CrowdStrike Update Causes BSOD Issues Globally – Audit Available 🛡️ Learn more

TRY NOW
Vulnerability

Mitsubishi Patches Severe Vulnerability in MELFA SD/SQ and F-series Controllers

2 min. read
30/01/2023
By Laura Libeer
Mitsubishi-Vulnerability-Blog_Image_Base_Featured

⚡ TL;DR | Go Straight to the Mitsubishi Vulnerability Report

The Mitsubishi Electric Corporation has released a firmware update to address a severe vulnerability that affects their robot controllers of the MELFA SD/SQ Series and the MELFA F-Series. An attacker could use the vulnerability to perform an unauthorized telnet login and gain access to the controller.

CVE-2022-33323

The vulnerability tracked as CVE-2022-33323 is an authentication bypass vulnerability and is due to an active debug code in the Mitsubishi Electric MELFA SD/SQ series and F-series controllers for industrial robots. It received a CVSS v3 base score of 7.5. An attacker could use this vulnerability to perform an unauthorized telnet login, which would grant them unauthorized access to a robot controller. You can find all details in Mitsubishi’s advisory.

Update Vulnerable Mitsubishi Robot Controllers

Mitsubishi has provided a list of all affected products and the vulnerable versions, as well as a list of all fixed versions. In order to protect yourself against the vulnerability described above, you should update your firmware to the fixed version as soon as possible. To obtain these, you should contact your local Mitsubishi Electric representative. The firmware version you need depends on your model and controller type. Check Mitsubishi’s advisory for detailed information.

Mitsubishi vulnerability CVE-2022-33323 affected products

Mitsubishi also advises that you take the following mitigation measures to avoid exploitation of the vulnerability:

  • Use a firewall or virtual private network (VPN), etc. to prevent unauthorized access when Internet access is required.
  • Use within a LAN and block access from untrusted networks and hosts through firewalls

Discover Vulnerable Devices

Based on the list of affected models shared by Mitsubishi, our team has created a special Lansweeper report that will provide a list of all devices in your environment that could be affected by this vulnerability. This way you have an actionable list of devices that might require a patch.

NO CREDIT CARD REQUIRED

Ready to get started?
You’ll be up and running in no time.

Explore all our features, free for 14 days.