1. EXECUTIVE SUMMARY
- CVSS v3 7.5
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Mitsubishi Electric India
- Equipment: GC-ENET-COM
- Vulnerability: Signal Handler Race Condition
2. RISK EVALUATION
Successful exploitation of this vulnerability could lead to a communication error and may result in a denial-of-service condition.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
The following versions of Mitsubishi Electric India Ethernet communication Extension unit GC-ENET-COM, are affected:
- Mitsubishi Electric India GC-ENET-COM: Models with the beginning serial number 16XXXXXXXXX.
3.2 VULNERABILITY OVERVIEW
3.2.1 SIGNAL HANDLER RACE CONDITION CWE-364
A vulnerability exists in the Ethernet communication Extension unit (GC-ENET-COM) of GOC35 series due to a signal handler race condition. If a malicious attacker sends a large number of specially crafted packets, communication errors could occur and could result in a denial-of-service condition when GC-ENET-COM is configured as a Modbus TCP Server.
CVE-2023-1285 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
3.3 BACKGROUND
- CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing
- COUNTRIES/AREAS DEPLOYED: Worldwide
- COMPANY HEADQUARTERS LOCATION: India
3.4 RESEARCHER
Faruk Kazi and Parul Sindhwad of COE-CNDS lab, VJTI, Mumbai India, reported these vulnerabilities to Mitsubishi Electric India.
4. MITIGATIONS
Mitsubishi Electric India has released the following countermeasure/mitigation:
- The firmware of Extension unit GC-ENET-COM where the first 2 digits of the 11-digit serial number starting with “17” have been fixed. The firmware update in Extension unit GC-ENET-COM is only available from the vendor. Users should contact a local Mitsubishi Electric India representative.
Mitsubishi Electric India recommends users take the following mitigations to minimize the risk of attackers exploiting this vulnerability if the mentioned countermeasures cannot be implemented.
- Use a firewall, virtual private network (VPN), etc. to prevent unauthorized access when internet access is required.
- Locate control system networks and remote devices behind firewalls and isolate them from the business network to restrict access from untrusted networks and hosts.
- Restrict physical access to your computer and network equipment on the same network.
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
CISA also provides a section for control systems security recommended practices on the ICS webpage at cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.
Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
No known public exploits specifically target this vulnerability.