Mitsubishi Electric MELSEC iQ-R Series/iQ-F Series Missing Password Field Masking (CVE-2023-2062)

medium Tenable OT Security Plugin ID 501222

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Missing Password Field Masking vulnerability in Mitsubishi Electric Corporation EtherNet/IP configuration tools SW1DNN-EIPCT-BD and SW1DNN-EIPCTFX5-BD allows a remote unauthenticated attacker to know the password for MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP. This vulnerability results in authentication bypass vulnerability, which allows the attacker to access MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP via FTP.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Mitsubishi Electric recommends that users of the affected products take the following actions.:

- RJ71EIP91: Consider replacing to the next generation model, CC-Link IE TSN Plus Master/Local Module RJ71GN11-EIP.
- FX5-ENET/IP: use IP filter function to block access from untrusted hosts. For details on the IP filter function, please refer to the following manual: "12.1 IP Filter Function" in the MELSEC iQ-F FX5 User's Manual (Ethernet Communication).
- SW1DNN-EIPCT-BD: Download and update the fixed version Software version "1.02C" or later
- RJ71EIP91 firmware version "06" or later: FTP function can be disabled in firmware version "06" or later. Except when configuring with the EtherNet/IP Configuration Tool, to prevent unauthorized access from outside, set the connection to "Deny connection" in the EtherNet/IP Configuration Tool Connection Permission Change function and disable the EtherNet/IP module's FTP function of the EtherNet/IP module. However, firmware versions earlier than "06" cannot be updated to version "06" or later. For detailed configuration instructions, please refer to the following manuals: MELSEC iQ-R EtherNet/IP Module User's Manual (Application) "1.3 Ethernet/IP Configuration Tool Connectable Function".

Mitsubishi Electric recommends that customers take the following mitigation measures to minimize the risk of exploiting these vulnerabilities common to RJ71EIP91 and FX5-ENET/IP:

- Use a firewall, virtual private network (VPN), etc. to prevent unauthorized access when Internet access is required.
- Use within a LAN and block access from untrusted networks and hosts through firewalls.
- Restrict physical access to prevent untrusted devices LAN to which the affected product connects.
- Avoid uploading/downloading files directly using FTP, and use the EtherNet/IP configuration tool. Also, do not open the downloaded file with anything other than the EtherNet/IP configuration tool.

Mitsubishi Electric recommends that customers take the following mitigation measures to minimize the risk of exploiting these vulnerabilities common to SW1DNN-EIPCT-BD and SW1DNN-EIPCTFX5-BD:

- Take the above mitigation measures in RJ71EIP91 and FX5-ENET/IP.
- Allow only trusted users to log in or remotely log in.
- Make sure that no one else sneaks a peek at the screen of a user from behind while using the product.
- If you leave your desk while using the product, lock your PC and prevent others from using it.
- Use the PC using the product within a LAN and block access from untrusted networks or hosts.
- Restrict physical access to the PC on which the product is installed as well as the PCs and network devices that can communicate with the product.
- Install antivirus software on the PCs that use the product and on the PCs that can communicate with the product.
- Do not open untrusted files or click on untrusted links

For specific update instructions and additional details see the Mitsubishi Electric advisory.

See Also

http://www.nessus.org/u?6fa8885c

https://jvn.jp/vu/JVNVU92908006

https://www.cisa.gov/news-events/ics-advisories/icsa-23-157-02

Plugin Details

Severity: Medium

ID: 501222

Version: 1.7

Type: remote

Family: Tenable.ot

Published: 6/30/2023

Updated: 11/27/2024

Supported Sensors: Tenable OT Security

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 4.9

Temporal Score: 3.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:N/A:N

CVSS Score Source: CVE-2023-2062

CVSS v3

Risk Factor: Medium

Base Score: 6.2

Temporal Score: 5.4

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:mitsubishielectric:rj71eip91_firmware:-, cpe:/o:mitsubishielectric:fx5-enet%2fip_firmware:-

Required KB Items: Tenable.ot/Mitsubishi

Exploit Ease: No known exploits are available

Patch Publication Date: 6/2/2023

Vulnerability Publication Date: 6/2/2023

Reference Information

CVE: CVE-2023-2062

CWE: 668

ICSA: 23-157-02