Security News > 2021 > August > Unpatched Security Flaws Expose Mitsubishi Safety PLCs to Remote Attacks

Multiple unpatched security vulnerabilities have been disclosed in Mitsubishi safety programmable logic controllers that could be exploited by an adversary to acquire legitimate user names registered in the module via a brute-force attack, unauthorized login to the CPU module, and even cause a denial-of-service condition.

The security weaknesses, disclosed by Nozomi Networks, concern the implementation of an authentication mechanism in the MELSEC communication protocol that's used to exchange data with the target devices that is used for communication with target devices by reading and writing data to the CPU module.

Anti-password Brute-force Functionality Leads to Overly Restrictive Account Lockout Mechanism - The implementation to thwart brute-force attacks not only blocks a potential attacker from using a single IP address, but it also prohibits any user from any IP address from logging in for a certain timeframe, effectively locking legitimate users out.

Troublingly, some of these flaws can be strung together as part of an exploit chain, permitting an attacker to authenticate themselves with the PLC and tamper with the safety logic, lock users out of the PLC, and worse, change the passwords of registered users, necessitating a physical shutdown of the controller to prevent any further risk.

The researchers refrained from sharing technical specifics of the vulnerabilities or the proof-of-concept code that was developed to demonstrate the attacks due to the possibility that doing so could lead to further abuse.

While Mitsubishi Electric is expected to release a fixed version of the firmware in the "Near future," it has published a series of mitigations that are aimed at protecting the operational environments and stave off a possible attack.

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/D4O5b9sYOww/unpatched-security-flaws-expose.html