CVE-2024-0802
📋 TL;DR
This vulnerability in Mitsubishi Electric MELSEC-Q and L Series CPU modules allows remote unauthenticated attackers to read arbitrary data or execute malicious code by sending specially crafted packets. It affects industrial control systems (ICS) used in critical infrastructure, posing severe risks to operational technology environments.
💻 Affected Systems
- Mitsubishi Electric MELSEC-Q Series CPU modules
- Mitsubishi Electric MELSEC-L Series CPU modules
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise leading to unauthorized code execution, data theft, and potential disruption of industrial processes, possibly causing physical damage or safety incidents.
Likely Case
Remote code execution enabling attackers to manipulate PLC logic, steal sensitive operational data, or disrupt manufacturing and control systems.
If Mitigated
Limited impact if systems are isolated behind firewalls and network segmentation, but risk remains if exposed.
🎯 Exploit Status
Exploitation involves sending crafted packets, which is straightforward given the unauthenticated nature and high CVSS score.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check vendor advisory for specific firmware updates.
Vendor Advisory: https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-024_en.pdf
Restart Required: Yes
Instructions:
1. Review the vendor advisory for affected versions. 2. Download and apply the latest firmware update from Mitsubishi Electric. 3. Restart the CPU modules to activate the patch. 4. Verify the update using version checks.
🔧 Temporary Workarounds
Network Segmentation
allIsolate affected PLCs from untrusted networks to block remote access.
Firewall Rules
allImplement strict firewall rules to restrict traffic to necessary ports only.
🧯 If You Can't Patch
- Deploy network-based intrusion detection systems (IDS) to monitor for malicious packets.
- Enforce physical security and access controls to prevent unauthorized network connections.
🔍 How to Verify
Check if Vulnerable:
Check the firmware version on the CPU module against the vendor advisory; if it matches affected versions, it is vulnerable.Check Version:
Use the PLC programming software (e.g., GX Works) to read the CPU module firmware version.Verify Fix Applied:
After patching, confirm the firmware version has been updated to a non-vulnerable release as specified by Mitsubishi Electric.📡 Detection & Monitoring
Log Indicators:
- Unusual network traffic patterns or failed connection attempts to PLC ports.
Network Indicators:
- Anomalous packets targeting the PLC's communication protocols.
SIEM Query:
Example: 'source_ip: external AND dest_port: PLC_port AND protocol: TCP/UDP'🔗 References
- https://jvn.jp/vu/JVNVU99690199/
- https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-14
- https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-024_en.pdf
- https://jvn.jp/vu/JVNVU99690199/
- https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-14
- https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-024_en.pdf
