CVE-2024-8403
📋 TL;DR
A remote attacker can send specially crafted SLMP packets to Mitsubishi Electric MELSEC iQ-F Series FX5-ENET and FX5-ENET/IP devices, causing denial of service in Ethernet communication. This affects industrial control systems using these programmable logic controller communication modules. The vulnerability requires network access to the affected devices.
💻 Affected Systems
- Mitsubishi Electric MELSEC iQ-F Series FX5-ENET
- Mitsubishi Electric MELSEC iQ-F Series FX5-ENET/IP
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete disruption of Ethernet communication on affected PLC modules, halting industrial processes and causing production downtime.
Likely Case
Temporary loss of network connectivity to PLCs, disrupting monitoring and control functions until device restart.
If Mitigated
Limited impact with proper network segmentation and monitoring, allowing quick detection and isolation of attack traffic.
🎯 Exploit Status
Exploitation requires network access to the device but no authentication. SLMP protocol knowledge needed to craft malicious packets.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: FX5-ENET/IP: version 1.105 or later
Vendor Advisory: https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-009_en.pdf
Restart Required: Yes
Instructions:
1. Download firmware update from Mitsubishi Electric website. 2. Connect to device via programming software. 3. Upload new firmware. 4. Restart device.
🔧 Temporary Workarounds
Network Segmentation
allIsolate affected devices in separate network segments with strict firewall rules.
Access Control Lists
allImplement ACLs to restrict SLMP traffic to trusted sources only.
🧯 If You Can't Patch
- Implement strict network segmentation and firewall rules to limit access to affected devices
- Monitor network traffic for anomalous SLMP packets and implement intrusion detection
🔍 How to Verify
Check if Vulnerable:
Check device firmware version via Mitsubishi Electric programming software (GX Works3).Check Version:
Use GX Works3 software to read device information and check firmware version.Verify Fix Applied:
Verify firmware version is updated to patched version and test Ethernet communication functionality.📡 Detection & Monitoring
Log Indicators:
- Unusual SLMP packet patterns
- Ethernet communication errors
- Device restart logs
Network Indicators:
- Malformed SLMP packets
- High volume of SLMP traffic from single source
- TCP/UDP port 5006/5007 anomalies
SIEM Query:
source_port:5006 OR source_port:5007 AND (packet_size:>1500 OR protocol_anomaly:true)