JVNVU#95424547
Multiple vulnerabilities in TCP/IP function on Mitsubishi Electric MELSEC C Controller Module and MELIPC Series MI5000

Overview

MELSEC C Controller Module and MELIPC Series MI5000 provided by Mitsubishi Electric Corporation have multiple vulnerabilities due to the TCP/IP function (IPnet) of VxWorks, a real-time OS distributed by Wind River.

Products Affected

The following products and serial numbers among MELSEC-Q series, MESEC iQ-R series C Controller Module, and MELIPC series MI5000 are affected.

[MELSEC-Q Series C Controller Module]

• Q24DHCCPU-V, Q24DHCCPU-VG User Ethernet port (CH1, CH2): First 5 digits of serial number are 21121 or before

• R12CCPU-V Ethernet port (CH1, CH2): First 2 digits of serial number are 11 or before
• RD55UP06-V Ethernet port: First 2 digits of serial number are 08 or before

• MI5122-VW Ethernet port (CH1): First 2 digits of serial number are 03 or before, or the firmware version is 03 or before

Description

MELSEC C Controller Module and MELIPC Series MI5000 provided by Mitsubishi Electric Corporation have multiple vulnerabilities due to the vulnerabilities called "URGENT/11" in TCP/IP function (IPnet) of VxWorks, a real-time OS distributed by Wind River.

• Q24DHCCPU-V and Q24DHCCPU-VG
  • Buffer Error (CWE-119) - CVE-2019-12255
  • Buffer Error (CWE-119) - CVE-2019-12257
  • Session Fixation (CWE-384) - CVE-2019-12258
  • NULL Pointer Dereference (CWE-476) - CVE-2019-12259
  • Buffer Error (CWE-119) - CVE-2019-12261
  • Improper Access Control (CWE-284) - CVE-2019-12262
  • Buffer Error (CWE-119) - CVE-2019-12263
  • Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') (CWE-88) - CVE-2019-12264
  • Improper Management of System Resources (CWE-399) - CVE-2019-12265


• R12CCPU-V and RD55UP06-V
  • Buffer Error (CWE-119) - CVE-2019-12256
  • Session Fixation (CWE-384) - CVE-2019-12258
  • NULL Pointer Dereference (CWE-476) - CVE-2019-12259
  • Buffer Error (CWE-119) - CVE-2019-12261
  • Improper Access Control (CWE-284) - CVE-2019-12262
  • Buffer Error (CWE-119) - CVE-2019-12263
  • Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') (CWE-88) - CVE-2019-12264
  • Improper Management of System Resources (CWE-399) - CVE-2019-12265


• MI5122-VW
  • Buffer Error (CWE-119) - CVE-2019-12256
  • Session Fixation (CWE-384) - CVE-2019-12258
  • NULL Pointer Dereference (CWE-476) - CVE-2019-12259
  • Buffer Error (CWE-119) - CVE-2019-12260
  • Buffer Error (CWE-119) - CVE-2019-12261
  • Improper Access Control (CWE-284) - CVE-2019-12262
  • Buffer Error (CWE-119) - CVE-2019-12263
  • Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') (CWE-88) - CVE-2019-12264
  • Improper Management of System Resources (CWE-399) - CVE-2019-12265

Impact

Receiving a TCP packet crafted by a remote attacker may cause a denial of service (DoS) condition or malware being executed.

Solution

Update the Firmware
Apply the appropriate firmware update according to the information provided by the developer.

[MELSEC-Q Series C Controller Module]

• Q24DHCCPU-V, Q24DHCCPU-VG: First 5 digits of serial number are "21122" or later

• R12CCPU-V: First 2 digits of serial number are "12" or later
• RD55UP06-V: First 2 digits of serial number are "09" or later

• MI5122-VW: First 2 digits of serial number are "04" or later, or the firmware version is "04" or later

• Restrict access to the network