Mitsubishi Electric MELSEC iQ-F/iQ-R Series CPU Module Improper Restriction of Excessive Authentication Attempts (CVE-2023-4625)

medium Tenable OT Security Plugin ID 501931

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Improper Restriction of Excessive Authentication Attempts vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules Web server function allows a remote unauthenticated attacker to prevent legitimate users from logging into the Web server function for a certain period after the attacker has attempted to log in illegally by continuously attempting unauthorized login to the Web server function. The impact of this vulnerability will persist while the attacker continues to attempt unauthorized login.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Mitsubishi Electric recommends that users take the following mitigation measures to minimize the risk:

- Use a firewall or virtual private network (VPN), etc. to prevent unauthorized access when Internet access is required.
- Use within a LAN and block access from untrusted networks and hosts through firewalls.
- Use IP filter function to block access from untrusted hosts. For details on the IP filter function, following manual for each product; "12.1 IP Filter Function" in the MELSEC iQ-F FX5 User's Manual (Ethernet Communication), "1.13 Security" – "IP Filter" in the MELSEC iQ-R Ethernet User's Manual (Application).
- Restrict physical access to the affected products and the LAN that is connected by them.

For additional information refer to Mitsubishi Electric's security bulletin 2023-014_en.

See Also

https://jvn.jp/vu/JVNVU94620134

http://www.nessus.org/u?00b4acf2

https://www.cisa.gov/news-events/ics-advisories/icsa-23-306-02

Plugin Details

Severity: Medium

ID: 501931

Version: 1.4

Type: remote

Family: Tenable.ot

Published: 1/18/2024

Updated: 9/4/2024

Supported Sensors: Tenable OT Security

Risk Information

VPR

Risk Factor: Low

Score: 1.4

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS Score Source: CVE-2023-4625

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Temporal Score: 4.6

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:mitsubishielectric:fx5uc-32mr%2fds-ts_firmware:-, cpe:/o:mitsubishielectric:fx5s-40mr%2fes_firmware:-, cpe:/o:mitsubishielectric:fx5uj-24mt%2fes_firmware:-, cpe:/o:mitsubishielectric:fx5s-30mr%2fes_firmware:-, cpe:/o:mitsubishielectric:fx5uc-32mt%2fd_firmware:-, cpe:/o:mitsubishielectric:fx5u-64mt%2fds_firmware:-, cpe:/o:mitsubishielectric:fx5uj-24mr%2fes-a_firmware:-, cpe:/o:mitsubishielectric:fx5s-60mt%2fes_firmware:-, cpe:/o:mitsubishielectric:fx5uc-64mt%2fdss_firmware:-, cpe:/o:mitsubishielectric:fx5uj-24mt%2fes-a_firmware:-, cpe:/o:mitsubishielectric:fx5u-64mt%2fes_firmware:-, cpe:/o:mitsubishielectric:fx5uj-60mt%2fdss_firmware:-, cpe:/o:mitsubishielectric:fx5uc-96mt%2fd_firmware:-, cpe:/o:mitsubishielectric:fx5uc-96mt%2fdss_firmware:-, cpe:/o:mitsubishielectric:fx5uc-32mt%2fdss-ts_firmware:-, cpe:/o:mitsubishielectric:fx5uj-40mt%2fdss_firmware:-, cpe:/o:mitsubishielectric:fx5uc-64mt%2fd_firmware:-, cpe:/o:mitsubishielectric:fx5uj-24mr%2fes_firmware:-, cpe:/o:mitsubishielectric:fx5s-80mt%2fess_firmware:-, cpe:/o:mitsubishielectric:fx5uj-40mr%2fes_firmware:-, cpe:/o:mitsubishielectric:fx5uj-60mt%2fes-a_firmware:-, cpe:/o:mitsubishielectric:fx5u-32mr%2fes_firmware:-, cpe:/o:mitsubishielectric:fx5s-40mt%2fes_firmware:-, cpe:/o:mitsubishielectric:fx5uj-60mt%2fes_firmware:-, cpe:/o:mitsubishielectric:fx5s-80mr%2fes_firmware:-, cpe:/o:mitsubishielectric:fx5u-80mt%2fes_firmware:-, cpe:/o:mitsubishielectric:fx5u-32mr%2fds_firmware:-, cpe:/o:mitsubishielectric:fx5uj-40mr%2fes-a_firmware:-, cpe:/o:mitsubishielectric:fx5uj-24mt%2fdss_firmware:-, cpe:/o:mitsubishielectric:fx5u-80mr%2fds_firmware:-, cpe:/o:mitsubishielectric:fx5s-30mt%2fess_firmware:-, cpe:/o:mitsubishielectric:fx5uj-60mr%2fes_firmware:-, cpe:/o:mitsubishielectric:fx5s-80mt%2fes_firmware:-, cpe:/o:mitsubishielectric:fx5uj-40mr%2fds_firmware:-, cpe:/o:mitsubishielectric:fx5u-64mt%2fdss_firmware:-, cpe:/o:mitsubishielectric:fx5u-80mt%2fess_firmware:-, cpe:/o:mitsubishielectric:fx5uj-60mt%2fds_firmware:-, cpe:/o:mitsubishielectric:fx5s-60mr%2fes_firmware:-, cpe:/o:mitsubishielectric:fx5uj-24mr%2fds_firmware:-, cpe:/o:mitsubishielectric:fx5uj-24mt%2fess_firmware:-, cpe:/o:mitsubishielectric:fx5uj-24mt%2fds_firmware:-, cpe:/o:mitsubishielectric:fx5u-64mr%2fds_firmware:-, cpe:/o:mitsubishielectric:fx5uj-60mt%2fess_firmware:-, cpe:/o:mitsubishielectric:fx5u-32mt%2fess_firmware:-, cpe:/o:mitsubishielectric:fx5uj-60mr%2fds_firmware:-, cpe:/o:mitsubishielectric:fx5s-30mt%2fes_firmware:-, cpe:/o:mitsubishielectric:fx5u-64mr%2fes_firmware:-, cpe:/o:mitsubishielectric:fx5u-32mt%2fdss_firmware:-, cpe:/o:mitsubishielectric:fx5u-80mt%2fdss_firmware:-, cpe:/o:mitsubishielectric:fx5u-80mt%2fds_firmware:-, cpe:/o:mitsubishielectric:fx5s-40mt%2fess_firmware:-, cpe:/o:mitsubishielectric:fx5u-80mr%2fes_firmware:-, cpe:/o:mitsubishielectric:fx5uc-32mt%2fdss_firmware:-, cpe:/o:mitsubishielectric:fx5uj-40mt%2fess_firmware:-, cpe:/o:mitsubishielectric:fx5uj-60mr%2fes-a_firmware:-, cpe:/o:mitsubishielectric:fx5s-60mt%2fess_firmware:-, cpe:/o:mitsubishielectric:fx5u-32mt%2fes_firmware:-, cpe:/o:mitsubishielectric:fx5uj-40mt%2fds_firmware:-, cpe:/o:mitsubishielectric:fx5uj-40mt%2fes-a_firmware:-, cpe:/o:mitsubishielectric:fx5u-32mt%2fds_firmware:-, cpe:/o:mitsubishielectric:fx5uc-32mt%2fds-ts_firmware:-, cpe:/o:mitsubishielectric:fx5uj-40mt%2fes_firmware:-, cpe:/o:mitsubishielectric:fx5u-64mt%2fess_firmware:-

Required KB Items: Tenable.ot/Mitsubishi

Exploit Ease: No known exploits are available

Patch Publication Date: 11/6/2023

Vulnerability Publication Date: 11/6/2023

Reference Information

CVE: CVE-2023-4625

CWE: 307

ICSA: 23-306-02