1. EXECUTIVE SUMMARY
- CVSS v4 6.9
- ATTENTION: Exploitable remotely/Low attack complexity
- Vendor: Mitsubishi Electric Corporation
- Equipment: MELSEC iQ-F Series
- Vulnerability: Overly Restrictive Account Lockout Mechanism
2. RISK EVALUATION
Successful exploitation of this vulnerability could result in a denial-of-service condition for legitimate users for a certain period by repeatedly attempting to log in with incorrect passwords. When the product repeatedly receives unauthorized logins from an attacker, legitimate users will be unable to be authenticated until a certain period has passed after the lockout or until the product is reset.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
The following version of MELSEC iQ-F Series is affected:
- FX5U-32MT/ES: All versions
- FX5U-32MT/DS: All versions
- FX5U-32MT/ESS: All versions
- FX5U-32MT/DSS: All versions
- FX5U-32MR/ES: All versions
- FX5U-32MR/DS: All versions
- FX5U-64MT/ES: All versions
- FX5U-64MT/DS: All versions
- FX5U-64MT/ESS: All versions
- FX5U-64MT/DSS: All versions
- FX5U-64MR/ES: All versions
- FX5U-64MR/DS: All versions
- FX5U-80MT/ES: All versions
- FX5U-80MT/DS: All versions
- FX5U-80MT/ESS: All versions
- FX5U-80MT/DSS: All versions
- FX5U-80MR/ES: All versions
- FX5U-80MR/DS: All versions
- FX5UC-32MT/D: All versions
- FX5UC-32MT/DSS: All versions
- FX5UC-64MT/D: All versions
- FX5UC-64MT/DSS: All versions
- FX5UC-96MT/D: All versions
- FX5UC-96MT/DSS: All versions
- FX5UC-32MT/DS-TS: All versions
- FX5UC-32MT/DSS-TS: All versions
- FX5UC-32MR/DS-TS: All versions
- FX5UJ-24MT/ES: All versions
- FX5UJ-24MT/DS: All versions
- FX5UJ-24MT/ESS: All versions
- FX5UJ-24MT/DSS: All versions
- FX5UJ-24MR/ES: All versions
- FX5UJ-24MR/DS: All versions
- FX5UJ-40MT/ES: All versions
- FX5UJ-40MT/DS: All versions
- FX5UJ-40MT/ESS: All versions
- FX5UJ-40MT/DSS: All versions
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.This article has been indexed from All CISA AdvisoriesRead the original article: