Security News > 2020 > June > Vulnerability in Mitsubishi Controllers Can Allow Hackers to Disrupt Production

A potentially serious denial-of-service vulnerability affecting some Mitsubishi Electric automation controllers can allow hackers to disrupt the production process in an industrial organization, experts have warned.

The flaw, discovered by a researcher at industrial cybersecurity firm SCADAfence and reported to Mitsubishi in late February, was described by the vendor as an uncontrolled resource consumption issue that allows an attacker to cause the Ethernet port to enter a DoS condition by sending it specially crafted packets, in bursts, over a short period of time.

The vulnerability affects Mitsubishi's MELSEC iQ-R series CPU modules, including R00, R04 and R08, and the RJ71EN71 Ethernet interface module.

The affected products include safety controllers, high-speed motion controllers used in robotics and other motion-oriented applications, and process CPUs that can be used to monitor and control physical processes in sectors such as critical infrastructure and manufacturing.

"This vulnerability is dangerous to industrial environments, because unlike other DoS attacks, it doesn't only crash the network interface controller. We're also talking about crashing the main CPU, which stops the entire production process and loses the current state of operation," Shaked explained.

News URL

http://feedproxy.google.com/~r/Securityweek/~3/FJt73Wj5KdE/vulnerability-mitsubishi-controllers-can-allow-hackers-disrupt-production