1. EXECUTIVE SUMMARY
- CVSS v3 9.1
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Mitsubishi Electric Corporation
- Equipment: MELSEC Series
- Vulnerability: Insufficient Verification of Data Authenticity
2. RISK EVALUATION
Successful exploitation of this vulnerability may allow a remote attacker to reset the memory of the products to factory default state and cause a denial-of-service condition.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
Mitsubishi Electric reports that the following versions of MELSEC-F series programmable controllers are affected if they are used with ethernet communication special adapter FX3U-ENET-ADP or ethernet communication block FX3U-ENET(-L) with the exception of “FX3GE-xMy/z x=24,40, y=T,R, z=ES,ESS,DS,DSS”. Some of these products are sold in limited regions, see the Mitsubishi Electric advisory for details:
- MELSEC-F series FX3U-xMy/z x=16,32,48,64,80,128, y=T,R, z=ES,ESS,DS,DSS: All versions
- MELSEC-F series FX3U-32MR/UA1, FX3U-64MR/UA1: All versions
- MELSEC-F series FX3U-32MS/ES, FX3U-64MS/ES: All versions
- MELSEC-F series FX3U-xMy/ES-A x=16,32,48,64,80,128, y=T,R: All versions
- MELSEC-F series FX3UC-xMT/z x=16,32,64,96, z=D,DSS: All versions
- MELSEC-F series FX3UC-16MR/D-T, FX3UC-16MR/DS-T: All versions
- MELSEC-F series FX3UC-32MT-LT, FX3UC-32MT-LT-2: All versions
- MELSEC-F series FX3UC-16MT/D-P4, FX3UC-16MT/DSS-P4: All versions
- MELSEC-F series FX3G-xMy/z x=14,24,40,60, y=T,R, z=ES,ESS,DS,DSS: All versions
- MELSEC-F series FX3G-xMy/ES-A x=14,24,40,60, y=T,R: All versions
- MELSEC-F series FX3GC-32MT/D, FX3GC-32MT/DSS: All versions
- MELSEC-F series FX3GE-xMy/z x=24,40, y=T,R, z=ES,ESS,DS,DSS: All versions
- MELSEC-F series FX3GA-xMy-CM x=24,40,60, y=T,R: All versions
- MELSEC-F series FX3S-xMy/z x=10,14,20,30, y=T,R, z=ES,ESS,DS,DSS: All versions
- MELSEC-F series FX3S-30My/z-2AD y=T,R, z=ES,ESS: All versions Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from All CISA Advisories
Read the original article: