CVE-2023-1285

Name of the Vulnerable Software and Affected Versions Mitsubishi Electric India GC-ENET-COM versions with the first 2 digits of the 11-digit serial number of the unit being "16"

Description The issue is related to a Signal Handler Race Condition that allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition in Ethernet communication. This is achieved by sending a large number of specially crafted packets to any UDP port when the GC-ENET-COM is configured as a Modbus TCP Server. The communication resumes only when the power of the main unit is turned off and on or when the GC-ENET-COM is hot-swapped from the main unit.

Recommendations For Mitsubishi Electric India GC-ENET-COM versions with the first 2 digits of the 11-digit serial number of the unit being "16", as a temporary workaround, consider restricting access to UDP ports when the GC-ENET-COM is configured as a Modbus TCP Server until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.