Today the CISA NCCIC-ICS published a control system security advisory for products from Mitsubishi.
Mitsubishi Advisory
This advisory describes an uncontrolled resource consumption vulnerability in the Mitsubishi MELSEC iQ-R series. The vulnerability was reported by Xiaofei.Zhang (of China ICS-CERT according to the Mitsubishi advisory). Mitsubishi has new firmware versions that mitigate the vulnerability. There is no indication that Ziaofei has been provided an opportunity to verify the efficacy of the fix.
NCCIC-ICS reports that a relatively low-skilled attacker could remotely exploit this vulnerability to cause a denial-of-service condition for the affected product.
NOTE 1: This is very similar to an advisory that was published last week. It is easier to understand the differences if you look at the Mitsubishi advisories. Last week’s advisory was for “MELSEC iQ-R Series CPU Modules” and today’s advisory is for “MELSEC iQ-R Series Ethernet Port”. This advisory affects a larger number of products. That explains why different products are affected in the two advisories.
NOTE 2: Something odd about the numbering of today’s
advisory; “ICSA-20-324-05”. Typically, the last two digits are the sequence
numbers for the day’s advisories, meaning that there should be four other
advisories for today. When advisories are held for public release after restricted
publication on Homeland Security Information Network (HSIN), they have a sequence
number after the publicly published documents so that they do not ‘give away’
the fact that restricted access advisories have been published. So that is not the
explanation. Looking at the three-character group before the sequence number we
see the Julian day for the advisory. Today is the 324th day of the
year. Interestingly, the advisories that were published
on Tuesday were also given advisory numbers starting with “ICSA-20-324-”.
Apparently, a minor mistake was made on Tuesday. No big thing, I just like
pointing out minor bureaucratic quirks.
Posts
No comments:
Post a Comment