Mitsubishi Electric MELSEC iQ-F Series TCP Communication Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in the TCP communication function of the Mitsubishi Electric MELSEC iQ-F Series CPU module. This vulnerability allows remote attackers to disconnect an active connection by sending specially crafted TCP packets, creating a DoS condition on the affected product. Notably, this issue only impacts the connection under attack, with no effects on other active connections.

Impact

Exploitation of this vulnerability leads to a denial-of-service condition, where the targeted TCP connection is abruptly disconnected. To recover from this state, the connection must be manually re-established.

Remediation

Mitsubishi Electric has no plans to release a fixed version for this vulnerability. Instead, the company recommends using a virtual private network (VPN) to encrypt communications when Internet access is necessary, and restricting physical access to the affected products and their connected LAN.