Two DoS vulnerabilities eliminated from Mitsubishi industrial controllers

Mitsubishi eliminated the vulnerabilities in a firmware update

Positive Technologies analyst Anton Dorfman discovered two DoS vulnerabilities in Mitsubishi MELSEC iQ-F controllers, which are widely used in a diverse range of applications including food production, manufacturing, building automation, shipping, water management, and many others.

Mitsubishi is the third largest manufacturer of industrial controllers, with more than 17 million PLC1 units sold to date.

The vulnerabilities were discovered in the MELSEC iQ-F controllers FX5S, FX5U, FX5UC, and FX5UJ. According to Vladimir Nazarov, Head of Industrial Systems Security at Positive Technologies, "An attacker could remotely induce denial of service by sending specially crafted packets to the controllers. Such an attack would disrupt manufacturing processes or bring them to a complete standstill for an extended period of time. The latter outcome would be considered a major incident for most manufacturers, and restarting production in some cases could be a costly procedure.

With a CVSS v3.1 score of 8.6, CVE-2022-25161 is the most dangerous of the two vulnerabilities. It allows an attacker to read and write outside the bounds of allocated memory. Writing random values in this manner causes an integer overflow which shuts the device down. The second vulnerability (CVE-2022-25162, CVSS v3.1 score 5.3) is considered less severe, as an affected controller can recover without restarting and other system components are not affected.

Mitsubishi released a firmware update to eliminate the vulnerabilities and published a security advisory. The advisory recommends using firewalls or VPN to mitigate risks in situations where internet access is required. It also recommends the use of an IP filter to restrict incoming connections to the controllers and block access from untrusted networks or hosts.

Vladimir Nazarov advocates additional measures to boost security: "We recommend employing a cyberrange such as The Standoff 365 to analyze the security of industrial systems and test their vulnerability to attack without risk of disrupting production."

Mitsubishi expressed its gratitude to Anton Dorfman for discovering the vulnerabilities.Positive Technologies previously found multiple vulnerabilities in Mitsubishi PLCs that could potentially lead to the compromise of automation systems networks.

  1. Programmable logic controller