Mitsubishi Electric MELSEC and MELIPC Series Improper Handling of Length Parameter Inconsistency (CVE-2021-20610)

high Tenable OT Security Plugin ID 500796

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Improper Handling of Length Parameter Inconsistency vulnerability in Mitsubishi Electric MELSEC iQ-R Series R00/01/02CPU Firmware versions 24 and prior, Mitsubishi Electric MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions 57 and prior, Mitsubishi Electric MELSEC iQ-R Series R08/16/32/120SFCPU Firmware versions 28 and prior, Mitsubishi Electric MELSEC iQ-R Series R08/16/32/120PCPU Firmware versions 29 and prior, Mitsubishi Electric MELSEC iQ-R Series R08/16/32/120PSFCPU Firmware versions 08 and prior, Mitsubishi Electric MELSEC iQ-R Series R16/32/64MTCPU Operating system software version 23 and prior, Mitsubishi Electric MELSEC iQ-R Series R12CCPU-V Firmware versions 16 and prior, Mitsubishi Electric MELSEC Q Series Q03UDECPU The first 5 digits of serial No. 23121 and prior, Mitsubishi Electric MELSEC Q Series Q04/06/10/13/20/26/50/100UDEHCPU The first 5 digits of serial No.
23121 and prior, Mitsubishi Electric MELSEC Q Series Q03/04/06/13/26UDVCPU The first 5 digits of serial No. 23071 and prior, Mitsubishi Electric MELSEC Q Series Q04/06/13/26UDPVCPU The first 5 digits of serial No. 23071 and prior, Mitsubishi Electric MELSEC Q Series Q12DCCPU-V The first 5 digits of serial No. 24031 and prior, Mitsubishi Electric MELSEC Q Series Q24DHCCPU-V(G) The first 5 digits of serial No. 24031 and prior, Mitsubishi Electric MELSEC Q Series Q24/26DHCCPU-LS The first 5 digits of serial No.
24031 and prior, Mitsubishi Electric MELSEC Q Series MR-MQ100 Operating system software version F and prior, Mitsubishi Electric MELSEC Q Series Q172/173DCPU-S1 Operating system software version W and prior, Mitsubishi Electric MELSEC Q Series Q172/173DSCPU All versions, Mitsubishi Electric MELSEC Q Series Q170MCPU Operating system software version W and prior, Mitsubishi Electric MELSEC Q Series Q170MSCPU(-S1) All versions, Mitsubishi Electric MELSEC L Series L02/06/26CPU(-P) The first 5 digits of serial No. 23121 and prior, Mitsubishi Electric MELSEC L Series L26CPU-(P)BT The first 5 digits of serial No. 23121 and prior and Mitsubishi Electric MELIPC Series MI5122-VW Firmware versions 05 and prior allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by sending specially crafted packets. System reset is required for recovery.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Mitsubishi Electric has corrected the vulnerabilities in the following products and intends to do the same with other products.

MELSEC iQ-R Series

- R00/01/02CPU: Firmware Versions 25 or later
- R04/08/16/32/120(EN)CPU: Firmware Versions 58 or later

- R08/16/32/120SFCPU: Firmware Versions 27 or later

- R08/16/32/120PCPU: Firmware Versions 30 or later
- R08/16/32/120PSFCPU: Firmware Versions 09 or later
- R16/32/64MTCPU: Operating system software Version 24 or later
- R12CCPU-V: Firmware Versions 17 or later

MELSEC Q Series

- Q03UDECPU, Q04/06/10/13/20/26/50/100UDEHCPU: The first 5 digits of serial No. 23122 or later
- Q03/04/06/13/26UDVCPU: The first 5 digits of serial No. 23072 or later
- Q04/06/13/26UDPVCPU: The first 5 digits of serial No. 23072 or later
- Q12DCCPU-V, Q24DHCCPU-V(G), Q24/26DHCCPU-LS: The first 5 digits of serial No. 24032 or later
- MR-MQ100: Operating system software version G or later
- Q172/173DCPU-S1: Operating system software version X or later
- Q170MCPU: Operating system software version X or later

MELSEC L Series

- L02/06/26CPU(-P), L26CPU-(P)BT: The first 5 digits of serial No. 23122 or later

MELIPC Series

- MI5122-VW: Firmware Versions 06 or later

Mitsubishi Electric also recommends users take the following mitigation measures to minimize the risk of exploiting these vulnerabilities:

- Use a firewall or virtual private network (VPN), etc. to prevent unauthorized access when Internet access is required.
- Use a LAN and block access from untrusted networks and hosts through firewalls.
- Use the remote password function or IP filter function to block access from untrusted hosts. For details on the remote password function and IP filter function, please refer to the following manual for each product.
- MELSEC iQ-R Ethernet User’s Manual (Application) 1.13 Security "Remote password" "IP filter"
- MELSEC iQ-R Motion Controller Programming Manual (Common) 6.2 Security Function "IP filter"
- MELSEC iQ-R C Controller Module User's Manual (Application) 6.6 Security Function "IP filter"
- QnUCPU User’s Manual (Communication via Built-in Ethernet Port) CHAPTER 10 REMOTE PASSWORD
- MELSEC-L CPU Module User's Manual (Built-In Ethernet Function) CHAPTER 11 REMOTE PASSWORD
- MELIPC MI5000 Series User's Manual (Application) 11.3 IP Filter Function

For specific update instructions and additional details see the Mitsubishi Electric advisory.

See Also

http://www.nessus.org/u?05616bce

https://jvn.jp/vu/JVNVU94434051/index.html

https://us-cert.cisa.gov/ics/advisories/icsa-21-334-02

Plugin Details

Severity: High

ID: 500796

Version: 1.6

Type: remote

Family: Tenable.ot

Published: 2/13/2023

Updated: 9/4/2024

Supported Sensors: Tenable OT Security

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 5.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS Score Source: CVE-2021-20610

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:mitsubishi:melsec_iq-r_r32_sfcpu_firmware, cpe:/o:mitsubishi:melsec_iq-r_r01_cpu_firmware, cpe:/o:mitsubishi:melsec_iq-r_r16_cpu_firmware, cpe:/o:mitsubishi:melsec_q172dscpu_firmware, cpe:/o:mitsubishi:melsec_q170mcpu_firmware, cpe:/o:mitsubishi:melsec_iq-r_r16_pcpu_firmware, cpe:/o:mitsubishi:melsec_q172dcpu-s1_firmware, cpe:/o:mitsubishi:melsec_q100udecpu_firmware, cpe:/o:mitsubishi:melsec_iq-r_r120_pcpu_firmware, cpe:/o:mitsubishi:melsec_q10udecpu_firmware, cpe:/o:mitsubishi:melsec_iq-r_r120_sfcpu_firmware, cpe:/o:mitsubishi:melsec_q13udvcpu_firmware:-, cpe:/o:mitsubishi:melsec_iq-r_r08_sfcpu_firmware, cpe:/o:mitsubishi:melsec_iq-r_r08_cpu_firmware:57, cpe:/o:mitsubishi:melsec_l06cpu%28-p%29_firmware, cpe:/o:mitsubishi:melsec_iq-r_r64_mtcpu_firmware, cpe:/o:mitsubishi:melsec_q26udvcpu_firmware:-, cpe:/o:mitsubishi:melsec_q04udecpu_firmware, cpe:/o:mitsubishi:melsec_q173dcpu-s1_firmware, cpe:/o:mitsubishi:melsec_iq-r_r08_pcpu_firmware, cpe:/o:mitsubishi:melsec_iq-r_r04_pcpu_firmware, cpe:/o:mitsubishi:melsec_q04udvcpu_firmware:-, cpe:/o:mitsubishi:melsec_q24dhccpu-ls_firmware, cpe:/o:mitsubishi:melsec_iq-r_r120_cpu_firmware:57, cpe:/o:mitsubishi:melsec_q06udvcpu_firmware:-, cpe:/o:mitsubishi:melsec_iq-r_r32_pcpu_firmware, cpe:/o:mitsubishi:melsec_l02cpu%28-p%29_firmware, cpe:/o:mitsubishi:melsec_iq-r_r08_cpu_firmware, cpe:/o:mitsubishi:melsec_l26cpu-%28p%29bt_firmware, cpe:/o:mitsubishi:melsec_q50udecpu_firmware, cpe:/o:mitsubishi:melsec_q26dhccpu-ls_firmware:-, cpe:/o:mitsubishi:melsec_q13udecpu_firmware, cpe:/o:mitsubishi:melsec_q13udpvcpu_firmware:-, cpe:/o:mitsubishi:melsec_iq-r_r32_mtcpu_firmware, cpe:/o:mitsubishi:melsec_q06udpvcpu_firmware:-, cpe:/o:mitsubishi:melsec_q26udpvcpu_firmware:-, cpe:/o:mitsubishi:melsec_q04udpvcpu_firmware:-, cpe:/o:mitsubishi:melsec_q06udecpu_firmware, cpe:/o:mitsubishi:melsec_iq-r_r04_cpu_firmware, cpe:/o:mitsubishi:melsec_iq-r_r32_cpu_firmware, cpe:/o:mitsubishi:melsec_iq-r_r16_mtcpu_firmware, cpe:/o:mitsubishi:melsec_iq-r_r16_sfcpu_firmware, cpe:/o:mitsubishi:melsec_l26cpu%28-p%29_firmware, cpe:/o:mitsubishi:melsec_iq-r_r120_cpu_firmware, cpe:/o:mitsubishi:melsec_q20udecpu_firmware, cpe:/o:mitsubishi:melsec_q26udecpu_firmware, cpe:/o:mitsubishi:melsec_iq-r_r12_ccpu-v_firmware, cpe:/o:mitsubishi:melsec_q170mscpu%28-s1%29_firmware, cpe:/o:mitsubishi:melsec_q173dscpu_firmware:-, cpe:/o:mitsubishi:melsec_q03udecpu_firmware, cpe:/o:mitsubishi:melsec_iq-r_r32_cpu_firmware:57, cpe:/o:mitsubishi:melsec_iq-r_r00_cpu_firmware, cpe:/o:mitsubishi:melsec_q03udvcpu_firmware:-, cpe:/o:mitsubishi:melsec_q12dccpu-v_firmware, cpe:/o:mitsubishi:melsec_q24dhccpu-v%28g%29_firmware, cpe:/o:mitsubishi:melsec_iq-r_r02_cpu_firmware, cpe:/o:mitsubishi:melsec_iq-r_r16_cpu_firmware:57

Required KB Items: Tenable.ot/Mitsubishi

Exploit Ease: No known exploits are available

Patch Publication Date: 12/1/2021

Vulnerability Publication Date: 12/1/2021

Reference Information

CVE: CVE-2021-20610

ICSA: 21-334-02