Mitsubishi Electric MELSEC iQ-F FX5-OPC

Risk Summary

Successful exploitation of this vulnerability could allow a remote attacker to cause a denial-of service condition on the product by getting a legitimate user to import a specially crafted PKCS#12 format certificate.

CVEs (1)

Remediations

• Mitsubishi Electric recommends that customers take the following mitigations to minimize the risk of exploiting this vulnerability:
• Use within a LAN and block access from untrusted networks and hosts through firewalls.
• Restrict physical access to the product, as well as to computers and network devices located within the same network as the product.
• Use a firewall or virtual private network (VPN), etc. to prevent unauthorized access when Internet access is required.
• Use IP filter function to block access from untrusted hosts. For details on the IP filter function, please refer to the following manual. MELSEC iQ-F FX5 OPC UA Module User's Manual "4.4 IP Filter"
• Do not import untrusted certificates.
• For additional details, see Mitsubishi Electric advisory

Affected Vendors

Affected Products (1)

Affected Sectors

Critical Manufacturing