← Back to home
ICSA-23-306-02  ·  Published 2024-02-15  ·  View on CISA ICS-CERT ↗

Mitsubishi Electric MELSEC iQ-F/iQ-R Series CPU Module (Update A)

CVSS 5.3 MEDIUM

Risk Summary

Successful exploitation of this vulnerability could allow a remote attacker to prevent legitimate users from logging into the web server function for a certain period, resulting in a denial-of-service condition. The impact of this vulnerability will persist while the attacker continues to attempt the attack.

CVEs (1)

Remediations

  • Mitsubishi Electric recommends that users take the following mitigation measures to minimize the risk:
  • Use a firewall or virtual private network (VPN), etc. to prevent unauthorized access when Internet access is required.
  • Use within a LAN and block access from untrusted networks and hosts through firewalls.
  • Use IP filter function to block access from untrusted hosts. For details on the IP filter function, following manual for each product; "12.1 IP Filter Function" in the MELSEC iQ-F FX5 User's Manual (Ethernet Communication), "1.13 Security" – "IP Filter" in the MELSEC iQ-R Ethernet User's Manual (Application).
  • Restrict physical access to the affected products and the LAN that is connected by them.
  • For additional information refer to Mitsubishi Electric's security bulletin 2023-014_en.

Affected Vendors

Mitsubishi Electric

Affected Products (11)

Mitsubishi Electric · FX5U-xMy/z x=32,64,80, y=T,R, z=ES,DS,ESS,DSS (Serial number 17X**** and later) vers:all/*
Mitsubishi Electric · FX5U-xMy/z x=32,64,80, y=T,R, z=ES,DS,ESS,DSS (Serial number 179**** and prior) >=1.060
Mitsubishi Electric · FX5UC-xMy/z x=32,64,96, y=T, z=D,DSS (Serial number 17X**** and later) vers:all/*
Mitsubishi Electric · FX5UC-xMy/z x=32,64,96, y=T, z=D,DSS (Serial number 179**** and prior) >=1.060
Mitsubishi Electric · FX5UC-32MT/DS-TS, FX5UC-32MT/DSS-TS, FX5UC-32MR/DS-TS vers:all/*
Mitsubishi Electric · FX5UJ-xMy/z x=24,40,60, y=T,R, z=ES,DS,ESS,DSS vers:all/*
Mitsubishi Electric · FX5UJ-xMy/ES-A* x=24,40,60, y=T,R vers:all/*
Mitsubishi Electric · FX5S-xMy/z x=30,40,60,80*, y=T,R, z=ES,ESS vers:all/*
Mitsubishi Electric · R00/01/02CPU >=05
Mitsubishi Electric · R04/08/16/32/120(EN)CPU >=35
Mitsubishi Electric · R08/16/32/120/PCPU >=37

Affected Sectors

Critical Manufacturing

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more