Incorrect Pointer Scaling vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to read arbitrary information from a target product or execute malicious code on a target product by sending a specially crafted packet.
The vulnerability is caused by incorrect pointer scaling (Incorrect Pointer Scaling, CWE-468) in the processing of network packets by CPU modules. An attacker sends a specially crafted network packet that causes the pointer logic to reference incorrect memory areas. As a result, both reading arbitrary data from device memory and executing malicious code in its context are possible.
An attacker can read any information stored in the target CPU module or execute malicious code on it, which may lead to complete takeover of the industrial controller and disruption of production processes.
Patches available from the manufacturer should be applied in accordance with the references (Mitsubishi Electric Security Advisory 2023-024 and CISA advisory ICSA-24-074-14). Additionally, it is recommended to restrict network access to CPU modules only to authorized hosts through the use of firewalls and OT/IT network segmentation.
MELSEC-Q and MELSEC-L series CPU modules from Mitsubishi Electric Corporation β specific firmware versions indicated in the manufacturer's references.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H