6.4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
9.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
6.7 Medium
AI Score
Confidence
High
0.004 Low
EPSS
Percentile
73.9%
Overly Restrictive Account Lockout Mechanism vulnerability in Mitsubishi Electric MELSEC iQ-R series CPU modules (R08/16/32/120SFCPU all versions, R08/16/32/120PSFCPU all versions) allows a remote unauthenticated attacker to lockout a legitimate user by continuously trying login with incorrect password.
This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information.
#%NASL_MIN_LEVEL 70300
##
# (C) Tenable Network Security, Inc.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(500494);
script_version("1.10");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/25");
script_cve_id("CVE-2021-20598");
script_name(english:"Mitsubishi Electric MELSEC iQ-R Series Overly Restrictive Account Lockout Mechanism (CVE-2021-20598)");
script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
script_set_attribute(attribute:"description", value:
"Overly Restrictive Account Lockout Mechanism vulnerability in Mitsubishi Electric MELSEC iQ-R series CPU modules
(R08/16/32/120SFCPU all versions, R08/16/32/120PSFCPU all versions) allows a remote unauthenticated attacker to lockout
a legitimate user by continuously trying login with incorrect password.
This plugin only works with Tenable.ot. Please
visit https://www.tenable.com/products/tenable-ot for more information.");
script_set_attribute(attribute:"see_also", value:"https://jvn.jp/vu/JVNVU98578731/index.html");
script_set_attribute(attribute:"see_also", value:"https://www.cisa.gov/news-events/ics-advisories/icsa-21-250-01");
# https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-010_en.pdf
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?0ae413cb");
script_set_attribute(attribute:"solution", value:
'The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.
Users of the affected products and versions may take measures through mitigations and workarounds. Mitsubishi Electric
has released the fixed versions for CVE-2021-20594 and CVE-2021-20597 as shown below, but updating the product to the
fixed version is not available.
- MELSEC iQ-R series Safety CPU R08/16/32/120SFCPU:Firmware versions "27" or later
- MELSEC iQ-R series SIL2 Process CPU R08/16/32/120PSFCPU:Firmware versions "12" or later
Mitsubishi Electric recommends users take the following mitigation measures to minimize the risk of exploiting these
vulnerabilities:
- Use a firewall or virtual private network (VPN), etc. to prevent unauthorized access when Internet access is required.
- Use within a LAN and block access from untrusted networks and hosts through firewalls.
- Use the IP filter function to restrict the accessible IP addresses. MELSEC iQ-R Ethernet User\'s Manual (Application)
1.13 Security "IP filter"
- Register user information or change the password via USB. If you have already registered user information or changed
the user\'s password via the network, change the password once via USB. This mitigation is applicable to CVE-2021-20597
Additional information about these vulnerabilities or Mitsubishi Electric\'s compensating control is available by
contacting a Mitsubishi Electric representative.
Users should refer to Mitsubishi Electric advisories 2021-008,2021-009, and 2021-010 for further details.');
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-20598");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(287);
script_set_attribute(attribute:"vuln_publication_date", value:"2021/08/06");
script_set_attribute(attribute:"patch_publication_date", value:"2021/08/06");
script_set_attribute(attribute:"plugin_publication_date", value:"2022/02/07");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:r08sfcpu_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:r16sfcpu_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:r32sfcpu_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:r120sfcpu_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:r08psfcpu_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:r16psfcpu_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:r32psfcpu_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:r120psfcpu_firmware");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Tenable.ot");
script_copyright(english:"This script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("tenable_ot_api_integration.nasl");
script_require_keys("Tenable.ot/Mitsubishi");
exit(0);
}
include('tenable_ot_cve_funcs.inc');
get_kb_item_or_exit('Tenable.ot/Mitsubishi');
var asset = tenable_ot::assets::get(vendor:'Mitsubishi');
var vuln_cpes = {
"cpe:/o:mitsubishielectric:r08sfcpu_firmware" :
{"family" : "MELSECiQR"},
"cpe:/o:mitsubishielectric:r16sfcpu_firmware" :
{"family" : "MELSECiQR"},
"cpe:/o:mitsubishielectric:r32sfcpu_firmware" :
{"family" : "MELSECiQR"},
"cpe:/o:mitsubishielectric:r120sfcpu_firmware" :
{"family" : "MELSECiQR"},
"cpe:/o:mitsubishielectric:r08psfcpu_firmware" :
{"family" : "MELSECiQR"},
"cpe:/o:mitsubishielectric:r16psfcpu_firmware" :
{"family" : "MELSECiQR"},
"cpe:/o:mitsubishielectric:r32psfcpu_firmware" :
{"family" : "MELSECiQR"},
"cpe:/o:mitsubishielectric:r120psfcpu_firmware" :
{"family" : "MELSECiQR"}
};
tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_WARNING);
Vendor | Product | Version | CPE |
---|---|---|---|
mitsubishielectric | r08sfcpu_firmware | cpe:/o:mitsubishielectric:r08sfcpu_firmware | |
mitsubishielectric | r16sfcpu_firmware | cpe:/o:mitsubishielectric:r16sfcpu_firmware | |
mitsubishielectric | r32sfcpu_firmware | cpe:/o:mitsubishielectric:r32sfcpu_firmware | |
mitsubishielectric | r120sfcpu_firmware | cpe:/o:mitsubishielectric:r120sfcpu_firmware | |
mitsubishielectric | r08psfcpu_firmware | cpe:/o:mitsubishielectric:r08psfcpu_firmware | |
mitsubishielectric | r16psfcpu_firmware | cpe:/o:mitsubishielectric:r16psfcpu_firmware | |
mitsubishielectric | r32psfcpu_firmware | cpe:/o:mitsubishielectric:r32psfcpu_firmware | |
mitsubishielectric | r120psfcpu_firmware | cpe:/o:mitsubishielectric:r120psfcpu_firmware |
6.4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
9.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
6.7 Medium
AI Score
Confidence
High
0.004 Low
EPSS
Percentile
73.9%