Mitsubishi Electric MELSEC iQ-F Series FX5-EIP EtherNet/IP Module Denial-of-Service Vulnerability
Vulnerability
A denial-of-service vulnerability has been identified in the MELSEC iQ-F Series FX5-EIP EtherNet/IP Module, affecting all versions. This vulnerability allows a remote attacker to disrupt the normal functioning of the module by continuously sending UDP packets, which exhausts the receive buffer and causes a DoS condition. Recovery requires a system reset.
Impact
Exploitation of this vulnerability leads to uncontrolled consumption of the receive buffer, causing a denial-of-service condition that requires a system reset for recovery.
Remediation
Users of the MELSEC iQ-F Series FX5-EIP EtherNet/IP Module should await the release of a fixed version, which is scheduled for the near future. In the meantime, apply the mitigations or workarounds described in the 'Mitigations/Workarounds' section of the Mitsubishi Electric vulnerability advisory.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.