CVE-2023-1424
📋 TL;DR
A critical buffer overflow vulnerability in Mitsubishi Electric MELSEC iQ-F and iQ-R Series CPU modules allows remote unauthenticated attackers to execute arbitrary code or cause denial of service. Affected systems are industrial control systems using these specific PLC modules. Successful exploitation requires a system reset for recovery.
💻 Affected Systems
- Mitsubishi Electric MELSEC iQ-F Series CPU modules
- Mitsubishi Electric MELSEC iQ-R Series CPU modules
📦 What is this software?
Melsec Iq Fx5u 32mr\/ds Firmware by Mitsubishielectric
Melsec Iq Fx5u 32mr\/dss Firmware by Mitsubishielectric
Melsec Iq Fx5u 32mr\/es Firmware by Mitsubishielectric
Melsec Iq Fx5u 32mr\/ess Firmware by Mitsubishielectric
Melsec Iq Fx5u 32mt\/ds Firmware by Mitsubishielectric
Melsec Iq Fx5u 32mt\/dss Firmware by Mitsubishielectric
Melsec Iq Fx5u 32mt\/es Firmware by Mitsubishielectric
Melsec Iq Fx5u 32mt\/ess Firmware by Mitsubishielectric
Melsec Iq Fx5u 64mr\/ds Firmware by Mitsubishielectric
Melsec Iq Fx5u 64mr\/dss Firmware by Mitsubishielectric
Melsec Iq Fx5u 64mr\/es Firmware by Mitsubishielectric
Melsec Iq Fx5u 64mr\/ess Firmware by Mitsubishielectric
Melsec Iq Fx5u 64mt\/ds Firmware by Mitsubishielectric
Melsec Iq Fx5u 64mt\/dss Firmware by Mitsubishielectric
Melsec Iq Fx5u 64mt\/es Firmware by Mitsubishielectric
Melsec Iq Fx5u 64mt\/ess Firmware by Mitsubishielectric
Melsec Iq Fx5u 80mr\/ds Firmware by Mitsubishielectric
Melsec Iq Fx5u 80mr\/dss Firmware by Mitsubishielectric
Melsec Iq Fx5u 80mr\/es Firmware by Mitsubishielectric
Melsec Iq Fx5u 80mr\/ess Firmware by Mitsubishielectric
Melsec Iq Fx5u 80mt\/ds Firmware by Mitsubishielectric
Melsec Iq Fx5u 80mt\/dss Firmware by Mitsubishielectric
Melsec Iq Fx5u 80mt\/es Firmware by Mitsubishielectric
Melsec Iq Fx5u 80mt\/ess Firmware by Mitsubishielectric
Melsec Iq Fx5uc 32mr\/dds Firmware by Mitsubishielectric
View all CVEs affecting Melsec Iq Fx5uc 32mr\/dds Firmware →
Melsec Iq Fx5uc 32mr\/ds Firmware by Mitsubishielectric
Melsec Iq Fx5uc 32mr\/ds Ts Firmware by Mitsubishielectric
View all CVEs affecting Melsec Iq Fx5uc 32mr\/ds Ts Firmware →
Melsec Iq Fx5uc 32mt\/dds Firmware by Mitsubishielectric
View all CVEs affecting Melsec Iq Fx5uc 32mt\/dds Firmware →
Melsec Iq Fx5uc 32mt\/ds Firmware by Mitsubishielectric
Melsec Iq Fx5uc 32mt\/ds Ts Firmware by Mitsubishielectric
View all CVEs affecting Melsec Iq Fx5uc 32mt\/ds Ts Firmware →
Melsec Iq Fx5uc 32mt\/dss Ts Firmware by Mitsubishielectric
View all CVEs affecting Melsec Iq Fx5uc 32mt\/dss Ts Firmware →
Melsec Iq Fx5uc 64mr\/dds Firmware by Mitsubishielectric
View all CVEs affecting Melsec Iq Fx5uc 64mr\/dds Firmware →
Melsec Iq Fx5uc 64mr\/ds Firmware by Mitsubishielectric
Melsec Iq Fx5uc 64mt\/dds Firmware by Mitsubishielectric
View all CVEs affecting Melsec Iq Fx5uc 64mt\/dds Firmware →
Melsec Iq Fx5uc 64mt\/ds Firmware by Mitsubishielectric
Melsec Iq Fx5uc 96mr\/dds Firmware by Mitsubishielectric
View all CVEs affecting Melsec Iq Fx5uc 96mr\/dds Firmware →
Melsec Iq Fx5uc 96mr\/ds Firmware by Mitsubishielectric
Melsec Iq Fx5uc 96mt\/dds Firmware by Mitsubishielectric
View all CVEs affecting Melsec Iq Fx5uc 96mt\/dds Firmware →
Melsec Iq Fx5uc 96mt\/ds Firmware by Mitsubishielectric
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution leading to complete system compromise, manipulation of industrial processes, physical damage, or prolonged downtime.
Likely Case
Denial of service causing PLC reboot and production interruption, requiring manual reset and potential process disruption.
If Mitigated
Limited impact if systems are air-gapped, behind firewalls with strict network segmentation, and have network traffic monitoring.
🎯 Exploit Status
The vulnerability description suggests straightforward exploitation via crafted packets, though no public exploit code is confirmed.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check vendor advisory for specific firmware versions
Vendor Advisory: https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-003_en.pdf
Restart Required: Yes
Instructions:
1. Download updated firmware from Mitsubishi Electric support portal. 2. Backup PLC program and configuration. 3. Apply firmware update following vendor instructions. 4. Restart PLC. 5. Restore program and verify operation.
🔧 Temporary Workarounds
Network segmentation and firewall rules
allRestrict network access to PLCs using firewalls to only allow necessary traffic from authorized sources.
Disable unnecessary network services
allDisable any unused network protocols and services on the PLC to reduce attack surface.
🧯 If You Can't Patch
- Implement strict network segmentation to isolate PLCs from untrusted networks
- Deploy intrusion detection systems to monitor for anomalous network traffic to PLCs
🔍 How to Verify
Check if Vulnerable:
Check PLC firmware version against vendor advisory. If using unpatched firmware, system is vulnerable.Check Version:
Use Mitsubishi Electric engineering software (GX Works3) to read PLC firmware versionVerify Fix Applied:
Verify firmware version has been updated to patched version specified in vendor advisory.📡 Detection & Monitoring
Log Indicators:
- PLC reboot events without operator intervention
- Unusual network traffic patterns to PLC ports
Network Indicators:
- Malformed packets sent to PLC network ports
- Traffic from unauthorized sources to PLC
SIEM Query:
source_ip=* AND dest_ip=PLC_IP AND (port=TCP/102 OR port=UDP/102) AND packet_size>normal_threshold🔗 References
- https://jvn.jp/vu/JVNVU94650413
- https://www.cisa.gov/news-events/ics-advisories/icsa-23-143-03
- https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-003_en.pdf
- https://jvn.jp/vu/JVNVU94650413
- https://www.cisa.gov/news-events/ics-advisories/icsa-23-143-03
- https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-003_en.pdf
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1727
