CVE-2023-4562
published 2023-10-13CVE-2023-4562: Improper Authentication vulnerability in Mitsubishi Electric Corporation MELSEC-F Series main modules allows a remote unauthenticated attacker to obtain…
PriorityP262critical9.1CVSS 3.1
AVNACLPRNUINSUCHIHAN
EPSS
0.85%
53.6th percentile
Improper Authentication vulnerability in Mitsubishi Electric Corporation MELSEC-F Series main modules allows a remote unauthenticated attacker to obtain sequence programs from the product or write malicious sequence programs or improper data in the product without authentication by sending illegitimate messages.
Affected
153 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mitsubishi_electric_corporation | melsec-f_series_fx3g-14mr_ds | — | — |
| mitsubishi_electric_corporation | melsec-f_series_fx3g-14mr_es | — | — |
| mitsubishi_electric_corporation | melsec-f_series_fx3g-14mr_es-a | — | — |
| mitsubishi_electric_corporation | melsec-f_series_fx3g-14mt_ds | — | — |
| mitsubishi_electric_corporation | melsec-f_series_fx3g-14mt_dss | — | — |
| mitsubishi_electric_corporation | melsec-f_series_fx3g-14mt_es | — | — |
| mitsubishi_electric_corporation | melsec-f_series_fx3g-14mt_es-a | — | — |
| mitsubishi_electric_corporation | melsec-f_series_fx3g-14mt_ess | — | — |
| mitsubishi_electric_corporation | melsec-f_series_fx3g-24mr_ds | — | — |
| mitsubishi_electric_corporation | melsec-f_series_fx3g-24mr_es | — | — |
| mitsubishi_electric_corporation | melsec-f_series_fx3g-24mr_es-a | — | — |
| mitsubishi_electric_corporation | melsec-f_series_fx3g-24mt_ds | — | — |
| mitsubishi_electric_corporation | melsec-f_series_fx3g-24mt_dss | — | — |
| mitsubishi_electric_corporation | melsec-f_series_fx3g-24mt_es | — | — |
| mitsubishi_electric_corporation | melsec-f_series_fx3g-24mt_es-a | — | — |
| mitsubishi_electric_corporation | melsec-f_series_fx3g-24mt_ess | — | — |
| mitsubishi_electric_corporation | melsec-f_series_fx3g-40mr_ds | — | — |
| mitsubishi_electric_corporation | melsec-f_series_fx3g-40mr_es | — | — |
| mitsubishi_electric_corporation | melsec-f_series_fx3g-40mr_es-a | — | — |
| mitsubishi_electric_corporation | melsec-f_series_fx3g-40mt_ds | — | — |
| mitsubishi_electric_corporation | melsec-f_series_fx3g-40mt_dss | — | — |
| mitsubishi_electric_corporation | melsec-f_series_fx3g-40mt_es | — | — |
| mitsubishi_electric_corporation | melsec-f_series_fx3g-40mt_es-a | — | — |
| mitsubishi_electric_corporation | melsec-f_series_fx3g-40mt_ess | — | — |
| mitsubishi_electric_corporation | melsec-f_series_fx3g-60mr_ds | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Exploit vector is unauthenticated remote network access (AV:N/AC:L/PR:N/UI:N) targeting MELSEC-F Series main modules via illegitimate messages — monitor for unexpected connections to MELSEC-F PLCs, especially read/write sequence program commands from untrusted hosts ↗
- →Exploitation requires the affected PLC to be paired with ethernet adapter FX3U-ENET-ADP or ethernet block FX3U-ENET(-L); detection scope should focus on devices with these ethernet interfaces exposed ↗
- →Attack complexity is Low with no privileges or user interaction required (CVSS 9.1); any unauthenticated host reaching the PLC over the network is a potential attacker — alert on any new or unexpected source IPs communicating with MELSEC-F ethernet modules ↗
- ·Some affected products are sold only in limited regions; global detection deployments should verify regional applicability of asset scope ↗
- ·No known public exploitation has been reported as of the advisory date; detection posture should be preventive/monitoring rather than reactive to active campaigns ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-3728-9cr9-4xwr: Improper Authentication vulnerability in Mitsubishi Electric Corporation MELSEC-F Series main modules allows a remote unauthenticated attacker to obta
ghsa_unreviewed·2023-10-13
CVE-2023-4562 [CRITICAL] CWE-287 GHSA-3728-9cr9-4xwr: Improper Authentication vulnerability in Mitsubishi Electric Corporation MELSEC-F Series main modules allows a remote unauthenticated attacker to obta
Improper Authentication vulnerability in Mitsubishi Electric Corporation MELSEC-F Series main modules allows a remote unauthenticated attacker to obtain sequence programs from the product or write malicious sequence programs or improper data in the product without authentication by sending illegitimate messages.
CISA ICS
Mitsubishi Electric MELSEC-F Series
cisa_ics·2023-10-12
Mitsubishi Electric MELSEC-F Series
ICS Advisory
##
Mitsubishi Electric MELSEC-F Series
Release DateOctober 12, 2023
Alert CodeICSA-23-285-13
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.1
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Mitsubishi Electric Corporation
- Equipment: MELSEC-F Series
- Vulnerability: Improper Authentication
## 2. RISK EVALUATION
Successful exploitation of this vulnerability may allow a remote attacker to obtain sequence programs from the product, write malicious sequence programs, or improper data in the product without authentication.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
Mitsubishi Electric reports that the following versions of MELSEC-F series programmable controllers are affected if they are used with ethernet communication s
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://jvn.jp/vu/JVNVU90509290/https://www.cisa.gov/news-events/ics-advisories/icsa-23-285-13https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-012_en.pdfhttps://jvn.jp/vu/JVNVU90509290/https://www.cisa.gov/news-events/ics-advisories/icsa-23-285-13https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-012_en.pdf
2023-10-13
Published