CVE-2024-3904
📋 TL;DR
This vulnerability allows local attackers to execute arbitrary code on Mitsubishi Electric MELIPC Series MI5122-VW devices by placing malicious files in a folder with incorrect default permissions. Attackers can compromise the device to steal, modify, or destroy data, or cause denial-of-service conditions. Only organizations using these specific industrial control system devices are affected.
💻 Affected Systems
- Mitsubishi Electric MELIPC Series MI5122-VW with Smart Device Communication Gateway
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete device compromise allowing attackers to disrupt industrial processes, steal sensitive operational data, or cause physical damage through manipulated control systems.
Likely Case
Local privilege escalation leading to unauthorized access to device functions, data exfiltration, or service disruption affecting industrial operations.
If Mitigated
Limited impact if devices are properly segmented, have strict access controls, and are monitored for unauthorized file creation.
🎯 Exploit Status
Exploitation requires local access to the device. The vulnerability is in default permissions, making exploitation straightforward once access is obtained.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Firmware version 08 or later
Vendor Advisory: https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-003_en.pdf
Restart Required: Yes
Instructions:
1. Download firmware version 08 or later from Mitsubishi Electric support portal. 2. Follow vendor's firmware update procedure for MELIPC MI5122-VW devices. 3. Verify successful update and restart device.
🔧 Temporary Workarounds
Restrict local access
allImplement strict physical and logical access controls to prevent unauthorized local access to devices.
Monitor file system changes
allImplement file integrity monitoring on the specific folder mentioned in the advisory.
🧯 If You Can't Patch
- Implement network segmentation to isolate affected devices from critical networks
- Enable strict access controls and audit all local access to devices
🔍 How to Verify
Check if Vulnerable:
Check firmware version on MELIPC MI5122-VW device. If version is between 05 and 07 inclusive, device is vulnerable.Check Version:
Check device firmware version through MELIPC configuration interface or vendor documentationVerify Fix Applied:
Verify firmware version is 08 or later after applying update.📡 Detection & Monitoring
Log Indicators:
- Unauthorized file creation in specific folder paths
- Unexpected process execution from unusual locations
- Failed access attempts to restricted folders
Network Indicators:
- Unusual outbound connections from industrial control devices
- Anomalous traffic patterns from MELIPC devices
SIEM Query:
source="melipc_logs" AND (event="file_creation" AND path="*/vulnerable_folder/*") OR (event="process_execution" AND parent_process="unusual")🔗 References
- https://jvn.jp/vu/JVNVU91215350/index.html
- https://www.cisa.gov/news-events/ics-advisories/icsa-24-191-02
- https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-003_en.pdf
- https://jvn.jp/vu/JVNVU91215350/index.html
- https://www.cisa.gov/news-events/ics-advisories/icsa-24-191-02
- https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-003_en.pdf
