CVE-2016-8368 Mitsubishielectric CVE debrief

Who should care

Industrial control system owners, OT security teams, and operators of MELSEC-Q PLC environments that use QJ71E71-100, QJ71E71-B5, or QJ71E71-B2 Ethernet interface modules, especially where TCP/5002 is reachable from untrusted networks.

Technical summary

The affected Ethernet interface module is connected to a MELSEC-Q PLC and exposes a remotely reachable service on TCP/5002. According to the NVD description, an unrestricted externally accessible lock can be abused by a remote attacker to cause a denial of service, leaving the PLC unavailable until it is reset. NVD assigns CVSS 3.1 AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H and CWE-662.

Defensive priority

High for OT and manufacturing environments. The vulnerability is remotely reachable, requires no authentication, and can stop PLC operation until manual recovery, so exposure of TCP/5002 should be treated as a priority risk.

Recommended defensive actions

• Identify whether any MELSEC-Q systems use QJ71E71-100, QJ71E71-B5, or QJ71E71-B2 Ethernet interface modules.
• Restrict or block untrusted access to TCP/5002, especially from enterprise or internet-facing networks.
• Segment PLC networks and limit TCP/5002 access to only explicitly authorized hosts.
• Review the linked US-CERT/ICS advisory and vendor references for mitigation guidance and any available remediation options.
• Verify operational recovery procedures for resetting affected PLCs if a denial of service occurs.
• Use asset and network monitoring to detect unexpected connection attempts to TCP/5002.

Evidence notes

The debrief is based on the supplied NVD record and linked official references. Supporting evidence includes the NVD description stating remote access via TCP/5002 can cause a DoS requiring PLC reset; the NVD CVSS 3.1 vector AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H; and the CWE-662 weakness mapping. Reference links include SecurityFocus BID 94632 and US-CERT ICSA-16-336-03.

Official resources