Multiple vulnerabilities in Mitsubishi Electric MELSEC iQ-R



Published: 2020-11-02
Risk High
Patch available YES
Number of vulnerabilities 6
CVE-ID CVE-2020-5653
CVE-2020-5654
CVE-2020-5655
CVE-2020-5656
CVE-2020-5657
CVE-2020-5658
CWE-ID CWE-119
CWE-384
CWE-476
CWE-284
CWE-88
CWE-399
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe 		MELSEC iQ-R EtherNet/IP Network Interface Module
Hardware solutions / Firmware

MELSEC iQ-R PROFINET IO Controller Module
Hardware solutions / Firmware

MELSEC iQ-R High Speed Data Logger Module
Hardware solutions / Firmware

MELSEC iQ-R MES Interface Module
Hardware solutions / Firmware

MELSEC iQ-R OPC UA Server Module
Hardware solutions / Firmware

Vendor Mitsubishi Electric

Security Bulletin

This security bulletin contains information about 6 vulnerabilities.

1) Buffer overflow

EUVDB-ID: #VU48070

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-5653

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error. A remote attacker can send a specially crafted packet, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

This vulnerability affects the following modules of MELSEC iQ-R Series: 

  • EtherNet/IP Network Interface Module, RJ71EIP91: First 2 digits of serial number are 02 or before.
  • PROFINET IO Controller Module, RJ71PN92: First 2 digits of serial number are 01 or before
  • High Speed Data Logger Module,RD81DL96: First 2 digits of serial number are 08 or before
  • MES Interface Module, RD81MES96N: First 2 digits of serial number are 04 or before
  • OPC UA Server Module, RD81OPC96: First 2 digits of serial number are 04 or before 

Mitigation

Install updates from vendor's website.

Vulnerable software versions

MELSEC iQ-R EtherNet/IP Network Interface Module: 02

MELSEC iQ-R PROFINET IO Controller Module: 01

MELSEC iQ-R High Speed Data Logger Module: 08

MELSEC iQ-R MES Interface Module: 04

MELSEC iQ-R OPC UA Server Module: 04

External links

http://ics-cert.us-cert.gov/advisories/icsa-20-303-02
http://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Session Fixation

EUVDB-ID: #VU48071

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-5654

CWE-ID: CWE-384 - Session Fixation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to the session invalidation issue. A remote attacker can send a specially crafted packet and cause a denial of service condition on the target system.

This vulnerability affects the following modules of MELSEC iQ-R Series: 

  • EtherNet/IP Network Interface Module, RJ71EIP91: First 2 digits of serial number are 02 or before.
  • PROFINET IO Controller Module, RJ71PN92: First 2 digits of serial number are 01 or before
  • High Speed Data Logger Module,RD81DL96: First 2 digits of serial number are 08 or before
  • MES Interface Module, RD81MES96N: First 2 digits of serial number are 04 or before
  • OPC UA Server Module, RD81OPC96: First 2 digits of serial number are 04 or before 

Mitigation

Install updates from vendor's website.

Vulnerable software versions

MELSEC iQ-R EtherNet/IP Network Interface Module: 02

MELSEC iQ-R PROFINET IO Controller Module: 01

MELSEC iQ-R High Speed Data Logger Module: 08

MELSEC iQ-R MES Interface Module: 04

MELSEC iQ-R OPC UA Server Module: 04

External links

http://ics-cert.us-cert.gov/advisories/icsa-20-303-02
http://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) NULL Pointer Dereference

EUVDB-ID: #VU48074

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-5655

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.

This vulnerability affects the following modules of MELSEC iQ-R Series: 

  • EtherNet/IP Network Interface Module, RJ71EIP91: First 2 digits of serial number are 02 or before.
  • PROFINET IO Controller Module, RJ71PN92: First 2 digits of serial number are 01 or before
  • High Speed Data Logger Module,RD81DL96: First 2 digits of serial number are 08 or before
  • MES Interface Module, RD81MES96N: First 2 digits of serial number are 04 or before
  • OPC UA Server Module, RD81OPC96: First 2 digits of serial number are 04 or before 

Mitigation

Install updates from vendor's website.

Vulnerable software versions

MELSEC iQ-R EtherNet/IP Network Interface Module: 02

MELSEC iQ-R PROFINET IO Controller Module: 01

MELSEC iQ-R High Speed Data Logger Module: 08

MELSEC iQ-R MES Interface Module: 04

MELSEC iQ-R OPC UA Server Module: 04

External links

http://ics-cert.us-cert.gov/advisories/icsa-20-303-02
http://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Improper Access Control

EUVDB-ID: #VU48075

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-5656

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions. A remote attacker can bypass implemented security restrictions and gain unauthorized access to the application.

This vulnerability affects the following modules of MELSEC iQ-R Series: 

  • EtherNet/IP Network Interface Module, RJ71EIP91: First 2 digits of serial number are 02 or before.
  • PROFINET IO Controller Module, RJ71PN92: First 2 digits of serial number are 01 or before
  • High Speed Data Logger Module,RD81DL96: First 2 digits of serial number are 08 or before
  • MES Interface Module, RD81MES96N: First 2 digits of serial number are 04 or before
  • OPC UA Server Module, RD81OPC96: First 2 digits of serial number are 04 or before 

Mitigation

Install updates from vendor's website.

Vulnerable software versions

MELSEC iQ-R EtherNet/IP Network Interface Module: 02

MELSEC iQ-R PROFINET IO Controller Module: 01

MELSEC iQ-R High Speed Data Logger Module: 08

MELSEC iQ-R MES Interface Module: 04

MELSEC iQ-R OPC UA Server Module: 04

External links

http://ics-cert.us-cert.gov/advisories/icsa-20-303-02
http://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Improper Neutralization of Argument Delimiters in a Command

EUVDB-ID: #VU48076

Risk: Medium

CVSSv3.1: 7.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-5657

CWE-ID: CWE-88 - Improper Neutralization of Argument Delimiters in a Command

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability due to improper neutralization of argument delimiters in a command. A remote attacker on the local network can send a specially crafted packet and cause a denial-of-service condition or execute arbitrary code.

This vulnerability affects the following modules of MELSEC iQ-R Series: 

  • EtherNet/IP Network Interface Module, RJ71EIP91: First 2 digits of serial number are 02 or before.
  • PROFINET IO Controller Module, RJ71PN92: First 2 digits of serial number are 01 or before
  • High Speed Data Logger Module,RD81DL96: First 2 digits of serial number are 08 or before
  • MES Interface Module, RD81MES96N: First 2 digits of serial number are 04 or before
  • OPC UA Server Module, RD81OPC96: First 2 digits of serial number are 04 or before 

Mitigation

Install updates from vendor's website.

Vulnerable software versions

MELSEC iQ-R EtherNet/IP Network Interface Module: 02

MELSEC iQ-R PROFINET IO Controller Module: 01

MELSEC iQ-R High Speed Data Logger Module: 08

MELSEC iQ-R MES Interface Module: 04

MELSEC iQ-R OPC UA Server Module: 04

External links

http://ics-cert.us-cert.gov/advisories/icsa-20-303-02
http://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Resource management error

EUVDB-ID: #VU48077

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-5658

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within the application. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.

This vulnerability affects the following modules of MELSEC iQ-R Series: 

  • EtherNet/IP Network Interface Module, RJ71EIP91: First 2 digits of serial number are 02 or before.
  • PROFINET IO Controller Module, RJ71PN92: First 2 digits of serial number are 01 or before
  • High Speed Data Logger Module,RD81DL96: First 2 digits of serial number are 08 or before
  • MES Interface Module, RD81MES96N: First 2 digits of serial number are 04 or before
  • OPC UA Server Module, RD81OPC96: First 2 digits of serial number are 04 or before 

Mitigation

Install updates from vendor's website.

Vulnerable software versions

MELSEC iQ-R EtherNet/IP Network Interface Module: 02

MELSEC iQ-R PROFINET IO Controller Module: 01

MELSEC iQ-R High Speed Data Logger Module: 08

MELSEC iQ-R MES Interface Module: 04

MELSEC iQ-R OPC UA Server Module: 04

External links

http://ics-cert.us-cert.gov/advisories/icsa-20-303-02
http://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###