A high-severity vulnerability exists in multiple Mitsubishi Electric industrial control products that transmits sensitive credential information in cleartext over the network. An attacker on the same network could intercept this information to gain unauthorized control, allowing them to manipulate or halt industrial processes, posing a significant risk to operational continuity and safety.

The vulnerability, identified as Cleartext Transmission of Sensitive Information, exists within the Seamless Message Protocol (SLMP) used by affected Mitsubishi Electric CPU modules. When the device communicates, it transmits credential information without any encryption. An unauthenticated attacker with the ability to monitor network traffic (e.g., through a Man-in-the-Middle position) can capture these unencrypted credentials. Using the captured credentials, the attacker can then authenticate to the device, granting them the ability to read or write device values and stop running programs, effectively seizing control of the industrial controller.

This vulnerability is rated as High severity with a CVSS score of 7.5, reflecting a significant risk to the organization's operational technology (OT) environment. Successful exploitation could lead to direct manipulation of industrial processes, causing production stoppages, equipment damage, or the creation of unsafe physical conditions. The potential consequences include substantial financial losses from downtime, costs associated with equipment repair, and severe risks to employee safety.

Immediate Action: Apply the security updates provided by Mitsubishi Electric to all affected devices immediately. Following the update, closely monitor devices for any signs of exploitation attempts and perform a thorough review of system and network access logs for any unauthorized activity.

Proactive Monitoring: Implement network monitoring focused on SLMP traffic, specifically looking for unusual communication patterns or connection attempts from unauthorized IP addresses. System logs on the affected devices should be monitored for unexpected configuration changes, program halts, or anomalous read/write operations.

Compensating Controls: If immediate patching is not feasible, implement network segmentation to isolate the vulnerable industrial controllers from untrusted networks, including the corporate IT network. Enforce strict access control lists (ACLs) on firewalls and switches to permit SLMP communication only between authorized devices. Consider deploying a VPN or other network-level encryption for traffic between the controller and legitimate management stations.

Public Exploit Available: false

Given the high severity score and the direct threat to critical operational processes, this vulnerability requires immediate attention. The primary recommendation is to apply the vendor-supplied patches to all affected systems on a priority basis. Although this CVE is not currently on the CISA Known Exploited Vulnerabilities (KEV) catalog, its potential for causing significant disruption in an OT environment warrants treating it with the highest urgency. Organizations should also leverage this opportunity to review and enhance their network segmentation strategy to ensure critical control systems are adequately isolated as a fundamental defense-in-depth measure.