CVE-2024-1917
📋 TL;DR
An integer overflow vulnerability in Mitsubishi Electric MELSEC-Q and MELSEC-L Series CPU modules allows remote unauthenticated attackers to execute arbitrary code by sending specially crafted packets. This affects industrial control systems using these programmable logic controllers, potentially compromising critical infrastructure operations.
💻 Affected Systems
- Mitsubishi Electric MELSEC-Q Series CPU modules
- Mitsubishi Electric MELSEC-L Series CPU modules
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise allowing attackers to manipulate industrial processes, cause physical damage, disrupt operations, and potentially endanger human safety in critical infrastructure environments.
Likely Case
Remote code execution leading to unauthorized control of industrial processes, data theft, operational disruption, and lateral movement within OT networks.
If Mitigated
Limited impact if systems are air-gapped, behind firewalls with strict network segmentation, and have proper intrusion detection systems monitoring for anomalous traffic.
🎯 Exploit Status
Remote unauthenticated exploitation via network packets makes this highly dangerous. No public proof-of-concept has been released, but the vulnerability details are public.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Refer to Mitsubishi Electric security advisory for specific firmware versions
Vendor Advisory: https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-024_en.pdf
Restart Required: Yes
Instructions:
1. Download firmware updates from Mitsubishi Electric support portal. 2. Backup current configuration and programs. 3. Apply firmware update following vendor instructions. 4. Restart PLC. 5. Verify firmware version and functionality.
🔧 Temporary Workarounds
Network Segmentation and Firewall Rules
allRestrict network access to PLCs using firewalls and network segmentation
Disable Unnecessary Network Services
allDisable any unnecessary network protocols and services on the PLCs
🧯 If You Can't Patch
- Implement strict network segmentation to isolate PLCs from untrusted networks
- Deploy intrusion detection systems to monitor for anomalous traffic patterns to PLCs
🔍 How to Verify
Check if Vulnerable:
Check firmware version against Mitsubishi Electric's advisory. Systems running affected MELSEC-Q/L Series CPU modules are vulnerable.Check Version:
Use Mitsubishi Electric programming software (GX Works2/GX Works3) to read CPU module firmware versionVerify Fix Applied:
Verify firmware version has been updated to patched version specified in vendor advisory. Test PLC functionality after update.📡 Detection & Monitoring
Log Indicators:
- Unusual network traffic to PLC ports
- Multiple connection attempts to PLC network services
- PLC error logs showing communication anomalies
Network Indicators:
- Malformed packets sent to PLC network ports
- Traffic from unexpected sources to industrial control systems
- Protocol violations in industrial communication
SIEM Query:
source_ip NOT IN (trusted_ips) AND dest_port IN (plc_ports) AND protocol IN (industrial_protocols)🔗 References
- https://jvn.jp/vu/JVNVU99690199/
- https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-14
- https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-024_en.pdf
- https://jvn.jp/vu/JVNVU99690199/
- https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-14
- https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-024_en.pdf
