Incorrect Pointer Scaling vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by sending a specially crafted packet.
The vulnerability results from incorrect pointer scaling (CWE-468) in the implementation of network packet handling in CPU modules. The attacker sends a specially crafted network packet to the vulnerable device without needing to possess any credentials. Incorrect pointer operations can lead to writing or reading data in unexpected memory locations, which effectively enables arbitrary code execution on the CPU module.
A remote, unauthenticated attacker can execute arbitrary malicious code on a vulnerable CPU module, which in an industrial environment may result in takeover of the technological process, its disruption, or complete shutdown.
Security patches available from the manufacturer should be applied in accordance with the references β detailed update instructions are contained in the Mitsubishi Electric PSIRT guide (2023-024) and CISA advisory ICSA-24-074-14. Additionally, it is recommended to restrict network access to CPU modules through industrial network segmentation and firewall deployment.
CPU modules of the MELSEC-Q and MELSEC-L series from Mitsubishi Electric Corporation β specific versions indicated in manufacturer references (Mitsubishi Electric PSIRT security guide and CISA advisory ICSA-24-074-14).
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H