csaf_cisa - icsa-24-200-01

icsa-24-200-01

Vulnerability from csaf_cisa

Published

2024-07-18 06:00

Modified

2024-07-18 06:00

Summary

Mitsubishi Electric MELSOFT MaiLab

Notes

Legal Notice

All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.

Risk evaluation

Successful exploitation of this vulnerability could allow a remote attacker to cause a denial-of-service condition in the target product.

Critical infrastructure sectors

Critical Manufacturing

Countries/areas deployed

Worldwide

Company headquarters location

Japan

Recommended Practices

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

Recommended Practices

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Recommended Practices

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Recommended Practices

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.

Recommended Practices

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

Recommended Practices

No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time. This vulnerability has a high attack complexity.

JSON

To clipboard

{
   document: {
      acknowledgments: [
         {
            organization: "Mitsubishi Electric",
            summary: "reporting these vulnerabilities to CISA",
         },
      ],
      category: "csaf_security_advisory",
      csaf_version: "2.0",
      distribution: {
         text: "Disclosure is not limited",
         tlp: {
            label: "WHITE",
            url: "https://us-cert.cisa.gov/tlp/",
         },
      },
      lang: "en-US",
      notes: [
         {
            category: "legal_disclaimer",
            text: "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
            title: "Legal Notice",
         },
         {
            category: "summary",
            text: "Successful exploitation of this vulnerability could allow a remote attacker to cause a denial-of-service condition in the target product.",
            title: "Risk evaluation",
         },
         {
            category: "other",
            text: "Critical Manufacturing",
            title: "Critical infrastructure sectors",
         },
         {
            category: "other",
            text: "Worldwide",
            title: "Countries/areas deployed",
         },
         {
            category: "other",
            text: "Japan",
            title: "Company headquarters location",
         },
         {
            category: "general",
            text: "CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
            title: "Recommended Practices",
         },
         {
            category: "general",
            text: "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
            title: "Recommended Practices",
         },
         {
            category: "general",
            text: "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.",
            title: "Recommended Practices",
         },
         {
            category: "general",
            text: "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
            title: "Recommended Practices",
         },
         {
            category: "general",
            text: "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
            title: "Recommended Practices",
         },
         {
            category: "general",
            text: "No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time. This vulnerability has a high attack complexity.",
            title: "Recommended Practices",
         },
      ],
      publisher: {
         category: "coordinator",
         contact_details: "central@cisa.dhs.gov",
         name: "CISA",
         namespace: "https://www.cisa.gov/",
      },
      references: [
         {
            category: "self",
            summary: "ICS Advisory ICSA-24-200-01 JSON",
            url: "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2024/icsa-24-200-01.json",
         },
         {
            category: "self",
            summary: "ICSA Advisory ICSA-24-200-01 - Web Version",
            url: "https://www.cisa.gov/news-events/ics-advisories/icsa-24-200-01",
         },
         {
            category: "external",
            summary: "Recommended Practices",
            url: "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices",
         },
         {
            category: "external",
            summary: "Recommended Practices",
            url: "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf",
         },
         {
            category: "external",
            summary: "Recommended Practices",
            url: "https://www.cisa.gov/topics/industrial-control-systems",
         },
         {
            category: "external",
            summary: "Recommended Practices",
            url: "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01",
         },
         {
            category: "external",
            summary: "Recommended Practices",
            url: "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf",
         },
         {
            category: "external",
            summary: "Recommended Practices",
            url: "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B",
         },
         {
            category: "external",
            summary: "Recommended Practices",
            url: "https://www.cisa.gov/uscert/sites/default/files/publications/emailscams0905.pdf",
         },
         {
            category: "external",
            summary: "Recommended Practices",
            url: "https://www.cisa.gov/uscert/ncas/tips/ST04-014",
         },
      ],
      title: "Mitsubishi Electric MELSOFT MaiLab",
      tracking: {
         current_release_date: "2024-07-18T06:00:00.000000Z",
         generator: {
            engine: {
               name: "CISA CSAF Generator",
               version: "1.0.0",
            },
         },
         id: "ICSA-24-200-01",
         initial_release_date: "2024-07-18T06:00:00.000000Z",
         revision_history: [
            {
               date: "2024-07-18T06:00:00.000000Z",
               legacy_version: "Initial",
               number: "1",
               summary: "Initial Publication",
            },
         ],
         status: "final",
         version: "1",
      },
   },
   product_tree: {
      branches: [
         {
            branches: [
               {
                  branches: [
                     {
                        category: "product_version_range",
                        name: ">=1.00A|<1.05F",
                        product: {
                           name: "Mitsubishi Electric Corporation MELSOFT MaiLab SW1DND-MAILAB-M: >=1.00A|<1.05F",
                           product_id: "CSAFPID-0001",
                        },
                     },
                  ],
                  category: "product_name",
                  name: "MELSOFT MaiLab SW1DND-MAILAB-M",
               },
               {
                  branches: [
                     {
                        category: "product_version_range",
                        name: ">=1.00A|<1.05F",
                        product: {
                           name: "Mitsubishi Electric Corporation MELSOFT MaiLab SW1DND-MAILABPR-M: >=1.00A|<1.05F",
                           product_id: "CSAFPID-0002",
                        },
                     },
                  ],
                  category: "product_name",
                  name: "MELSOFT MaiLab SW1DND-MAILABPR-M",
               },
            ],
            category: "vendor",
            name: "Mitsubishi Electric Corporation",
         },
      ],
   },
   vulnerabilities: [
      {
         cve: "CVE-2023-4807",
         cwe: {
            id: "CWE-347",
            name: "Improper Verification of Cryptographic Signature",
         },
         notes: [
            {
               category: "summary",
               text: "A denial-of-service vulnerability exists in the OpenSSL library used in MELSOFT MaiLab due to improper verification of cryptographic signature resulting from improper implementation of the POLY1305 message authentication code (MAC).",
               title: "Vulnerability Summary",
            },
         ],
         product_status: {
            known_affected: [
               "CSAFPID-0001",
               "CSAFPID-0002",
            ],
         },
         references: [
            {
               category: "external",
               summary: "web.nvd.nist.gov",
               url: "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4807",
            },
            {
               category: "external",
               summary: "www.first.org",
               url: "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            },
            {
               category: "external",
               summary: "www.first.org",
               url: "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
            },
         ],
         remediations: [
            {
               category: "mitigation",
               details: "Mitsubishi Electric recommends users install the fixed version (ver.1.06G or later) and update the software.  For information about how to install the fixed version, please contact your local Mitsubishi Electric representative.",
               product_ids: [
                  "CSAFPID-0001",
                  "CSAFPID-0002",
               ],
            },
            {
               category: "mitigation",
               details: "Mitsubishi Electric recommends that users take the following mitigations to minimize the risk of exploiting this vulnerability:",
               product_ids: [
                  "CSAFPID-0001",
                  "CSAFPID-0002",
               ],
            },
            {
               category: "mitigation",
               details: "When internet access is required, use a firewall or a virtual private network (VPN) to prevent unauthorized access.",
               product_ids: [
                  "CSAFPID-0001",
                  "CSAFPID-0002",
               ],
            },
            {
               category: "mitigation",
               details: "Use the products within a control system, and protect the network and devices in the control system with a firewall to block access from untrusted networks and hosts.",
               product_ids: [
                  "CSAFPID-0001",
                  "CSAFPID-0002",
               ],
            },
            {
               category: "mitigation",
               details: "Restrict physical access to the PC on which the product is installed and the network to which the PC is connected to prevent unauthorized access.",
               product_ids: [
                  "CSAFPID-0001",
                  "CSAFPID-0002",
               ],
            },
            {
               category: "mitigation",
               details: "Do not click on web links in emails or other messages from untrusted sources. Also, do not open attachments from untrusted emails.",
               product_ids: [
                  "CSAFPID-0001",
                  "CSAFPID-0002",
               ],
            },
            {
               category: "mitigation",
               details: "For specific update instructions and additional details see the Mitsubishi Electric advisory.",
               product_ids: [
                  "CSAFPID-0001",
                  "CSAFPID-0002",
               ],
               url: "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-005_en.pdf",
            },
         ],
         scores: [
            {
               cvss_v3: {
                  baseScore: 5.9,
                  baseSeverity: "MEDIUM",
                  vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  version: "3.1",
               },
               products: [
                  "CSAFPID-0001",
                  "CSAFPID-0002",
               ],
            },
         ],
      },
   ],
}

cve-2023-4807

Vulnerability from cvelistv5

Published

2023-09-08 11:01

Modified

2024-10-14 14:55

Severity ?

Summary

Issue summary: The POLY1305 MAC (message authentication code) implementation contains a bug that might corrupt the internal state of applications on the Windows 64 platform when running on newer X86_64 processors supporting the AVX512-IFMA instructions. Impact summary: If in an application that uses the OpenSSL library an attacker can influence whether the POLY1305 MAC algorithm is used, the application state might be corrupted with various application dependent consequences. The POLY1305 MAC (message authentication code) implementation in OpenSSL does not save the contents of non-volatile XMM registers on Windows 64 platform when calculating the MAC of data larger than 64 bytes. Before returning to the caller all the XMM registers are set to zero rather than restoring their previous content. The vulnerable code is used only on newer x86_64 processors supporting the AVX512-IFMA instructions. The consequences of this kind of internal application state corruption can be various - from no consequences, if the calling application does not depend on the contents of non-volatile XMM registers at all, to the worst consequences, where the attacker could get complete control of the application process. However given the contents of the registers are just zeroized so the attacker cannot put arbitrary values inside, the most likely consequence, if any, would be an incorrect result of some application dependent calculations or a crash leading to a denial of service. The POLY1305 MAC algorithm is most frequently used as part of the CHACHA20-POLY1305 AEAD (authenticated encryption with associated data) algorithm. The most common usage of this AEAD cipher is with TLS protocol versions 1.2 and 1.3 and a malicious client can influence whether this AEAD cipher is used by the server. This implies that server applications using OpenSSL can be potentially impacted. However we are currently not aware of any concrete application that would be affected by this issue therefore we consider this a Low severity security issue. As a workaround the AVX512-IFMA instructions support can be disabled at runtime by setting the environment variable OPENSSL_ia32cap: OPENSSL_ia32cap=:~0x200000 The FIPS provider is not affected by this issue.

References

▼	URL	Tags
	https://www.openssl.org/news/secadv/20230908.txt	vendor-advisory
	https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=4bfac4471f53c4f74c8d81020beb938f92d84ca5	patch
	https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6754de4a121ec7f261b16723180df6592cbb4508	patch
	https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=a632d534c73eeb3e3db8c7540d811194ef7c79ff	patch

Impacted products

	Vendor	Product	Version
	OpenSSL	OpenSSL	Version: 3.1.0 ≤ Version: 3.0.0 ≤ Version: 1.1.1 < 1.1.1w

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T07:38:00.793Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "OpenSSL Advisory",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://www.openssl.org/news/secadv/20230908.txt",
               },
               {
                  name: "3.1.3 git commit",
                  tags: [
                     "patch",
                     "x_transferred",
                  ],
                  url: "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=4bfac4471f53c4f74c8d81020beb938f92d84ca5",
               },
               {
                  name: "3.0.11 git commit",
                  tags: [
                     "patch",
                     "x_transferred",
                  ],
                  url: "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6754de4a121ec7f261b16723180df6592cbb4508",
               },
               {
                  name: "1.1.1w git commit",
                  tags: [
                     "patch",
                     "x_transferred",
                  ],
                  url: "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=a632d534c73eeb3e3db8c7540d811194ef7c79ff",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20230921-0001/",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               defaultStatus: "unaffected",
               product: "OpenSSL",
               vendor: "OpenSSL",
               versions: [
                  {
                     lessThan: "3.1.3",
                     status: "affected",
                     version: "3.1.0",
                     versionType: "semver",
                  },
                  {
                     lessThan: "3.0.11",
                     status: "affected",
                     version: "3.0.0",
                     versionType: "semver",
                  },
                  {
                     lessThan: "1.1.1w",
                     status: "affected",
                     version: "1.1.1",
                     versionType: "custom",
                  },
               ],
            },
         ],
         credits: [
            {
               lang: "en",
               type: "finder",
               user: "00000000-0000-4000-9000-000000000000",
               value: "Zach Wilson",
            },
            {
               lang: "en",
               type: "remediation developer",
               user: "00000000-0000-4000-9000-000000000000",
               value: "Bernd Edlinger",
            },
         ],
         datePublic: "2023-09-08T00:00:00.000Z",
         descriptions: [
            {
               lang: "en",
               supportingMedia: [
                  {
                     base64: false,
                     type: "text/html",
                     value: "Issue summary: The POLY1305 MAC (message authentication code) implementation<br>contains a bug that might corrupt the internal state of applications on the<br>Windows 64 platform when running on newer X86_64 processors supporting the<br>AVX512-IFMA instructions.<br><br>Impact summary: If in an application that uses the OpenSSL library an attacker<br>can influence whether the POLY1305 MAC algorithm is used, the application<br>state might be corrupted with various application dependent consequences.<br><br>The POLY1305 MAC (message authentication code) implementation in OpenSSL does<br>not save the contents of non-volatile XMM registers on Windows 64 platform<br>when calculating the MAC of data larger than 64 bytes. Before returning to<br>the caller all the XMM registers are set to zero rather than restoring their<br>previous content. The vulnerable code is used only on newer x86_64 processors<br>supporting the AVX512-IFMA instructions.<br><br>The consequences of this kind of internal application state corruption can<br>be various - from no consequences, if the calling application does not<br>depend on the contents of non-volatile XMM registers at all, to the worst<br>consequences, where the attacker could get complete control of the application<br>process. However given the contents of the registers are just zeroized so<br>the attacker cannot put arbitrary values inside, the most likely consequence,<br>if any, would be an incorrect result of some application dependent<br>calculations or a crash leading to a denial of service.<br><br>The POLY1305 MAC algorithm is most frequently used as part of the<br>CHACHA20-POLY1305 AEAD (authenticated encryption with associated data)<br>algorithm. The most common usage of this AEAD cipher is with TLS protocol<br>versions 1.2 and 1.3 and a malicious client can influence whether this AEAD<br>cipher is used by the server. This implies that server applications using<br>OpenSSL can be potentially impacted. However we are currently not aware of<br>any concrete application that would be affected by this issue therefore we<br>consider this a Low severity security issue.<br><br>As a workaround the AVX512-IFMA instructions support can be disabled at<br>runtime by setting the environment variable OPENSSL_ia32cap:<br><br>   OPENSSL_ia32cap=:~0x200000<br><br>The FIPS provider is not affected by this issue.",
                  },
               ],
               value: "Issue summary: The POLY1305 MAC (message authentication code) implementation\ncontains a bug that might corrupt the internal state of applications on the\nWindows 64 platform when running on newer X86_64 processors supporting the\nAVX512-IFMA instructions.\n\nImpact summary: If in an application that uses the OpenSSL library an attacker\ncan influence whether the POLY1305 MAC algorithm is used, the application\nstate might be corrupted with various application dependent consequences.\n\nThe POLY1305 MAC (message authentication code) implementation in OpenSSL does\nnot save the contents of non-volatile XMM registers on Windows 64 platform\nwhen calculating the MAC of data larger than 64 bytes. Before returning to\nthe caller all the XMM registers are set to zero rather than restoring their\nprevious content. The vulnerable code is used only on newer x86_64 processors\nsupporting the AVX512-IFMA instructions.\n\nThe consequences of this kind of internal application state corruption can\nbe various - from no consequences, if the calling application does not\ndepend on the contents of non-volatile XMM registers at all, to the worst\nconsequences, where the attacker could get complete control of the application\nprocess. However given the contents of the registers are just zeroized so\nthe attacker cannot put arbitrary values inside, the most likely consequence,\nif any, would be an incorrect result of some application dependent\ncalculations or a crash leading to a denial of service.\n\nThe POLY1305 MAC algorithm is most frequently used as part of the\nCHACHA20-POLY1305 AEAD (authenticated encryption with associated data)\nalgorithm. The most common usage of this AEAD cipher is with TLS protocol\nversions 1.2 and 1.3 and a malicious client can influence whether this AEAD\ncipher is used by the server. This implies that server applications using\nOpenSSL can be potentially impacted. However we are currently not aware of\nany concrete application that would be affected by this issue therefore we\nconsider this a Low severity security issue.\n\nAs a workaround the AVX512-IFMA instructions support can be disabled at\nruntime by setting the environment variable OPENSSL_ia32cap:\n\n   OPENSSL_ia32cap=:~0x200000\n\nThe FIPS provider is not affected by this issue.",
            },
         ],
         metrics: [
            {
               format: "other",
               other: {
                  content: {
                     text: "Low",
                  },
                  type: "https://www.openssl.org/policies/secpolicy.html",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-440",
                     description: "CWE-440 Expected Behavior Violation",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2024-10-14T14:55:50.502Z",
            orgId: "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
            shortName: "openssl",
         },
         references: [
            {
               name: "OpenSSL Advisory",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://www.openssl.org/news/secadv/20230908.txt",
            },
            {
               name: "3.1.3 git commit",
               tags: [
                  "patch",
               ],
               url: "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=4bfac4471f53c4f74c8d81020beb938f92d84ca5",
            },
            {
               name: "3.0.11 git commit",
               tags: [
                  "patch",
               ],
               url: "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6754de4a121ec7f261b16723180df6592cbb4508",
            },
            {
               name: "1.1.1w git commit",
               tags: [
                  "patch",
               ],
               url: "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=a632d534c73eeb3e3db8c7540d811194ef7c79ff",
            },
         ],
         source: {
            discovery: "UNKNOWN",
         },
         title: "POLY1305 MAC implementation corrupts XMM registers on Windows",
         x_generator: {
            engine: "Vulnogram 0.1.0-dev",
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
      assignerShortName: "openssl",
      cveId: "CVE-2023-4807",
      datePublished: "2023-09-08T11:01:53.663Z",
      dateReserved: "2023-09-06T16:32:29.871Z",
      dateUpdated: "2024-10-14T14:55:50.502Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

icsa-24-200-01

Vulnerability from csaf_cisa

cve-2023-4807

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature