ESS,DSS: Update to v1.281 or later FX5UC-xMy/z x=32,64,96 y=T, z=D,DSS: Update to v1.281 or later
  • FX5U-xMy/z x=32,64,80, y=T,R, z=ES,DS,ESS,DSS: Update to v1.281 or later
  • FX5UC-xMy/z x=32,64,96 y=T, z=D,DSS: Update to v1.281 or later
  • MELSEC iQ-F Series with serial number 179**** and prior: FX5U-xMy/z x=32,64,80, y=T,R, z=ES,DS,ESS,DSS: Update to v1.075 or later FX5UC-xMy/z x=32,64,96 y=T, z=D,DSS: Update to v1.075 or later
  • FX5U-xMy/z x=32,64,80, y=T,R, z=ES,DS,ESS,DSS: Update to v1.075 or later
  • FX5UC-xMy/z x=32,64,96 y=T, z=D,DSS: Update to v1.075 or later
  • MELSEC iQ-F Series FX5UC-32MT/DS-TS, FX5UC-32MT/DSS-TS, FX5UC-32MR/DS-TS: Update to v1.281 or later
  • FX5UJ-xMy/z x=24,40,60, y=T,R, z=ES,ESS: Update to v1.044 or later
  • FX5UJ-xMy/ES-A* x=24,40,60, y=T,R: Update to v1.045 or later
  • FX5S-xMy/z* x=30,40,60,80, y=T,R, z=ES,ESS: Update to v1.004 or later
  • Note: These products are available in limited regions. For how to get the fixed version, users should contact Mitsubishi Electric.
  • "5 FIRMWARE UPDATE FUNCTION" in the MELSEC iQ-F FX5 User's Manual (Application)
  • Use a firewall or virtual private network (VPN), etc. to prevent unauthorized access when internet access is required.
  • Use products inside a local area network (LAN) and block access from untrusted networks and hosts through firewalls.
  • Use the IP filter function* to block access from untrusted hosts. For details on the IP filter function, refer to the manuals for each product: "12.1 IP Filter Function" in the MELSEC iQ-F FX5 User's Manual (Ethernet Communication) "1.13 Security" - "IP filter" in the MELSEC iQ-R Ethernet User's Manual (Application)
  • "12.1 IP Filter Function" in the MELSEC iQ-F FX5 User's Manual (Ethernet Communication)
  • "1.13 Security" - "IP filter" in the MELSEC iQ-R Ethernet User's Manual (Application)

Affected Vendors

Mitsubishi Electric

Affected Products (10)

Mitsubishi Electric · FX5U-xMy/z x=32,64,80, y=T,R, z=ES,DS,ESS,DSS <= 1.280
Mitsubishi Electric · FX5UC-xMy/z x=32,64,96 y=T, z=D,DSS <= 1.280
Mitsubishi Electric · FX5U-xMy/z x=32,64,80, y=T,R, z=ES,DS,ESS,DSS <= 1.074
Mitsubishi Electric · FX5UC-xMy/z x=32,64,96 y=T, z=D,DSS <= 1.074
Mitsubishi Electric · MELSEC iQ-F Series FX5UC-32MT/DS-TS, FX5UC-32MT/DSS-TS, FX5UC-32MR/DS-TS <= 1.280
Mitsubishi Electric · FX5UJ-xMy/z x=24,40,60, y=T,R, z=ES,ESS <= 1.042
Mitsubishi Electric · FX5UJ-xMy/ES-A* x=24,40,60, y=T,R <= 1.043
Mitsubishi Electric · FX5S-xMy/z* x=30,40,60,80, y=T,R, z=ES,ESS <= 1.003
Mitsubishi Electric · MELSEC iQ-R Series R00/01/02CPU <= 33
Mitsubishi Electric · MELSEC iQ-R Series R04/08/16/32/120(EN)CPU <= 66

Affected Sectors

Critical Manufacturing

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more