Security News > 2020 > August > Hackers Could Target Organizations via Flaws in Mitsubishi Factory Automation Products
High-severity vulnerabilities found by researchers in Mitsubishi Electric factory automation products can be exploited to remotely attack organizations.
According to advisories published last week by the U.S. Cybersecurity and Infrastructure Security Agency, tens of factory automation products from Mitsubishi Electric are affected by three flaws that can be exploited for privilege escalation, arbitrary code execution and DoS attacks.
Mitsubishi has already released patches for many of the impacted products and it has also provided mitigations for the remaining products and for customers who cannot immediately install the patches.
Mashav Sapir, the Claroty researcher who discovered these vulnerabilities, told SecurityWeek that he found the flaws in one of the products, which had been used by a customer, but he applauded Mitsubishi for providing a full list of products that are impacted.
CVE-2020-14496 is a permissions problem, which allows any user to write files to specific directories used by vulnerable products.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-19 | CVE-2020-14496 | Unspecified vulnerability in Mitsubishielectric products Successful exploitation of this vulnerability for multiple Mitsubishi Electric Factory Automation Engineering Software Products of various versions could allow an attacker to escalate privilege and execute malicious programs, which could cause a denial-of-service condition, and allow information to be disclosed, tampered with, and/or destroyed. | 7.5 |