1. EXECUTIVE SUMMARY
- CVSS v4 6.9
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Mitsubishi Electric
- Equipment: MELSEC iQ-F Series CPU module
- Vulnerability: Missing Authentication for Critical Function
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker to read or write the device values of the product. In addition, the attacker may be able to stop the operation of the programs.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
Mitsubishi Electric reports the following versions of MELSEC iQ-F Series are affected:
- MELSEC iQ-F Series FX5U-32MT/ES: 1.060 and later
- MELSEC iQ-F Series FX5U-32MT/DS: 1.060 and later
- MELSEC iQ-F Series FX5U-32MT/ESS: 1.060 and later
- MELSEC iQ-F Series FX5U-32MT/DSS: 1.060 and later
- MELSEC iQ-F Series FX5U-64MT/ES: 1.060 and later
- MELSEC iQ-F Series FX5U-64MT/DS: 1.060 and later
- MELSEC iQ-F Series FX5U-64MT/ESS: 1.060 and later
- MELSEC iQ-F Series FX5U-64MT/DSS: 1.060 and later
- MELSEC iQ-F Series FX5U-80MT/ES: 1.060 and later
- MELSEC iQ-F Series FX5U-80MT/DS: 1.060 and later
- MELSEC iQ-F Series FX5U-80MT/ESS: 1.060 and later
- MELSEC iQ-F Series FX5U-80MT/DSS: 1.060 and later
- MELSEC iQ-F Series FX5U-32MR/ES: 1.060 and later
- MELSEC iQ-F Series FX5U-32MR/DS: 1.060 and later
- MELSEC iQ-F Series FX5U-64MR/ES: 1.060 and later
- MELSEC iQ-F Series FX5U-64MR/DS: 1.060 and later
- MELSEC iQ-F Series FX5U-80MR/ES: 1.060 and later
- MELSEC iQ-F Series FX5U-80MR/DS: 1.060 and later
- MELSEC iQ-F Series FX5UC-32MT/D: 1.060 and later
- MELSEC iQ-F Series FX5UC-32MT/DSS: 1.060 and later
- MELSEC iQ-F Series FX5UC-64MT/D: 1.060 and later
- MELSEC iQ-F Series FX5UC-64MT/DSS: 1.060 and later
- MELSEC iQ-F Series FX5UC-96MT/D: 1.060 and later
- MELSEC iQ-F Series FX5UC-96MT/DSS: 1.060 and later
- MELSEC iQ-F Series FX5UC-32MT/DS-TS: 1.060 and later
- MELSEC iQ-F Series FX5UC-32MT/DSS-TS: 1.060 and later
- MELSEC iQ-
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.This article has been indexed from All CISA AdvisoriesRead the original article: