Denegació de servei de dispositius Mitsubishi Electric MELSEC iQ-F
01/03/2024
CVE-2023-7033
MITJÀ: (5,3)
CVSS3: 4,6
Els dispositius Mitsubishi Electric MELSEC iQ-F són vulnerables a una denegació de servei, causada per un conjunt de recursos insuficient. En dur a terme un atac TCP SYN Flood, un atacant remot podria explotar aquesta vulnerabilitat per provocar una denegació de servei.
Sistemes Afectats
- Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-32MT/ES all versions
- Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-64MT/ES all versions
- Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-80MT/ES all versions
- Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-32MR/ES all versions
- Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-64MR/ES all versions
- Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-80MR/ES all versions
- Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-32MT/DS all versions
- Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-64MT/DS all versions
- Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-80MT/DS all versions
- Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-32MR/DS all versions
- Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-64MR/DS all versions
- Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-80MR/DS all versions
- Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-32MT/ESS all versions
- Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-64MT/ESS all versions
- Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-80MT/ESS all versions
- Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-32MT/DSS all versions
- Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-64MT/DSS all versions
- Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-80MT/DSS all versions
- Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-32MT/D all versions
- Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-64MT/D all versions
- Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-96MT/D all versions
- Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-32MT/DSS all versions
- Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-64MT/DSS all versions
- Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-96MT/DSS all versions
- Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-32MT/DS-TS all versions
- Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-32MT/DSS-TS all versions
- Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-32MR/DS-TS all versions
- Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-24MT/ES all versions
- Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-40MT/ES all versions
- Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-60MT/ES all versions
- Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-24MR/ES all versions
- Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-40MR/ES all versions
- Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-60MR/ES all versions
- Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-24MT/DS all versions
- Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-40MT/DS all versions
- Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-60MT/DS all versions
- Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-24MR/DS all versions
- Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-40MR/DS all versions
- Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-60MR/DS all versions
- Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-24MT/ESS all versions
- Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-40MT/ESS all versions
- Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-60MT/ESS all versions
- Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-24MT/DSS all versions
- Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-40MT/DSS all versions
- Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-60MT/DSS all versions
- Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-24MT/ES-A all versions
- Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-40MT/ES-A all versions
- Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-60MT/ES-A all versions
- Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-24MR/ES-A all versions
- Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-40MR/ES-A all versions
- Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-60MR/ES-A all versions
- Mitsubishi Electric Corporation MELSEC iQ-F Series FX5S-30MT/ES all versions
- Mitsubishi Electric Corporation MELSEC iQ-F Series FX5S-40MT/ES all versions
- Mitsubishi Electric Corporation MELSEC iQ-F Series FX5S-60MT/ES all versions
- Mitsubishi Electric Corporation MELSEC iQ-F Series FX5S-80MT/ES all versions
- Mitsubishi Electric Corporation MELSEC iQ-F Series FX5S-30MR/ES all versions
- Mitsubishi Electric Corporation MELSEC iQ-F Series FX5S-40MR/ES all versions
- Mitsubishi Electric Corporation MELSEC iQ-F Series FX5S-60MR/ES all versions
- Mitsubishi Electric Corporation MELSEC iQ-F Series FX5S-80MR/ES all versions
- Mitsubishi Electric Corporation MELSEC iQ-F Series FX5S-30MT/ESS all versions
- Mitsubishi Electric Corporation MELSEC iQ-F Series FX5S-40MT/ESS all versions
- Mitsubishi Electric Corporation MELSEC iQ-F Series FX5S-60MT/ESS all versions
- Mitsubishi Electric Corporation MELSEC iQ-F Series FX5S-80MT/ESS all versions
Remediació
Consulteu MITSUBISHI ELECTRIC PSIRT 2023-023_en per obtenir informació sobre el pedaç, l’actualització o la solució alternativa. Vegeu-ne les Referències.
Referències
- Denial-of-Service Vulnerability in Ethernet function of multiple FA products
- Denial of Service (DoS) vulnerability in the Ethernet function of multiple Mitsubishi Electric FA products
- Mitsubishi Electric Multiple Factory Automation Products
- Insufficient Resource Pool vulnerability in Ethernet function of Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules allows a remote attacker to cause a temporary Denial of Service condition for a certain period of time in Ethernet communication of the products by performing TCP SYN Flood attack.
