Thursday, November 19, 2020

1 Advisory Published – 11-19-20

Today the CISA NCCIC-ICS published a control system security advisory for products from Mitsubishi.

Mitsubishi Advisory

This advisory describes an uncontrolled resource consumption vulnerability in the Mitsubishi MELSEC iQ-R series. The vulnerability was reported by Xiaofei.Zhang (of China ICS-CERT according to the Mitsubishi advisory). Mitsubishi has new firmware versions that mitigate the vulnerability. There is no indication that Ziaofei has been provided an opportunity to verify the efficacy of the fix.

NCCIC-ICS reports that a relatively low-skilled attacker could remotely exploit this vulnerability to cause a denial-of-service condition for the affected product.

NOTE 1: This is very similar to an advisory that was published last week. It is easier to understand the differences if you look at the Mitsubishi advisories. Last week’s advisory was for “MELSEC iQ-R Series CPU Modules” and today’s advisory is for “MELSEC iQ-R Series Ethernet Port”. This advisory affects a larger number of products. That explains why different products are affected in the two advisories.

NOTE 2: Something odd about the numbering of today’s advisory; “ICSA-20-324-05”. Typically, the last two digits are the sequence numbers for the day’s advisories, meaning that there should be four other advisories for today. When advisories are held for public release after restricted publication on Homeland Security Information Network (HSIN), they have a sequence number after the publicly published documents so that they do not ‘give away’ the fact that restricted access advisories have been published. So that is not the explanation. Looking at the three-character group before the sequence number we see the Julian day for the advisory. Today is the 324th day of the year. Interestingly, the advisories that were published on Tuesday were also given advisory numbers starting with “ICSA-20-324-”. Apparently, a minor mistake was made on Tuesday. No big thing, I just like pointing out minor bureaucratic quirks.

No comments:

/* Use this with templates/template-twocol.html */