Mitsubishi Electric MELSEC WS Series Active Debug Code (CVE-2023-1618)

high Tenable OT Security Plugin ID 501187

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Active Debug Code vulnerability in Mitsubishi Electric Corporation MELSEC WS Series WS0-GETH00200 all versions allows a remote unauthenticated attacker to bypass authentication and illegally log into the affected module by connecting to it via telnet which is hidden function and is enabled by default when shipped from the factory. As a result, a remote attacker with unauthorized login can reset the module, and if certain conditions are met, he/she can disclose or tamper with the module's configuration or rewrite the firmware.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Mitsubishi Electric has released the following versions to fix this vulnerability:

- WS0-GETH00200: Serial numbers 2311**** and later.

For the affected products, Mitsubishi Electric recommends users to take the following mitigation measures:

- Set password for telnet sessions that are difficult for third parties to guess. The password can be up to 15 characters long. Note that "[space]" in the input string represents a single-byte space. Users can change the password for the telnet session of the affected product by using the telnet client and performing:
- Password setting:
- Enter "telnet[space]" followed by the IP address of the affected product and press the Enter key.
- When "Password" is displayed, press the Enter key without entering anything.
- When "telnet>" is displayed, enter "password[space]" followed by the desired password string and press the Enter key.
- Enter "quit" and press the Enter key.
- Confirm the password is set:
- After the Password setting process, enter "telnet[space]" followed by the IP address of the affected product and press the Enter key.
- When "Password" is displayed, enter the password string set in the Password setting process and press the Enter key.
- If "telnet>" is displayed, the password is set correctly.
- Enter "quit" and press the Enter key.

Alternatively, Mitsubishi Electric recommends that users take the following mitigation measures to minimize the risk of exploiting this vulnerability:

- Use a firewall, virtual private network (VPN), etc. to prevent unauthorized access when internet access is required.
- Use product within a local area network (LAN) and use firewalls to block access from untrusted networks and hosts.
- Restrict physical access to prevent untrusted devices from connecting to the LAN.
- For more information, see Mitsubishi Electric’s Security Advisory.

See Also

http://www.nessus.org/u?47ecc2a6

https://www.cisa.gov/news-events/ics-advisories/icsa-23-138-02

https://jvn.jp/vu/JVNVU96063959

Plugin Details

Severity: High

ID: 501187

Version: 1.6

Type: remote

Family: Tenable.ot

Published: 6/12/2023

Updated: 9/4/2024

Supported Sensors: Tenable OT Security

Risk Information

VPR

Risk Factor: Medium

Score: 4.7

CVSS v2

Risk Factor: High

Base Score: 9

Temporal Score: 6.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:C/A:P

CVSS Score Source: CVE-2023-1618

CVSS v3

Risk Factor: High

Base Score: 8.6

Temporal Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:mitsubishielectric:melsec_ws0-geth00200_firmware

Required KB Items: Tenable.ot/Mitsubishi

Exploit Ease: No known exploits are available

Patch Publication Date: 5/19/2023

Vulnerability Publication Date: 5/19/2023

Reference Information

CVE: CVE-2023-1618

CWE: 1188

ICSA: 23-138-02