Multiple vulnerabilities in Mitsubishi Electric MELSEC-Q Series Ethernet Interface Module
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2016-8370 CVE-2016-8368 |
| CWE-ID | CWE-327 CWE-20 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #2 is available. |
| Vulnerable software Subscribe |
MELSEC-Q QJ71E71-B2 Hardware solutions / Routers & switches, VoIP, GSM, etc MELSEC-Q QJ71E71-B5 Hardware solutions / Routers & switches, VoIP, GSM, etc MELSEC-Q QJ71E71-100 Hardware solutions / Routers & switches, VoIP, GSM, etc |
| Vendor | Mitsubishi Electric |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Use of a broken or risky cryptographic algorithm
EUVDB-ID: #VU18547
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-8370
CWE-ID:
CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists due to usage of weak cryptographic algorithms. A remote attacker with ability to perform a man-on-the-middle attack can decrypt communication between client and PLC device.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMELSEC-Q QJ71E71-B2: All versions
MELSEC-Q QJ71E71-B5: All versions
MELSEC-Q QJ71E71-100: before 18072
External linkshttp://ics-cert.us-cert.gov/advisories/ICSA-16-336-03
http://www.mitsubishielectric.com/fa/document/technews/plc/fa-a-0230/faa0230.pdf
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Input validation error
EUVDB-ID: #VU18548
Risk: Medium
CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2016-8368
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to connect to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can send specially crafted packets to the PLC via port 5002/TCP and cause a denial of service, requiring the PLC to be reset to resume operation.
MitigationInstall update from vendor's website.
Vulnerable software versionsMELSEC-Q QJ71E71-B2: All versions
MELSEC-Q QJ71E71-B5: All versions
MELSEC-Q QJ71E71-100: before 18072
External linkshttp://ics-cert.us-cert.gov/advisories/ICSA-16-336-03
http://www.mitsubishielectric.com/fa/document/technews/plc/fa-a-0230/faa0230.pdf
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
