CVE-2023-4562

Q: What is the severity of CVE-2023-4562?

CVE-2023-4562 has a CVSS score of 9.1 (CRITICAL). This vulnerability allows remote unauthenticated attackers to read sequence programs from or write malicious programs/data to Mitsubishi Electric MELSEC-F Series main modules without authentication. It affects industrial control systems using these PLC modules, potentially compromising manufacturing, infrastructure, or critical processes.

9.1 CRITICAL

Authentication Bypass

📋 TL;DR

This vulnerability allows remote unauthenticated attackers to read sequence programs from or write malicious programs/data to Mitsubishi Electric MELSEC-F Series main modules without authentication. It affects industrial control systems using these PLC modules, potentially compromising manufacturing, infrastructure, or critical processes.

💻 Affected Systems

Products:

Mitsubishi Electric MELSEC-F Series main modules

Versions: All versions prior to firmware updates

Operating Systems: Embedded PLC firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Affects MELSEC-F Series FX5U, FX5UC, FX5UJ main modules. Requires network connectivity to the PLC.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete takeover of industrial processes, physical damage to equipment, production shutdown, safety system compromise leading to environmental or human harm.

🟠

Likely Case

Unauthorized program modification causing production disruption, data theft of proprietary control logic, or installation of backdoors for future attacks.

🟢

If Mitigated

Limited impact if systems are air-gapped with strict network segmentation and access controls preventing unauthorized network access.

🌐 Internet-Facing: HIGH - Direct internet exposure allows complete remote compromise without authentication.

🏢 Internal Only: HIGH - Even internally, any network-accessible device can be compromised by attackers who gain internal access.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Direct network exploitation without authentication. Attack complexity is low once network access is obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Firmware updates available - check specific module models

Vendor Advisory: https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-012_en.pdf

Restart Required: Yes

Instructions:

1. Download firmware update from Mitsubishi Electric support portal. 2. Backup existing programs. 3. Apply firmware update via programming software. 4. Verify update and restore programs if needed.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate PLCs in separate network segments with strict firewall rules

Access Control Lists

all

Implement IP-based whitelisting for PLC network access

🧯 If You Can't Patch

Implement strict network segmentation and air-gap from untrusted networks
Deploy industrial firewall with deep packet inspection and anomaly detection

🔍 How to Verify

Check if Vulnerable:

Check MELSEC-F Series module firmware version against vendor advisory. If network-accessible and unpatched, assume vulnerable.

Check Version:

Use Mitsubishi Electric programming software (GX Works3) to read PLC firmware version

Verify Fix Applied:

Verify firmware version matches patched versions in vendor advisory. Test network access attempts are properly blocked.

📡 Detection & Monitoring

Log Indicators:

Unauthorized connection attempts to PLC ports
Unexpected program upload/download events
Firmware modification attempts

Network Indicators:

Unusual traffic to MELSEC protocol ports (typically 5006/UDP, 5007/TCP)
Unauthorized IP addresses accessing PLCs
Protocol anomalies in MELSEC communications

SIEM Query:

source_ip NOT IN [authorized_ips] AND (destination_port:5006 OR destination_port:5007) AND protocol:UDP

📊 Metadata

CVE ID: CVE-2023-4562

CVSS v3 Score: 9.1 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE: CWE-287

Published: October 13, 2023

Last Updated: November 21, 2024

🔗 References

https://jvn.jp/vu/JVNVU90509290/ Third Party Advisory
https://www.cisa.gov/news-events/ics-advisories/icsa-23-285-13 Third Party Advisory,US Government Resource
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-012_en.pdf Vendor Advisory
https://jvn.jp/vu/JVNVU90509290/ Third Party Advisory
https://www.cisa.gov/news-events/ics-advisories/icsa-23-285-13 Third Party Advisory,US Government Resource
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-012_en.pdf Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Fx3g 14 Mr\/ds Firmware by Mitsubishielectric

Fx3g 14 Mr\/es Firmware by Mitsubishielectric

Fx3g 14 Mt\/ds Firmware by Mitsubishielectric

Fx3g 14 Mt\/dss Firmware by Mitsubishielectric

Fx3g 14 Mt\/es Firmware by Mitsubishielectric

Fx3g 14 Mt\/ess Firmware by Mitsubishielectric

Fx3g 14mr\/ds Firmware by Mitsubishielectric

Fx3g 14mr\/es A Firmware by Mitsubishielectric

Fx3g 14mr\/es Firmware by Mitsubishielectric

Fx3g 14mt\/ds Firmware by Mitsubishielectric

Fx3g 14mt\/dss Firmware by Mitsubishielectric

Fx3g 14mt\/es A Firmware by Mitsubishielectric

Fx3g 14mt\/es Firmware by Mitsubishielectric

Fx3g 14mt\/ess Firmware by Mitsubishielectric

Fx3g 232adp\( Mb\) Firmware by Mitsubishielectric

Fx3g 24 Mr\/ds Firmware by Mitsubishielectric

Fx3g 24 Mr\/es Firmware by Mitsubishielectric

Fx3g 24 Mt\/ds Firmware by Mitsubishielectric

Fx3g 24 Mt\/dss Firmware by Mitsubishielectric

Fx3g 24 Mt\/es Firmware by Mitsubishielectric

Fx3g 24 Mt\/ess Firmware by Mitsubishielectric

Fx3g 24mr\/ds Firmware by Mitsubishielectric

Fx3g 24mr\/es A Firmware by Mitsubishielectric

Fx3g 24mr\/es Firmware by Mitsubishielectric

Fx3g 24mt\/ds Firmware by Mitsubishielectric

Fx3g 24mt\/dss Firmware by Mitsubishielectric

Fx3g 24mt\/es A Firmware by Mitsubishielectric

Fx3g 24mt\/es Firmware by Mitsubishielectric

Fx3g 24mt\/ess Firmware by Mitsubishielectric

Fx3g 32 Mt\/dss Firmware by Mitsubishielectric

Fx3g 3a Adp Firmware by Mitsubishielectric

Fx3g 40 Mr\/ds Firmware by Mitsubishielectric

Fx3g 40 Mr\/es Firmware by Mitsubishielectric

Fx3g 40 Mt\/ds Firmware by Mitsubishielectric

Fx3g 40 Mt\/dss Firmware by Mitsubishielectric

Fx3g 40 Mt\/es Firmware by Mitsubishielectric

Fx3g 40 Mt\/ess Firmware by Mitsubishielectric

Fx3g 40mr\/ds Firmware by Mitsubishielectric

Fx3g 40mr\/es A Firmware by Mitsubishielectric

Fx3g 40mr\/es Firmware by Mitsubishielectric

Fx3g 40mt\/ds Firmware by Mitsubishielectric

Fx3g 40mt\/dss Firmware by Mitsubishielectric

Fx3g 40mt\/es A Firmware by Mitsubishielectric

Fx3g 40mt\/es Firmware by Mitsubishielectric

Fx3g 40mt\/ess Firmware by Mitsubishielectric

Fx3g 485adp\( Mb\) Firmware by Mitsubishielectric

Fx3g 4ad Adp Firmware by Mitsubishielectric

Fx3g 4ad Pt Adp Firmware by Mitsubishielectric

Fx3g 4ad Ptw Adp Firmware by Mitsubishielectric

Fx3g 4ad Tc Adp Firmware by Mitsubishielectric

Fx3g 4da Adp Firmware by Mitsubishielectric

Fx3g 4da Pnk Adp Firmware by Mitsubishielectric

Fx3g 60 Mr\/ds Firmware by Mitsubishielectric

Fx3g 60 Mr\/es Firmware by Mitsubishielectric

Fx3g 60 Mt\/ds Firmware by Mitsubishielectric

Fx3g 60 Mt\/dss Firmware by Mitsubishielectric

Fx3g 60 Mt\/es Firmware by Mitsubishielectric

Fx3g 60 Mt\/ess Firmware by Mitsubishielectric

Fx3g 60mr\/ds Firmware by Mitsubishielectric

Fx3g 60mr\/es A Firmware by Mitsubishielectric

Fx3g 60mr\/es Firmware by Mitsubishielectric

Fx3g 60mt\/ds Firmware by Mitsubishielectric

Fx3g 60mt\/dss Firmware by Mitsubishielectric

Fx3g 60mt\/es A Firmware by Mitsubishielectric

Fx3g 60mt\/es Firmware by Mitsubishielectric

Fx3g 60mt\/ess Firmware by Mitsubishielectric

Fx3g Cnv Adp Firmware by Mitsubishielectric

Fx3ga 24mr Cm Firmware by Mitsubishielectric

Fx3ga 24mt Cm Firmware by Mitsubishielectric

Fx3ga 40mr Cm Firmware by Mitsubishielectric

Fx3ga 40mt Cm Firmware by Mitsubishielectric

Fx3ga 60mr Cm Firmware by Mitsubishielectric

Fx3ga 60mt Cm Firmware by Mitsubishielectric

Fx3gc 32mt\/d Firmware by Mitsubishielectric

Fx3gc 32mt\/dss Firmware by Mitsubishielectric

Fx3gc Firmware by Mitsubishielectric

Fx3ge 24mr\/ds Firmware by Mitsubishielectric