SCADA Vulnerabilities & Exposures (SVE)

CRITIFENCE® SCADA Vulnerabilities and Exposures Database (SVE)

[SVE-993247508] Mitsubishi Electric MELSEC-Q Series Ethernet Interface Module Vulnerabilities

Date Type Platform Author EDB-ID CVE-ID OSVDB-ID Download App SIS Signature
2016-12-01OtherMitsubishiVladimir DashchenkoN/ACVE-2016-8370 CVE-2016-8368 N/AN/AN/A

Source

						
							
								
#
# Mitsubishi Electric MELSEC-Q Series Ethernet Interface Module Vulnerabilities
#


### OVERVIEW

Security researcher Vladimir Dashchenko of Critical Infrastructure Defense Team, Kaspersky Lab has identified vulnerabilities in the Mitsubishi Electric Automation, Inc. (Mitsubishi Electric) MELSEC-Q series Ethernet interface modules. NCCIC/ICS-CERT and JPCERT have coordinated the reported vulnerabilities with Mitsubishi Electric. Mitsubishi Electric has created a product revision for newer devices that incorporates a compensating control to reduce the risk of exploitation for one of the identified vulnerabilities.
These vulnerabilities could be exploited remotely.
Exploits that target these vulnerabilities are known to be publicly available.



### AFFECTED PRODUCTS

The following MELSEC-Q series versions are affected:
QJ71E71-100, all versions,
QJ71E71-B5, all versions, and
QJ71E71-B2, all versions.



### IMPACT

Successful exploitation of these vulnerabilities may allow an attacker to intercept weakly encrypted passwords and allow an unauthenticated remote attacker to cause a denial of service on the affected system.
Impact to individual organizations depends on many factors that are unique to each organization. ICS-CERT recommends that organizations evaluate the impact of these vulnerabilities based on their operational environment, architecture, and product implementation.



### BACKGROUND

Mitsubishi Electric is a Japan-based company that maintains offices in several countries around the world.
The affected products, QJ71E71-100, QJ71E71-B5, and QJ71E71-B2, are Ethernet interface modules that connect the MELSEC-Q series programmable controllers to the host network. According to Mitsubishi Electric, the MELSEC-Q series Ethernet interface modules are deployed across several sectors including Commercial Facilities, Critical Manufacturing, and Food and Agriculture. Mitsubishi Electric estimates that these products are used worldwide.



### VULNERABILITY CHARACTERIZATION

# VULNERABILITY OVERVIEW

USE OF A BROKEN OR RISKY CRYPTOGRAPHIC ALGORITHMa
Weakly encrypted passwords are transmitted to a MELSEC-Q PLC.
CVE-2016-8370b has been assigned to this vulnerability. A CVSS v3 base score of 8.6 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N)

UNRESTRICTED EXTERNALLY ACCESSIBLE LOCKd
The affected Ethernet interface module is connected to a MELSEC-Q PLC, which may allow a remote attacker to connect to the PLC via Port 5002/TCP and cause a denial of service, requiring the PLC to be reset to resume operation.
CVE-2016-8368e has been assigned to this vulnerability. A CVSS v3 base score of 8.6 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H)




### VULNERABILITY DETAILS

# EXPLOITABILITY

These vulnerabilities could be exploited remotely.



# EXISTENCE OF EXPLOIT

Exploits that target these vulnerabilities are publicly available.



# DIFFICULTY

An attacker with low skill would be able to exploit these vulnerabilities.



### MITIGATION

Mitsubishi Electric has released a product revision for newer devices with serial numbers 18072 and later to implement IP filtering for the QJ71E71-100, QJ71E71-B5, and QJ71E71-B2 Ethernet interface modules
Mitsubishi Electric reports that the IP filter function improves access prevention from external sources; however, the IP filter function does not completely prevent unauthorized access
Additional measures to encrypt communications pathway are required, such as IPsec
The cryptographic algorithm vulnerability will not be addressed.
Additional information about the vulnerabilities or Mitsubishi Electric's compensating control is available by contacting a local Mitsubishi representative, which can be found at the following location:
https://us.mitsubishielectric.com/fa/en/about-us/distributors


Mitsubishi Electric strongly recommends that users should operate the affected device behind a firewall.