Security Researchers Discover Five Bugs Affecting Mitsubishi Safety PLC

Posted on August 6, 2021 at 5:42 PM

Security Researchers Discover Five Bugs Affecting Mitsubishi Safety PLC

Nozomi Network Labs reported that they found five bugs affecting Mitsubishi safely PLCs. According to the researchers, the vulnerability relates to MELSOFT’s communication protocol.

According to the report, the first sets of bugs were disclosed in January 2021 via ICS-CERT. However, the next set was revealed through the same process only recently. However, Mitsubishi has issued advisories for users who want to keep their systems safe. The vendor has advised the users to apply the proposed mitigations as soon as possible.

Patches not yet available for the bugs

The most worrying issue is the fact that patches have not been made available to any of the vulnerabilities. The researchers have also stated that the patches for the vulnerabilities usually take too long and users should not wait for the updates before protecting their systems from possible attacks. Additionally, vendors are required to pass through certain certification processes before they can release patches for the bugs.

And each software update could need a different certification method, depending on the type of regulatory framework and device employed.

The researchers also noted that in their threat intelligence service, they used detection logic for users while waiting for the deployment process and the patch development.

Also, they started exploring more widely known detection methods to share with the ICS security community and asset owners.

Vulnerabilities could infect more than one vendor

The security researchers also noted that the bugs they discovered can be more potent as they can impact more than one vendor.

Although Mitsubishi has provided some mitigation procedures to the vulnerabilities, the researcher has also asked customers to be more vigilant and deploy additional security protocols to protect their systems.

However, the report did not mention all the details of the vulnerability. The action was deliberate for the protection of systems that are still safe and not exploited. The researchers believe that full disclosure of the vulnerability details could arm threat actors with the information they need to exploit customers’ systems.

The research team tried several methods that allowed them to have access to the systems. They discovered that there were some situations where the threat actors carry out a successful authentication and reuse the generated session tokens.

They added that a threat actor with the ability to read a privileged command can reuse the token using a different IP. According to their findings, this instance is possible even if the attackers have a few hours to operate.

Strong protection to the PLC Network required

Several attack scenarios can be possible if some of the identified vulnerabilities are chained together. As a result, it’s important to understand some of these scenarios since a majority of the attacks are carried out by exploiting several bugs to reach the final goal.

After a threat actor succeeds in gaining access to a system, their next move is usually to keep other users out. The idea is to keep the user from using the next available option to shut down the system to prevent further system exposure.

As a suggestion, Nozomi Network Labs stated that the asset owners need to secure the link between the PLC and the engineering workstation. Once that security is guaranteed, it will be difficult for a threat actor to have access to the authenticated packets or MELSOFT authentication in cleartexts. This will go a long way to secure the systems and protect them from exploitation, according to the researchers.

The researchers also advised that customers should provide strong protection to the PLC to prevent a threat actor from having access to actively exchange the authentication packets with the PLC.

Nozomi Networks has also told customers that its threat intelligence unit will keep them informed about any development regarding the vulnerabilities. They said they have to inform customers and users when any new attack is taking place. Even for non-customers, the information will also provide information about the general activities of the threat actors. It will help them adjust their security positions and provide more robust protection for their systems, Nozomi Networks reiterated.

Summary
Security Researchers Discover Five Bugs Affecting Mitsubishi Safety PLC
Article Name
Security Researchers Discover Five Bugs Affecting Mitsubishi Safety PLC
Description
Nozomi Network Labs reported that they found five bugs affecting Mitsubishi safely PLCs. According to the researchers, the vulnerability relates to MELSOFT’s communication protocol.
Author
Publisher Name
Koddos
Publisher Logo

Share this:

Related Stories:

Newsletter

Get the latest stories straight
into your inbox!

YOUTUBE

Discover more from KoDDoS Blog

Subscribe now to keep reading and get access to the full archive.

Continue reading