ICSA-23-061-01
·
Published 2023-06-20
·
View on CISA ICS-CERT ↗
Mitsubishi Electric MELSEC iQ-F Series
CVSS 7.5
HIGH
Risk Summary
Successful exploitation of this vulnerability could allow an unauthenticated malicious actor to login to a file transfer protocol (FTP) server or web server by obtaining plaintext credentials stored in project files.
CVEs (1)
Remediations
- Mitsubishi Electric recommends users take the following mitigation measures to minimize the risk of a malicious actor exploiting this vulnerability:
- Encrypt the communication data or project files when sending and receiving or sharing these files.
- Use a firewall or virtual private network (VPN), etc. to prevent unauthorized access when internet access is required.
- Use product(s) within a local area network (LAN) and block access from untrusted networks and hosts using firewalls.
- Use the IP filter function to block access from untrusted hosts.
- For details regarding the IP filter function, users can refer to "12.1 IP Filter Function" in the MELSEC iQ-F FX5 User's Manual (Ethernet Communication).
- Restrict physical access to affected products.
- For specific update instructions and additional details, see the Mitsubishi Electric advisory.
Affected Vendors
Mitsubishi Electric
Affected Products (5)
Mitsubishi Electric
·
All models of FX5U(C) CPU modules
vers:all/*
Mitsubishi Electric
·
All models of FX5UJ CPU modules
vers:all/*
Mitsubishi Electric
·
All models FX5S CPU modules
vers:all/*
Mitsubishi Electric
·
FX5-ENET
vers:all/*
Mitsubishi Electric
·
FX5-ENET/IP
vers:all/*
Affected Sectors
Critical Manufacturing
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more