Mitsubishi Electric MELSEC-Q Series Improper Length Parameter Handling Vulnerability Leading to Denial-of-Service

A denial-of-service vulnerability has been identified in certain Mitsubishi Electric MELSEC-Q Series CPU modules. This issue arises from improper handling of length parameter inconsistencies, allowing remote attackers to cause integer underflows. The vulnerability is present in the Q03UDVCPU, Q04UDVCPU, Q06UDVCPU, Q13UDVCPU, Q26UDVCPU, Q04UDPVCPU, Q06UDPVCPU, Q13UDPVCPU, and Q26UDPVCPU models, specifically those with serial numbers ranging from '24082' to '27081'. When the user authentication function is enabled, attackers can send specially crafted packets that disrupt Ethernet communication and halt the execution of control programs on the affected CPU units. Recovery from this disruption requires a system reset.

Impact

Exploitation of this vulnerability causes a denial-of-service condition by stopping Ethernet communication and interrupting the execution of control programs on the affected CPU module. A system reset is necessary to restore normal operation.

Remediation

Users are advised to migrate to the MELSEC iQ-R Series, which is not affected by this vulnerability. For those using the Q03/04/06/13/26UDVCPU or Q04/06/13/26UDPVCPU models, the vulnerability can be addressed by updating to a version with a serial number '27082' or later. Additionally, Mitsubishi Electric recommends using firewalls or VPNs to prevent unauthorized access, restricting physical access to affected products, and blocking access from untrusted networks.