This week, two vulnerabilities were found in Mitsubishi Electric MELSEC Series Products. The first vulnerability (CVE-2023-1618) is an active debug code vulnerability with a CVSS score of 7.5. The flaw impacts WS0-GETH00200 and is exploitable remotely with a low attack complexity.
According to CISA’s advisory, if this vulnerability is successfully exploited, an attacker can bypass authentication and gain unauthorized access by connecting to the module through telnet. They can then reset the module or, under specific circumstances, manipulate its configuration, disclose sensitive information, or modify the firmware. The vulnerability affects all versions of MELSEC WS Series - WS0-GETH00200.
The second vulnerability (CVE-2023-1424) is a classic buffer overflow vulnerability and has a CVSS score of 10. The vulnerability impacts MELSEC Series CPU modules and is also exploitable remotely with low attack complexity. CISA’s advisory states that the affected MELSEC Series CPU modules contain a vulnerability that arises from copying buffers without proper input size verification. Exploiting the flaw can lead to a denial-of-service condition and allow malicious code execution.
The following MELSEC Series CPU modules are impacted:
If exploited, both vulnerabilities could have a devastating impact on the critical manufacturing industry worldwide. Avertium recommends that you patch or apply the appropriate workarounds/mitigations as soon as possible.
Mitsubishi has released the following workarounds and mitigations for CVE-2023-1618:
Alternatively, Mitsubishi Electric recommends that users take the following mitigation measures to minimize the risk of exploiting this vulnerability:
Mitsubishi has released the following workarounds and mitigations for CVE-2023-1424:
Mitsubishi Electric recommends that users take the following mitigation measures to minimize the risk of exploiting this vulnerability:
INDICATORS OF COMPROMISE (IoCs)
At this time, there are no known IoCs associated with CVE-2023-1618 and CVE-2023-1424. Avertium’s threat hunters remain vigilant in locating IoCs for our customers. Should any be located, Avertium will disclose them as soon as possible. For more information on how Avertium can help protect your organization, please reach out to your Avertium Service Delivery Manager or Account Executive.