Mitsubishi Fixes MELSEC-Q Series PLCs

Tuesday, January 29, 2019 @ 06:01 PM gHale

Mitsubishi Electric has new firmware to handle a resource exhaustion vulnerability in its MELSEC-Q series PLCs, according to a report with NCCIC.

Successful exploitation of this remotely exploitable vulnerability, discovered by Tri Quach of Amazon’s Customer Fulfillment Technology Security (CFTS) group, could allow a remote attacker to send specially crafted packets to the device, causing Ethernet communication to stop.

RELATED STORIES
BD has Mitigation Plan for FACSLyric Hole
Stryker Updates Medical Bed Software
Phoenix Contact Clears Switch Holes
Advantech Mitigates WebAccess/SCADA Holes

The following MELSEC-Q series PLCs suffer from the issue:
• Q03/04/06/13/26UDVCPU: serial number 20081 and prior
• Q04/06/13/26UDPVCPU: serial number 20081 and prior
• Q03UDECPU, Q04/06/10/13/20/26/50/100UDEHCPU: Serial number 20101 and prior

In the vulnerability, a remote attacker can send specific bytes over Port 5007 that will result in an Ethernet stack crash.

CVE-2019-6535 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.5.

The product sees use mainly in the critical manufacturing sector, however, it does see action on a global basis.

No known public exploits specifically target this vulnerability. However, an attacker with low skill level could leverage the vulnerability.

Japan-based Mitsubishi Electric has produced a new version of the firmware. Additional information about this vulnerability or Mitsubishi electric’s compensating control is available by contacting a local Mitsubishi Electric representative.

Mitsubishi Electric recommends users should operate the affected device behind a firewall.



Leave a Reply

You must be logged in to post a comment.