Positive Technologies researcher Anton Dorfman discovered two vulnerabilities in Mitsubishi controllers of the MELSEC iQ-F series. These devices are used in the food and light industries, woodworking, printing houses, water management, shipping, building engineering systems automation and other areas.
Problems were identified in the monoblock compact controllers FX5S, FX5UJ, FX5U, FX5UC of the MELSEC iQ-F series. By exploiting them, an attacker could perform a denial of service attack.
“A remote attacker could cause a denial of service for Mitsubishi controllers by sending specially crafted packets. An attack of this type will negatively affect the production process – it will disrupt it or lead to a long stop. The latter is an unacceptable event for most enterprises: in some cases, a restart can cost a significant amount, ”comments Vladimir Nazarov, Head of the Industrial Control Systems Security Department at Positive Technologies.
The first and more dangerous vulnerability was assigned the identifier CVE-2022-25161 (8.6 points on the CVSS v3.1 scale). Exploitation of this vulnerability allows reading and writing outside of the allowed memory range. Writing random values results in an integer overflow, which causes a device denial of service.
The second vulnerability has the identifier CVE-2022-25162 and is also associated with the risk of a DoS attack, although it is less dangerous (a reboot is not needed to restore the affected controller, the vulnerability does not affect other system components). This issue was rated 5.3 on the CVSS v3.1 scale.
To reduce the risk of exploitation of vulnerabilities, the manufacturer has already issued recommendations, and also introduced a new firmware in which both problems were fixed.