Denial of Service vulnerability in MELSEC iQ-F Series FX5-ENET
CVE-2024-8403

7.5HIGH

Key Information:

Vendor
Mitsubishi Electric Corporation
Status
Melsec Iq-f Series Fx5-enet
Melsec Iq-f Series Fx5-enet/ip
Vendor
CVE Published:
19 November 2024

Summary

An input validation flaw exists in the MELSEC iQ-F Series FX5-ENET and FX5-ENET/IP products, which can be exploited to launch a Denial of Service (DoS) attack. By sending specially crafted SLMP packets to the affected devices, a remote attacker can disrupt Ethernet communication, rendering the products inoperable. This vulnerability underscores the importance of robust input validation processes in networked environments, particularly in industrial control systems.

Affected Version(s)

MELSEC iQ-F Series FX5-ENET 1.100 and later

MELSEC iQ-F Series FX5-ENET/IP 1.100 to 1.104

References

https://www.mitsubishielectric.com/en/psirt/vulnerability...
vendor-advisory
https://jvn.jp/vu/JVNVU97790713/
government-resource
https://www.cisa.gov/news-events/ics-advisories/icsa-24-3...
government-resource

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.