Improper Neutralization of Argument Delimiters in a Command in Mitsubishi Electric Hardware solutions

#VU48076 Improper Neutralization of Argument Delimiters in a Command in Mitsubishi Electric Hardware solutions

Published: 2020-11-02

Vulnerability identifier: #VU48076

Vulnerability risk: Medium

CVSSv3.1: 7.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-5657

CWE-ID: CWE-88

Exploitation vector: Local network

Exploit availability: No

Vulnerable software:
MELSEC iQ-R EtherNet/IP Network Interface Module
Hardware solutions / Firmware
MELSEC iQ-R PROFINET IO Controller Module
Hardware solutions / Firmware
MELSEC iQ-R High Speed Data Logger Module
Hardware solutions / Firmware
MELSEC iQ-R MES Interface Module
Hardware solutions / Firmware
MELSEC iQ-R OPC UA Server Module
Hardware solutions / Firmware

Vendor: Mitsubishi Electric

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability due to improper neutralization of argument delimiters in a command. A remote attacker on the local network can send a specially crafted packet and cause a denial-of-service condition or execute arbitrary code.

This vulnerability affects the following modules of MELSEC iQ-R Series:

EtherNet/IP Network Interface Module, RJ71EIP91: First 2 digits of serial number are 02 or before.
PROFINET IO Controller Module, RJ71PN92: First 2 digits of serial number are 01 or before
High Speed Data Logger Module,RD81DL96: First 2 digits of serial number are 08 or before
MES Interface Module, RD81MES96N: First 2 digits of serial number are 04 or before
OPC UA Server Module, RD81OPC96: First 2 digits of serial number are 04 or before

Mitigation
Install updates from vendor's website.

Vulnerable software versions

MELSEC iQ-R EtherNet/IP Network Interface Module: 02

MELSEC iQ-R PROFINET IO Controller Module: 01

MELSEC iQ-R High Speed Data Logger Module: 08

MELSEC iQ-R MES Interface Module: 04

MELSEC iQ-R OPC UA Server Module: 04

External links
http://ics-cert.us-cert.gov/advisories/icsa-20-303-02
http://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Mitsubishi Electric MELSEC iQ-R