Flaw Exposes Mitsubishi PLCs to Remote DoS Attacks (SecurityWeek)

Researchers discovered that some programmable logic controllers (PLCs) made by Japanese electrical equipment maker Mitsubishi Electric are affected by a serious denial-of-service (DoS) vulnerability.


The impacted devices are Mitsubishi Electric MELSEC-Q series PLCs, specifically QJ71E71-100 Ethernet interface modules with the serial number 20121 and prior. These PLCs are used worldwide in manufacturing facilities.


Researchers at industrial cybersecurity firm Nozomi Networks discovered that the PLCs are affected by a DoS vulnerability that can be exploited remotely by sending specially crafted TCP packets to the target’s FTP service.


“Successful exploitation of the vulnerability could allow a remote attacker to render the PLC’s state in fault mode, requiring a cold restart for recovering the system and/or doing privilege escalation or execute arbitrary code in the context of the affected system of the workstation engineering software,” Moreno Carullo, Nozomi Networks co-founder and CTO, told SecurityWeek.


Learn More About ICS Flaws at SecurityWeek’s 2019 ICS Cyber Security Conference


While in theory the flaw can be exploited remotely from the internet, Nozomi told SecurityWeek that it has not found any internet-exposed Q-series device using common services such as Shodan, ZoomEye and FOFA Pro.


The flaw is tracked as CVE-2019-10977 and it has been classified as “high severity” with a CVSS score of 7.5. DoS vulnerabilities are known to pose a bigger risk to industrial environments.


Mitsubishi Electric has addressed the vulnerability with the release of firmware version 20122 for the QJ71E71-100 Et ..